Log Service provides two system policies, including AliyunLogFullAccess that specifies the management permission and AliyunLogReadOnlyAccess that specifies the read-only permission. This topic describes how to attach the AliyunLogReadOnlyAccess policy to RAM users.

Background information

You can also customize permission policies in the Resource Access Management (RAM) console. For more information, see Create a custom policy. You can view examples of permission policies in Use custom policies to grant permissions to a RAM user and Overview.


  1. Log on to the RAM console with your Alibaba Cloud account or as an authorized RAM user.
  2. In the left-side navigation pane, choose Permissions > Grants.
  3. On the Grants page, click Grant Permission.
  4. In the Add Permissions panel, enter the name of the RAM user in the Principal field and select the RAM user from the auto-complete results.
  5. In the Select Policy section, select System Policy and click AliyunLogReadOnlyAccess in the Authorization Policy Name column.
    Note If you want to grant permissions of a custom policy, select Custom Policy.
  6. Click OK.
  7. Click Complete.