All Products
Search

This Product

    Global Accelerator:RAM authorization

    Document Center

    Global Accelerator:RAM authorization

    Last Updated:Apr 28, 2024
    Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM to prevent RAM users from sharing the AccessKey pairs of your Alibaba Cloud account. You can also use RAM to grant minimum permissions to RAM users. RAM uses policies to define permissions.
    This topic describes the elements, such as Action, Resource, and Condition, which are defined by Ga. You can use the elements to create policies in RAM. The code (RamCode) in RAM that is used to indicate Ga is ga. You can grant permissions on Ga at the RESOURCE.

    General structure of a policy

    Policies can be stored as JSON files. The following code provides an example on the general structure of a policy:
    {
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}
    The following list describes the fields in the policy:
    • Effect: specifies the authorization effect. Valid values: Allow, Deny.
    • Action: specifies one or more API operations that are allowed or denied. For more information, see the Action section of this topic.
    • Resource: specifies one or more resources to which the policy applies. You can use an Alibaba Cloud Resource Name (ARN) to specify a resource. For more information, see the Resource section of this topic.
    • Condition: specifies one or more conditions that are required for the policy to take effect. This is an optional field. For more information, see the Condition section of this topic.
      • Condition_operator: specifies the conditional operators. Different types of conditions support different conditional operators. For more information, see Policy elements.
      • Condition_key: specifies the condition keys.
      • Condition_value: specifies the condition values.

    Action

    Ga defines the values that you can use in the Action element of a policy statement. The following table describes the values.
    • Operation: the value that you can use in the Action element to specify the operation on a resource.
    • API operation: the API operation that you can call to perform the operation.
    • Access level: the access level of each operation. The levels are read, write, and list.
    • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
      • The required resource types are displayed in bold characters.
      • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
    • Condition key: the condition keys that are defined by the Alibaba Cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Generic Condition Keyword.
    • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
    ActionsAPI operationAccess levelResource typeCondition keyAssociated operation
    ga:AddEntriesToAclAddEntriesToAclWrite
    Acl
    acs:ga:{#regionId}:{#accountId}:acl/{#aclId}
    		NoneNone
    ga:AssociateAclsWithListenerAssociateAclsWithListenerWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#ListenerId}
    		NoneNone
    ga:AssociateAdditionalCertificatesWithListenerAssociateAdditionalCertificatesWithListenerWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:AttachLogStoreToEndpointGroupAttachLogStoreToEndpointGroupWrite
    All Resources
    *
    		NoneNone
    ga:BandwidthPackageAddAcceleratorBandwidthPackageAddAcceleratorWrite
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:BandwidthPackageRemoveAcceleratorBandwidthPackageRemoveAcceleratorWrite
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:ChangeResourceGroupChangeResourceGroupWrite
    All Resources
    *
    		NoneNone
    ga:CreateAcceleratorCreateAcceleratorWrite
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/*
    		NoneNone
    ga:CreateAclCreateAclWrite
    Acl
    acs:ga:{#regionId}:{#accountId}:acl/*
    		NoneNone
    ga:CreateApplicationMonitorCreateApplicationMonitorWrite
    ApplicationMonitor
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    ApplicationMonitor
    acs:ga:{#regionId}:{#accountId}:sitemonitor/*
    		NoneNone
    ga:CreateBandwidthPackageCreateBandwidthPackageWrite
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/*
    ga:BandwidthPackageType
    		None
    ga:CreateBasicAccelerateIpCreateBasicAccelerateIpWrite
    BasicAccelerateIp
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    BasicAccelerateIp
    acs:ga:{#regionId}:{#accountId}:ipset/*
    		NoneNone
    ga:CreateBasicAccelerateIpEndpointRelationCreateBasicAccelerateIpEndpointRelationWrite
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}
    		NoneNone
    ga:CreateBasicAccelerateIpEndpointRelationsCreateBasicAccelerateIpEndpointRelationsWrite
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:CreateBasicAcceleratorCreateBasicAcceleratorWrite
    BasicAccelerator
    acs:ga:{#regionId}:{#accountId}:ga/*
    		NoneNone
    ga:CreateBasicEndpointCreateBasicEndpointWrite
    BasicEndpoint
    acs:ga:{#regionId}:{#accountId}:basicendpoint/*
    		NoneNone
    ga:CreateBasicEndpointGroupCreateBasicEndpointGroupWrite
    BasicEndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/*
    		NoneNone
    ga:CreateBasicEndpointsCreateBasicEndpointsWrite
    BasicEndpoint
    acs:ga:{#regionId}:{#accountId}:basicendpoint/*
    		NoneNone
    ga:CreateBasicIpSetCreateBasicIpSetWrite
    BasicAccelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}
    BasicIpSet
    acs:ga:{#regionId}:{#accountId}:ipset/*
    		NoneNone
    ga:CreateCustomRoutingEndpointGroupDestinationsCreateCustomRoutingEndpointGroupDestinationsWrite
    All Resources
    *
    		NoneNone
    ga:CreateCustomRoutingEndpointGroupsCreateCustomRoutingEndpointGroupsWrite
    All Resources
    *
    		NoneNone
    ga:CreateCustomRoutingEndpointTrafficPoliciesCreateCustomRoutingEndpointTrafficPoliciesWrite
    CustomRoutingEndpointTrafficPolicy
    acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId}
    		NoneNone
    ga:CreateCustomRoutingEndpointsCreateCustomRoutingEndpointsWrite
    CustomRoutingEndpointGroup
    acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}
    		NoneNone
    ga:CreateDomainCreateDomainWrite
    Domain
    acs:ga:{#regionId}:{#accountId}:ga/*
    		NoneNone
    ga:CreateEndpointGroupCreateEndpointGroupWrite
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/*
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    ga:AcceleratorMainland
    		None
    ga:CreateEndpointGroupsCreateEndpointGroupsWrite
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/*
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    ga:AcceleratorMainland
    		None
    ga:CreateForwardingRulesCreateForwardingRulesWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:CreateIpSetsCreateIpSetsWrite
    IpSet
    acs:ga:{#regionId}:{#accountId}:ipset/*
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    ga:AcceleratorMainland
    		None
    ga:CreateListenerCreateListenerWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/*
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    ga:TLSVersion
    		None
    ga:CreateSpareIpsCreateSpareIpsWrite
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:DeleteAcceleratorDeleteAcceleratorWrite
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:DeleteAclDeleteAclWrite
    Acl
    acs:ga:{#regionId}:{#accountId}:acl/{#aclId}
    		NoneNone
    ga:DeleteBandwidthPackageDeleteBandwidthPackageWrite
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}
    		NoneNone
    ga:DeleteBasicAccelerateIpDeleteBasicAccelerateIpWrite
    BasicAccelerateIp
    acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}
    		NoneNone
    ga:DeleteBasicAccelerateIpEndpointRelationDeleteBasicAccelerateIpEndpointRelationWrite
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}
    		NoneNone
    ga:DeleteBasicAcceleratorDeleteBasicAcceleratorWrite
    BasicAccelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}
    		NoneNone
    ga:DeleteBasicEndpointDeleteBasicEndpointWrite
    BasicEndpoint
    acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}
    		NoneNone
    ga:DeleteBasicEndpointGroupDeleteBasicEndpointGroupWrite
    BasicEndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}
    		NoneNone
    ga:DeleteBasicIpSetDeleteBasicIpSetWrite
    BasicIpSet
    acs:ga:{#regionId}:{#accountId}:ipset/{#BasicIpSetId}
    		NoneNone
    ga:DeleteCustomRoutingEndpointGroupDestinationsDeleteCustomRoutingEndpointGroupDestinationsWrite
    CustomRoutingEndpointGroupDestination
    acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}
    		NoneNone
    ga:DeleteCustomRoutingEndpointGroupsDeleteCustomRoutingEndpointGroupsWrite
    CustomRoutingEndpointGroup
    acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}
    CustomRoutingEndpointGroup
    acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}
    		NoneNone
    ga:DeleteCustomRoutingEndpointTrafficPoliciesDeleteCustomRoutingEndpointTrafficPoliciesWrite
    All Resources
    *
    		NoneNone
    ga:DeleteCustomRoutingEndpointsDeleteCustomRoutingEndpointsWrite
    All Resources
    *
    		NoneNone
    ga:DeleteDomainAcceleratorRelationDeleteDomainAcceleratorRelationWrite
    Domain
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:DeleteEndpointGroupDeleteEndpointGroupWrite
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}
    		NoneNone
    ga:DeleteEndpointGroupsDeleteEndpointGroupsWrite
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}
    		NoneNone
    ga:DeleteForwardingRulesDeleteForwardingRulesWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:DeleteIpSetDeleteIpSetWrite
    IpSet
    acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}
    		NoneNone
    ga:DeleteIpSetsDeleteIpSetsWrite
    IpSet
    acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}
    		NoneNone
    ga:DeleteListenerDeleteListenerWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:DeleteSpareIpsDeleteSpareIpsWrite
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:DescribeAcceleratorDescribeAcceleratorRead
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:DescribeAcceleratorAutoRenewAttributeDescribeAcceleratorAutoRenewAttributeRead
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:DescribeAcceleratorServiceStatusDescribeAcceleratorServiceStatusWrite
    All Resources
    *
    		NoneNone
    ga:DescribeApplicationMonitorDescribeApplicationMonitorRead
    ApplicationMonitor
    acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}
    		NoneNone
    ga:DescribeBandwidthPackageDescribeBandwidthPackageRead
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}
    		NoneNone
    ga:DescribeBandwidthPackageAutoRenewAttributeDescribeBandwidthPackageAutoRenewAttributeRead
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:ga/{#BandwidthPackageId}
    		NoneNone
    ga:DescribeCommodityDescribeCommodityRead
    All Resources
    *
    		NoneNone
    ga:DescribeCommodityPriceDescribeCommodityPriceRead
    All Resources
    *
    		NoneNone
    ga:DescribeCustomRoutingEndPointTrafficPolicyDescribeCustomRoutingEndPointTrafficPolicyRead
    All Resources
    *
    		NoneNone
    ga:DescribeCustomRoutingEndpointDescribeCustomRoutingEndpointRead
    CustomRoutingEndpoint
    acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId}
    		NoneNone
    ga:DescribeCustomRoutingEndpointGroupDescribeCustomRoutingEndpointGroupRead
    CustomRoutingEndpointGroup
    acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}
    		NoneNone
    ga:DescribeCustomRoutingEndpointGroupDestinationsDescribeCustomRoutingEndpointGroupDestinationsRead
    CustomRoutingEndpointGroupDestination
    acs:ga:{#regionId}:{#accountId}:destination/{#DestinationId}
    		NoneNone
    ga:DescribeEndpointGroupDescribeEndpointGroupRead
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}
    		NoneNone
    ga:DescribeIpSetDescribeIpSetRead
    IpSet
    acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}
    		NoneNone
    ga:DescribeListenerDescribeListenerRead
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:DescribeLogStoreOfEndpointGroupDescribeLogStoreOfEndpointGroupRead
    AccessLog
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}
    		NoneNone
    ga:DescribeRegionsDescribeRegionsRead
    All Resources
    *
    		NoneNone
    ga:DetachLogStoreFromEndpointGroupDetachLogStoreFromEndpointGroupWrite
    All Resources
    *
    		NoneNone
    ga:DetectApplicationMonitorDetectApplicationMonitorWrite
    ApplicationMonitor
    acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}
    		NoneNone
    ga:DisableApplicationMonitorDisableApplicationMonitorWrite
    All Resources
    *
    		NoneNone
    ga:DissociateAclsFromListenerDissociateAclsFromListenerWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:DissociateAdditionalCertificatesFromListenerDissociateAdditionalCertificatesFromListenerWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:GetAclGetAclRead
    All Resources
    *
    		NoneNone
    ga:GetBasicAccelerateIpGetBasicAccelerateIpRead
    BasicAccelerateIp
    acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}
    		NoneNone
    ga:GetBasicAccelerateIpEndpointRelationGetBasicAccelerateIpEndpointRelationRead
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}
    BasicAccelerateIp
    acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}
    		NoneNone
    ga:GetBasicAccelerateIpIdleCountGetBasicAccelerateIpIdleCountRead
    All Resources
    *
    		NoneNone
    ga:GetBasicAcceleratorGetBasicAcceleratorRead
    BasicAccelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}
    		NoneNone
    ga:GetBasicEndpointGetBasicEndpointRead
    BasicEndpoint
    acs:ga:{#regionId}:{#accountId}:basicendpoint/{#EndPointId}
    		NoneNone
    ga:GetBasicEndpointGroupGetBasicEndpointGroupRead
    BasicEndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}
    		NoneNone
    ga:GetBasicIpSetGetBasicIpSetRead
    BasicIpSet
    acs:ga:{#regionId}:{#accountId}:ipset/{#BasicIpSetId}
    		NoneNone
    ga:GetHealthStatusGetHealthStatusRead
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:GetInvalidDomainCountGetInvalidDomainCountRead
    Domain
    acs:ga:{#regionId}:{#accountId}:ga/*
    		NoneNone
    ga:GetIpsetsBandwidthLimitGetIpsetsBandwidthLimitRead
    All Resources
    *
    		NoneNone
    ga:GetSpareIpGetSpareIpRead
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:ListAccelerateAreasListAccelerateAreasList
    All Resources
    *
    		NoneNone
    ga:ListAcceleratorsListAcceleratorsList
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/*
    		NoneNone
    ga:ListAclsListAclsList
    Acl
    acs:ga:{#regionId}:{#accountId}:acl/*
    		NoneNone
    ga:ListApplicationMonitorListApplicationMonitorList
    ApplicationMonitor
    acs:ga:{#regionId}:{#accountId}:sitemonitor/*
    		NoneNone
    ga:ListApplicationMonitorDetectResultListApplicationMonitorDetectResultList
    ApplicationMonitor
    acs:ga:{#regionId}:{#accountId}:sitemonitor/*
    		NoneNone
    ga:ListAvailableAccelerateAreasListAvailableAccelerateAreasList
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:ListAvailableBusiRegionsListAvailableBusiRegionsList
    All Resources
    *
    		NoneNone
    ga:ListBandwidthPackagesListBandwidthPackagesList
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/*
    		NoneNone
    ga:ListBandwidthackagesListBandwidthackagesList
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/*
    		NoneNone
    ga:ListBasicAccelerateIpEndpointRelationsListBasicAccelerateIpEndpointRelationsList
    BasicAccelerateIpEndpointRelation
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:ListBasicAccelerateIpsListBasicAccelerateIpsList
    BasicAccelerateIp
    acs:ga:{#regionId}:{#accountId}:ipset/{#IpSetId}
    		NoneNone
    ga:ListBasicAcceleratorsListBasicAcceleratorsList
    BasicAccelerator
    acs:ga:{#regionId}:{#accountId}:ga/*
    		NoneNone
    ga:ListBasicEndpointsListBasicEndpointsList
    All Resources
    *
    		NoneNone
    ga:ListBusiRegionsListBusiRegionsList
    All Resources
    *
    		NoneNone
    ga:ListCommonAreasListCommonAreasList
    All Resources
    *
    		NoneNone
    ga:ListCustomRoutingEndpointGroupDestinationsListCustomRoutingEndpointGroupDestinationsList
    CustomRoutingEndpointGroupDestination
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:ListCustomRoutingEndpointGroupsListCustomRoutingEndpointGroupsList
    CustomRoutingEndpointGroup
    acs:ga:*:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:ListCustomRoutingEndpointTrafficPoliciesListCustomRoutingEndpointTrafficPoliciesList
    CustomRoutingEndpointTrafficPolicy
    acs:ga:*:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:ListCustomRoutingEndpointsListCustomRoutingEndpointsList
    CustomRoutingEndpoint
    acs:ga:*:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:ListCustomRoutingPortMappingsListCustomRoutingPortMappingsList
    CustomRoutingPortMapping
    acs:ga:*:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:ListCustomRoutingPortMappingsByDestinationListCustomRoutingPortMappingsByDestinationList
    CustomRoutingEndpoint
    acs:ga:*:{#accountId}:customroutingendpoint/{#customroutingendpointId}
    		NoneNone
    ga:ListDomainsListDomainsList
    Domain
    acs:ga:{#regionId}:{#accountId}:ga/*
    		NoneNone
    ga:ListEndpointGroupIpAddressCidrBlocksListEndpointGroupIpAddressCidrBlocksRead
    All Resources
    *
    		NoneNone
    ga:ListEndpointGroupsListEndpointGroupsList
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/*
    		NoneNone
    ga:ListForwardingRulesListForwardingRulesList
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:ListIpSetsListIpSetsList
    IpSet
    acs:ga:{#regionId}:{#accountId}:ipset/*
    		NoneNone
    ga:ListIspTypesListIspTypesList
    All Resources
    *
    		NoneNone
    ga:ListListenerCertificatesListListenerCertificatesList
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:ListListenersListListenersList
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/*
    		NoneNone
    ga:ListSpareIpsListSpareIpsList
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:ListSystemSecurityPoliciesListSystemSecurityPoliciesList
    All Resources
    *
    		NoneNone
    ga:ListTagResourcesListTagResourcesList
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/*
    Acl
    acs:ga:{#regionId}:{#accountId}:acl/*
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/*
    BasicAccelerator
    acs:ga:{#regionId}:{#accountId}:ga/*
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/*
    		NoneNone
    ga:OpenAcceleratorServiceOpenAcceleratorServiceWrite
    All Resources
    *
    		NoneNone
    ga:QueryCrossBorderApprovalStatusQueryCrossBorderApprovalStatusRead
    All Resources
    *
    		NoneNone
    ga:RemoveEntriesFromAclRemoveEntriesFromAclWrite
    Acl
    acs:ga:{#regionId}:{#accountId}:acl/{#aclId}
    		NoneNone
    ga:ReplaceBandwidthPackageReplaceBandwidthPackageWrite
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}
    		NoneNone
    ga:TagResourcesTagResourcesWrite
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    Acl
    acs:ga:{#regionId}:{#accountId}:acl/{#aclId}
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthpackageId}
    BasicAccelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#basicGaId}
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#EndpointGroupId}
    		NoneNone
    ga:UntagResourcesUntagResourcesWrite
    All Resources
    *
    		NoneNone
    ga:UpdateAcceleratorUpdateAcceleratorWrite
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:UpdateAcceleratorAutoRenewAttributeUpdateAcceleratorAutoRenewAttributeWrite
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
    		NoneNone
    ga:UpdateAcceleratorConfirmUpdateAcceleratorConfirmWrite
    Accelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}
    		NoneNone
    ga:UpdateAcceleratorCrossBorderModeUpdateAcceleratorCrossBorderModeWrite
    All Resources
    *
    		NoneNone
    ga:UpdateAcceleratorCrossBorderStatusUpdateAcceleratorCrossBorderStatusWrite
    All Resources
    *
    		NoneNone
    ga:UpdateAclAttributeUpdateAclAttributeWrite
    Acl
    acs:ga:{#regionId}:{#accountId}:acl/{#aclId}
    		NoneNone
    ga:UpdateAdditionalCertificateWithListenerUpdateAdditionalCertificateWithListenerWrite
    AdditionalCertificate
    acs:ga:{#regionId}:{#accountId}:listener/{#ListenerId}
    		NoneNone
    ga:UpdateApplicationMonitorUpdateApplicationMonitorWrite
    ApplicationMonitor
    acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}
    		NoneNone
    ga:UpdateBandwidthPackagaAutoRenewAttributeUpdateBandwidthPackagaAutoRenewAttributeWrite
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:ga/{#BandwidthPackageId}
    		NoneNone
    ga:UpdateBandwidthPackageUpdateBandwidthPackageWrite
    BandwidthPackage
    acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}
    		NoneNone
    ga:UpdateBasicAcceleratorUpdateBasicAcceleratorWrite
    BasicAccelerator
    acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}
    		NoneNone
    ga:UpdateBasicEndpointUpdateBasicEndpointWrite
    BasicEndpoint
    acs:ga:{#regionId}:{#accountId}:basicendpoint/{#EndPointId}
    		NoneNone
    ga:UpdateBasicEndpointGroupUpdateBasicEndpointGroupWrite
    BasicEndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}
    		NoneNone
    ga:UpdateBasicIpSetUpdateBasicIpSetWrite
    BasicIpSet
    acs:ga:{#regionId}:{#accountId}:ipset/{#ipsetId}
    		NoneNone
    ga:UpdateCustomRoutingEndpointGroupAttributeUpdateCustomRoutingEndpointGroupAttributeWrite
    CustomRoutingEndpointGroup
    acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}
    		NoneNone
    ga:UpdateCustomRoutingEndpointGroupDestinationsUpdateCustomRoutingEndpointGroupDestinationsWrite
    CustomRoutingEndpointGroupDestination
    acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}
    		NoneNone
    ga:UpdateCustomRoutingEndpointTrafficPoliciesUpdateCustomRoutingEndpointTrafficPoliciesWrite
    CustomRoutingEndpointTrafficPolicy
    acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointTrafficPolicyId}
    		NoneNone
    ga:UpdateCustomRoutingEndpointsUpdateCustomRoutingEndpointsWrite
    All Resources
    *
    		NoneNone
    ga:UpdateDomainUpdateDomainWrite
    All Resources
    *
    		NoneNone
    ga:UpdateDomainStateUpdateDomainStateWrite
    Domain
    acs:ga:{#regionId}:{#accountId}:ga/*
    		NoneNone
    ga:UpdateEndpointGroupUpdateEndpointGroupWrite
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}
    		NoneNone
    ga:UpdateEndpointGroupAttributeUpdateEndpointGroupAttributeWrite
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}
    		NoneNone
    ga:UpdateEndpointGroupsUpdateEndpointGroupsWrite
    EndpointGroup
    acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}
    		NoneNone
    ga:UpdateForwardingRulesUpdateForwardingRulesWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone
    ga:UpdateIpSetUpdateIpSetWrite
    IpSet
    acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}
    		NoneNone
    ga:UpdateIpSetsUpdateIpSetsWrite
    IpSet
    acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}
    		NoneNone
    ga:UpdateListenerUpdateListenerWrite
    Listener
    acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}
    		NoneNone

    Resource

    Ga defines the values that you can use in the Resource. You can attach the policy to a RAM user or a RAM role so that the RAM user or the RAM role can perform a specific operation on a specific resource. The ARN is the unique identifier of the resource on Alibaba Cloud. Take note of the following items:
    • {#}indicates a variable. {#} must be replaced with an actual value. For example, {#ramcode} must be replaced with the actual code of an Alibaba Cloud service in RAM.
    • An asterisk (*) is used as a wildcard. Examples:
      • {#resourceType} is set to *, all resources are specified.
      • {#regionId} is set to *, all regions are specified.
      • {#accountId} is set to *, all Alibaba Cloud accounts are specified.
    Resource typeARN
    Listeneracs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/listener/{#ListenerId}
    ApplicationMonitoracs:ga:{#regionId}:{#accountId}:applicationmonitor/{#TaskId}
    CustomRoutingEndpointTrafficPolicyacs:ga:{#regionId}:{#accountId}:customroutingendpointtrafficpolicy/{#CustomRoutingEndpointTrafficPolicyId}
    BandwidthPackageacs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    Acceleratoracs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}
    CustomRoutingEndpointGroupDestinationacs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/listener/{#ListenerId}/customroutingendpointgroup/{#EndpointGroupId}/customroutingendpointgroupdestination/{#CustomRoutingEndpointGroupDestinationId}
    CustomRoutingEndpointacs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/listener/{#ListenerId}/customroutingendpointgroup/{#EndpointGroupId}/customroutingendpoint/{#CustomRoutingEndpointId}
    BasicAccelerateIpacs:{#ramcode}:{#regionId}:{#accountId}:basicaccelerateip/{#AccelerateIpId}
    Aclacs:ga:{#regionId}:{#accountId}:acl/{#AclId}
    BasicAcceleratoracs:ga:{#regionId}:{#accountId}:basicaccelerator/{#BasicAcceleratorId}
    BasicIpSetacs:ga:{#regionId}:{#accountId}:basicaccelerator/{#BasicAcceleratorId}/basicipset/{#BasicIpSetId}
    AccessLogacs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/listener/{#ListenerId}/accesslog/{#EndpointGroupId}
    BasicAccelerateIpEndpointRelationacs:{#ramcode}:{#regionId}:{#accountId}:basicaccelerateipendpointrelation/{#AcceleratorId}/{#EndpointId}/{#AccelerateIpId}
    EndpointGroupacs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/endpointgroup/{#EndpointGroupId}
    AccelerateAreaacs:ga:{#regionId}:{#accountId}:acceleratearea/{#AccelerateAreaId}
    IpSetacs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/ipset/{#IpSetId}
    BasicEndpointacs:ga:{#regionId}:{#accountId}:basicendpoint/{#EndPointId}
    CustomRoutingEndpointGroupacs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/listener/{#ListenerId}/customroutingendpointgroup/{#EndpointGroupId}
    AdditionalCertificateacs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/listener/{#ListenerId}/certificate/{#CertificateId}
    Domainacs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}/domain/{#Domain}
    BusiRegionacs:ga:{#regionId}:{#accountId}:busiregion/{#RegionId}
    BasicEndpointGroupacs:ga:{#regionId}:{#accountId}:basicendpointgroup/{#BasicEndpointGroupId}
    SystemSecurityPolicyacs:ga:{#regionId}:{#accountId}:systemsecuritypolicy/{#SystemSecurityPolicyId}
    CustomRoutingPortMappingacs:ga:{#regionId}:{#accountId}:customroutingportmapping/{#EndpointId}

    Condition

    Ga defines the values that you can use in the Condition element of a policy statement. The following table describes the values. The following table describes the service-specific condition keys. The common condition keys that are defined by Alibaba Cloud also apply to Ga. For more information about the common condition keys, see Generic Condition Keyword.
    The data type determines the conditional operators that you can use to compare the value in a request with the value in a policy statement. You must use conditional operators that are supported by the data type. Otherwise, you cannot compare the value in the request with the value in the policy statement. In this case, the authorization is invalid. For more information about the conditional operators that are supported by each data type, see Policy elements.
    Condition keyDescriptionData type
    ga:AcceleratorMainlandString
    ga:BandwidthPackageTypeString
    ga:TLSVersionString

    What to do next

    You can create a custom policy and attach the policy to a RAM user, RAM user group, or RAM role. For more information, see the following topics: