This topic describes all system policies supported by IPv6 Gateway and corresponding permissions that you can grant to a RAM user.
What is a system policy?
A policy defines a set of permissions that are described based on the policy structure and syntax. You can use policies to describe the authorized resource sets, authorized operation sets, and authorization conditions. RAM provides two types of policies: system policies and custom policies. All system policies are created and updated by Alibaba Cloud. You can use these policies but cannot modify them. You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. During service iteration, IPv6 Gateway adds new permissions to system policies to support new features and capabilities. The updates of system policies affect all RAM identities to which the policies are attached, including RAM users, RAM user groups, and RAM roles. For more information about RAM policies, see Policy overview.
System policies are designed for new users to quickly get started with Alibaba Cloud services in the Alibaba Cloud Management Console. New users who are granted system policies of IPv6 Gateway can access the service and its dependent services with only a few clicks. System policies also enable the use of more advanced methods such as API operations and CLI commands. If you are familiar with the advanced methods, we recommend that you use custom policies to implement finer-grained control on who is allowed to call what API operations. This improves security.
System policies can be classified into service system policies, service role policies, and service-linked role policies. Some Alibaba Cloud services support only one or two of the three types of policies. The policy types that are described in this topic shall prevail.
Service system policies
AliyunIpv6FullAccess
You can attach the AliyunIpv6FullAccess policy to RAM identities. This policy defines all permissions on IPv6 gateways.
For more information, see AliyunIpv6FullAccess.
AliyunIpv6ReadOnlyAccess
You can attach the AliyunIpv6ReadOnlyAccess policy to RAM identities. This policy defines the read-only permissions on IPv6 gateways.
For more information, see AliyunIpv6ReadOnlyAccess.
References
By default, RAM identities do not have any permissions. RAM identities can access cloud resources within an Alibaba Cloud account only after an account administrator grants the required permissions to the RAM identities. To ensure resource security, we recommend that you grant only the required permissions to the RAM identities based on the principle of least privilege. For more information, see the following topics: