To use a Resource Access Management (RAM) user to manage Message Service (MNS) logs, you must grant the required permissions to the RAM user. This topic describes how to authorize a RAM user to manage MNS logs.
Step 1: Create custom policies
Log on to the RAM console as a RAM user who has administrative rights.
In the left-side navigation pane, choose .
On the Policies page, click Create Policy.
On the Create Policy page, click Visual editor or JSON.
Configure a policy as prompted and click Next to edit policy information. For more information about how to create a custom policy, see Create custom policies.
The following table describes the required policies.
Policy
Description
Policy script
RamListRolesPolicy
Grants the permissions to access the list of RAM roles.
{ "Version":"1", "Statement":[ { "Effect":"Allow", "Action":"ram:ListRoles", "Resource":"acs:ram:*:*:*" } ] }MNSAccessAccountAttr
Grants the permissions to view and configure Alibaba Cloud accounts.
{ "Version":"1", "Statement":[ { "Effect":"Allow", "Action":[ "mns:SetAccountAttributes", "mns:GetAccountAttributes" ], "Resource":"acs:mns:*:*:*" } ] }LogServiceListPolicy
Grants the permissions to access the list of Log Service projects and Logstores.
{ "Version":"1", "Statement":[ { "Effect":"Allow", "Action":"log:List*", "Resource":"acs:log:*:*:*" } ] }OSSListBuckets
Grants the permissions to access the list of Object Storage Service (OSS) buckets.
{ "Version":"1", "Statement":[ { "Effect":"Allow", "Action":"oss:ListBuckets", "Resource":"acs:oss:*:*:*" } ] }
Step 2: Grant the required permissions to the RAM user
For more information, see Grant permissions to a RAM user.