This topic describes the service-linked roles for Alibaba Cloud Model Studio and how to delete the service-linked roles.
Background information
In specific scenarios, Alibaba Cloud Model Studio needs to access other Alibaba Cloud services, including AnalyticDB (ADB), Object Storage Service (OSS), and AppFlow. In this case, a service-linked role for Alibaba Cloud Model Studio is required. A service-linked role is a Resource Access Management (RAM) role that an Alibaba Cloud service assumes to access other Alibaba Cloud services. For more information, see Service-linked roles.
Service-linked roles
The following table describes service-linked roles for Alibaba Cloud Model Studio.
Name | Description |
AliyunServiceRoleForSFMDataHubOSSImport | The service-linked role that Alibaba Cloud Model Studio assumes to access your resources in OSS. |
AliyunServiceRoleForSFMDataHubOSSImport
Scenarios
The service-linked role that Alibaba Cloud Model Studio assumes to access your resources in OSS.
Role name and policy
Role name: AliyunServiceRoleForSFMDataHubOSSImport
Policy: AliyunServiceRolePolicyForSFMDataHubOSSImport
Policy content:
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:ListBuckets",
"oss:GetBucketLocation",
"oss:GetBucketTagging"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"oss:DoMetaQuery",
"oss:GetBucketInfo",
"oss:GetBucketStat",
"oss:GetBucketTransferAcceleration",
"oss:GetCnameToken",
"oss:GetMetaQueryStatus",
"oss:GetObject",
"oss:GetObjectTagging",
"oss:DescribeRegions",
"oss:ListObjects",
"oss:ListObjectVersions"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"oss:BucketTag/bailian-datahub-access": [
"read"
]
}
}
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "datahub.sfm.aliyuncs.com"
}
}
}
]
}
Delete the role
Before you delete the service-linked role AliyunServiceRoleForSFMDataHubOSSImport, make sure that no import task is in progress in the data center, or wait until all import tasks are completed.
For more information about how to delete the service-linked role, see the Delete a service-linked role section of the Service-linked roles topic.