All Products
Search
Document Center

Alibaba Cloud Model Studio:Service-linked roles for Alibaba Cloud Model Studio

Last Updated:Aug 26, 2024

This topic describes the service-linked roles for Alibaba Cloud Model Studio and how to delete the service-linked roles.

Background information

In specific scenarios, Alibaba Cloud Model Studio needs to access other Alibaba Cloud services, including AnalyticDB (ADB), Object Storage Service (OSS), and AppFlow. In this case, a service-linked role for Alibaba Cloud Model Studio is required. A service-linked role is a Resource Access Management (RAM) role that an Alibaba Cloud service assumes to access other Alibaba Cloud services. For more information, see Service-linked roles.

Service-linked roles

The following table describes service-linked roles for Alibaba Cloud Model Studio.

Name

Description

AliyunServiceRoleForSFMDataHubOSSImport

The service-linked role that Alibaba Cloud Model Studio assumes to access your resources in OSS.

AliyunServiceRoleForSFMDataHubOSSImport

Scenarios

The service-linked role that Alibaba Cloud Model Studio assumes to access your resources in OSS.

Role name and policy

Role name: AliyunServiceRoleForSFMDataHubOSSImport

Policy: AliyunServiceRolePolicyForSFMDataHubOSSImport

Policy content:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "oss:ListBuckets",
        "oss:GetBucketLocation",
        "oss:GetBucketTagging"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "oss:DoMetaQuery",
        "oss:GetBucketInfo",
        "oss:GetBucketStat",
        "oss:GetBucketTransferAcceleration",
        "oss:GetCnameToken",
        "oss:GetMetaQueryStatus",
        "oss:GetObject",
        "oss:GetObjectTagging",
        "oss:DescribeRegions",
        "oss:ListObjects",
        "oss:ListObjectVersions"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "oss:BucketTag/bailian-datahub-access": [
            "read"
          ]
        }
      }
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "datahub.sfm.aliyuncs.com"
        }
      }
    }
  ]
}

Delete the role

Before you delete the service-linked role AliyunServiceRoleForSFMDataHubOSSImport, make sure that no import task is in progress in the data center, or wait until all import tasks are completed.

  • For more information about how to delete the service-linked role, see the Delete a service-linked role section of the Service-linked roles topic.