All Products
Search

This Product

    :RAM authorization policies

    Document Center

    :RAM authorization policies

    Last Updated:Dec 27, 2023

    This topic describes authorization policies of CloudOps Orchestration Service (OOS)s (OOS). You can use the Resource Access Management (RAM) service to grant permissions to the specified groups, group members, and RAM users. You can also perform cross-service access control in the RAM console.

    Background

    When RAM users are trying to access OOS resources by using API operations, OOS sends requests to the RAM system to confirm that resource owners have granted the relevant permissions to the users. Required permissions vary with OOS resources and API operations. For more information about fine-grained authorization policies and access control, see the RAM documentation.

    Note

    If authentication is not required, skip this topic.

    API operations for authorization

    The following table lists API operations and the corresponding Alibaba resource name (ARN). For more information about ARN, see Terms.

    API operation

    OOS action

    ARN

    CreateTemplate

    oos:CreateTemplate

    acs:oos:$regionid:$accountid:template/*

    ListTemplates

    oos:ListTemplates

    acs:oos:$regionid:$accountid:template/${templateName}

    UpdateTemplate

    oos:UpdateTemplate

    acs:oos:$regionid:$accountid:template/${templateName}

    GetTemplate

    oos:GetTemplate

    acs:oos:$regionid:$accountid:template/${templateName}

    DeleteTemplate

    oos:DeleteTemplate

    acs:oos:$regionid:$accountid:template/${templateName}

    GenerateTemplatePolicy

    oos:GenerateTemplatePolicy

    acs:oos:$regionid:$accountid:template/${templateName}

    StartExecution

    oos:StartExecution

    acs:oos:$regionid:$accountid:template/${templateName}execution/*

    ListExecutions

    oos:ListExecutions

    acs:oos:$regionid:$accountid:acs:oos:$regionid:$accountid:execution/${executionId}

    ListExecutionTasks

    oos:ListExecutionTasks

    acs:oos:$regionid:$accountid:execution/${executionId}

    CancelExecution

    oos:CancelExecution

    acs:oos:$regionid:$accountid:execution/${executionId}

    NotifyExecution

    oos:NotifyExecution

    acs:oos:$regionid:$accountid:execution/${executionId}

    DeleteExecutions

    oos:DeleteExecutions

    acs:oos:$regionid:$accountid:execution/${executionId}

    ListExecutionLogs

    oos:ListExecutionLogs

    acs:oos:$regionid:$accountid:execution/${executionId}

    GetExecutionTemplate

    oos:GetExecutionTemplate

    acs:oos:$regionid:$accountid:execution/${executionId}