AliyunCloudSSOReadOnlyAccess is a service system policy that is managed by Alibaba Cloud. You can attach the AliyunCloudSSOReadOnlyAccess policy to a Resource Access Management (RAM) identity, such as a RAM user, RAM user group, and RAM role. The AliyunCloudSSOReadOnlyAccess policy: Provides read-only access to CloudSSO via Management Console.
Policy details
Type: service system policy
Creation time: 03:13:35 on August 20, 2021
Update time: 03:13:35 on August 20, 2021
Current version: v1
Policy content
{
"Version": "1",
"Statement": [
{
"Action": [
"cloudsso:List*",
"cloudsso:Get*",
"cloudsso:Check*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"resourcemanager:GetResourceDirectory",
"resourcemanager:ListParents",
"resourcemanager:ListChildrenForParent",
"resourcemanager:ListAncestors",
"resourcemanager:ListAccountRecordsForParent",
"resourcemanager:GetFolder",
"resourcemanager:GetAccount"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ram:GetPolicyVersion",
"ram:ListPolicyVersions",
"ram:GetPolicy"
],
"Resource": "acs:ram:*:system:policy/*",
"Effect": "Allow"
}
]
}