Resource Access Management:AliyunNASReadOnlyAccess

AliyunNASReadOnlyAccess is a service system policy that is managed by Alibaba Cloud. You can attach the AliyunNASReadOnlyAccess policy to a Resource Access Management (RAM) identity, such as a RAM user, RAM user group, and RAM role. The AliyunNASReadOnlyAccess policy: Provides read-only access to Network Attached Storage via Management Console.

Policy details

• Type: service system policy

• Creation time: 03:34:14 on March 29, 2016

• Update time: 16:48:07 on April 27, 2017

• Current version: v1

Policy content

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "nas:Describe*",
        "nas:Get*",
        "nas:List*"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "bssapi:QueryResourcePackageInstances",
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "cms:QueryMetricList",
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribeVSwitches"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kms:ListAliasesByKeyId",
        "kms:ListKeys"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:GetRole",
      "Resource": [
        "acs:ram:*:*:role/aliyunservicerolefornasstandard",
        "acs:ram:*:*:role/aliyunservicerolefornasextreme",
        "acs:ram:*:*:role/aliyunservicerolefornasencryption",
        "acs:ram:*:*:role/aliyunservicerolefornaslogdelivery",
        "acs:ram:*:*:role/aliyunservicerolefornasecshandler",
        "acs:ram:*:*:role/aliyunservicerolefornascpfsnetwork",
        "acs:ram:*:*:role/aliyunservicerolefornascpfsclient",
        "acs:ram:*:*:role/aliyunservicerolefornasossdataflow",
        "acs:ram:*:*:role/aliyunservicerolefornaseventnotification",
        "acs:ram:*:*:role/aliyunnastieringrole",
        "acs:ram:*:*:role/aliyunnasencryptdefaultrole",
        "acs:ram:*:*:role/aliyunnasdefaultrole",
        "acs:ram:*:*:role/aliyunnaslogarchiverole",
        "acs:ram:*:*:role/aliyunnasmanageenirole"
      ],
      "Effect": "Allow"
    }
  ]
}

References

• Policy elements

• Grant permissions to a RAM user

• Grant permissions to a RAM user group

• Grant permissions to a RAM role