All Products
Search

This Product

    Resource Access Management:AliyunServiceRolePolicyForRCSecuritySense

    Document Center

    Resource Access Management:AliyunServiceRolePolicyForRCSecuritySense

    Last Updated:Dec 03, 2025

    AliyunServiceRolePolicyForRCSecuritySense is the authorization policy dedicated to a service-linked role. The policy is automatically attached to a service role when the service role is created. Then, the service-linked role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service-linked role.

    Policy details

    • Type: service system policy

    • Creation time: 09:39:33 on December 12, 2024

    • Update time: 06:46:38 on December 03, 2025

    • Current version: v7

    Policy content

    {
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "yundun-sas:ListCheckResult",
        "yundun-sas:VerifyCheckResult",
        "yundun-sas:DescribeEmgVulItem",
        "yundun-sas:DescribeSuspEvents",
        "yundun-sas:DescribeGroupedVul",
        "yundun-sas:GetAssetDetailByUuid",
        "yundun-sas:DescribeSimilarSecurityEvents",
        "yundun-sas:CreateSimilarSecurityEventsQueryTask",
        "yundun-sas:DescribeSecurityEventOperationStatus",
        "yundun-sas:DescribeCloudCenterInstances",
        "yundun-sas:DescribeVersionConfig"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "accountcenter:AccountContactQueryPageList"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "yundun-aegis:ModifyStartVulScan",
        "yundun-aegis:DescribeAccesskeyLeakList"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "config:GetConfigurationRecorder",
        "config:ListConfigRules",
        "config:CreateCompliancePack",
        "config:GetCompliancePack",
        "config:GetConfigRule",
        "config:DeactiveConfigRules",
        "config:ActiveConfigRules",
        "config:ListConfigRuleEvaluationResults",
        "config:ListCompliancePacks"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ram:ListRoles"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ecs:DescribeInstancesFullStatus"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "swas-open:ListInstanceStatus"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "notifications:ReadAllCommonContacts",
        "notifications:ReadUserSubscriptionList",
        "notifications:UpdateUserSubscription"
      ],
      "Resource": "*"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "security-sense.riskcontrol.aliyuncs.com"
        }
      }
    }
  ]
}

    References