All Products
Search
Document Center

Resource Access Management:Services that support RAM

Last Updated:Jun 02, 2026

Alibaba Cloud services that support RAM, including authorization granularity, system policies, and reference documentation for each service.

Overview

Each table provides the following information:

  • Cloud service: Name of the RAM-integrated cloud service.

  • Sub-service or sub-module: Sub-service or sub-module of the cloud service. A hyphen (-) indicates none.

  • RAM code: Unique service identifier in RAM.

  • Console: Supported means console access control is available. Not supported means it is not. ○ means the service has no console integration.

  • API: Supported means API access control is available. Not supported means it is not. ○ means the service has no API.

  • Authorization granularity: Finest authorization level the service supports. A hyphen (-) indicates none defined.

    When a cloud service integrates with RAM, it supports different authorization granularity levels:

    • Service level: All-or-nothing access to the entire service.

    • Operation level: API-level authorization. Grants permissions for specific operations on resource types.

    • Resource level: Most granular. Grants permissions for specific operations on individual resources, such as restarting a specific ECS instance.

  • System policy: Predefined RAM policies for the service. A hyphen (-) indicates none available.

  • References: RAM integration documentation. A hyphen (-) indicates none available.

Elastic compute

Service

Sub-service

RAM code

Console

API

Authorization granularity

System policies

Reference

ECS

-

ecs

Supported

Supported

resource-level

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

  • AliyunECSWorkbenchFullAccess

RAM authorization for ECS

ECS

Elastic Block Storage (EBS)

ecs

Supported

Supported

resource-level

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

-

Elastic Block Storage (EBS)

-

ebs

Supported

Supported

resource-level

  • AliyunEBSFullAccess

  • AliyunEBSReadOnlyAccess

-

ECS

Elastic GPU Service

ecs

Supported

Supported

resource-level

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

RAM authorization for ECS

ECS

ECS Bare Metal Instance

ecs

Supported

Supported

resource-level

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

RAM authorization for ECS

ECS

Dedicated Host (DDH)

ecs

Supported

Supported

resource-level

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

RAM authorization for ECS

ECS

Alibaba Cloud Linux 2

ecs

Supported

Supported

resource-level

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

RAM authorization for ECS

Auto Scaling

-

ess

Supported

Supported

operation-level

  • AliyunESSFullAccess

  • AliyunESSReadOnlyAccess

Auto Scaling API usage notes

Container Service for Kubernetes (ACK)

-

cs

Supported

Supported

resource-level

  • AliyunCSFullAccess

  • AliyunCSReadOnlyAccess

RAM authorization for ACK

Batch Compute

-

batchcompute

Supported

Supported

service-level

-

-

Resource Orchestration Service (ROS)

-

ros

Supported

Supported

resource-level

  • AliyunROSFullAccess

  • AliyunROSReadOnlyAccess

RAM authorization for ROS

Function Compute

-

fc

Supported

Supported

resource-level

  • AliyunFCFullAccess

  • AliyunFCReadOnlyAccess

  • AliyunFCInvocationAccess

RAM authorization for Function Compute

Simple Application Server

-

swas

Supported

service-level

AliyunSWASFullAccess

-

Elastic High Performance Computing (E-HPC)

-

ehpc

Supported

Supported

service-level

  • AliyunEHPCFullAccess

  • AliyunEHPCReadOnlyAccess

-

Container Registry

-

cr

Supported

Supported

resource-level

  • AliyunContainerRegistryFullAccess

  • AliyunContainerRegistryReadOnlyAccess

RAM authorization for Container Registry

Elastic Desktop Service (EDS)

-

ecd

Supported

Supported

operation-level

  • AliyunECDFullAccess

  • AliyunECDReadOnlyAccess

  • AliyunECDRamUserAccess

  • AliyunECDTagFullAccess

  • AliyunECDOfficeSiteFullAccess

  • AliyunECDUserFullAccess

  • AliyunECDPolicyGroupFullAccess

  • AliyunECDDesktopFullAccess

  • AliyunECDTechnicalSupportFullAccess

Authorize RAM users

Elastic Container Instance (ECI)

-

eci

Supported

Supported

resource-level

  • AliyunECIFullAccess

  • AliyunECIReadOnlyAccess

Authorize RAM users

Serverless Workflow

-

fnf

Supported

Supported

resource-level

  • AliyunFnFFullAccess

  • AliyunFnFReadOnlyAccess

RAM authorization for Serverless Workflow

Web App Service

-

webplus

Supported

Supported

operation-level

  • AliyunWebPlusFullAccess

  • AliyunWebPlusReadOnlyAccess

-

Compute Nest

-

  • computenest

  • computenestsupplier

Supported

resource-level

  • AliyunComputeNestSupplierFullAccess

  • AliyunComputeNestUserFullAccess

  • AliyunComputeNestUserReadOnlyAccess

  • AliyunComputeNestSupplierReadOnlyAccess

-

Distributed Cloud Container Platform for Kubernetes (ACK One)

-

adcp

Supported

Supported

operation-level

  • AliyunAdcpFullAccess

  • AliyunAdcpReadOnlyAccess

-

Databases

Service

Sub-service

RAM code

Console

API

Authorization granularity

System policy

References

ApsaraDB RDS

ApsaraDB RDS

rds

Supported

Supported

resource-level

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

  • AliyunRDSGADFullAccess

  • AliyunRDSGADReadOnlyAccess

  • AliyunRDSReadOnlyWithSQLLogArchiveAccess

RAM authorization for RDS

ApsaraDB RDS

ApsaraDB RDS for MySQL

rds

Supported

Supported

resource-level

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

RAM authorization for RDS

ApsaraDB RDS

ApsaraDB RDS for SQL Server

rds

Supported

Supported

resource-level

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

RAM authorization for RDS

ApsaraDB RDS

ApsaraDB RDS for PostgreSQL

rds

Supported

Supported

resource-level

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

RAM authorization for RDS

ApsaraDB RDS

ApsaraDB for MyBase

rds

Supported

Supported

resource-level

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

-

Tair

-

kvstore

Supported

Supported

resource-level

  • AliyunKvstoreFullAccess

  • AliyunKvstoreReadOnlyAccess

RAM authorization for Tair

ApsaraDB for MongoDB

-

dds

Supported

Supported

resource-level

  • AliyunMongoDBFullAccess

  • AliyunMongoDBReadOnlyAccess

-

AnalyticDB for PostgreSQL

-

gpdb

Supported

Supported

resource-level

  • AliyunGPDBFullAccess

  • AliyunGPDBReadOnlyAccess

-

Data Transmission Service (DTS)

-

dts

Supported

Supported

operation-level

  • AliyunDTSFullAccess

  • AliyunDTSReadOnlyAccess

Authorize a RAM user to manage DTS

Data Management (DMS)

-

dms

Supported

Supported

service-level

  • AliyunDMSFullAccess

  • AliyunDMSReadOnlyAccess

Authorize DMS to access cloud resources

AnalyticDB for MySQL

-

adb

Supported

Supported

operation-level

  • AliyunADBFullAccess

  • AliyunADBReadOnlyAccess

  • AliyunADBDeveloperAccess

RAM authorization for AnalyticDB for MySQL

PolarDB-X

-

  • drds

  • polardbx

Supported

Supported

resource-level

  • AliyunDRDSReadOnlyAccess

  • AliyunDRDSFullAccess

  • AliyunDRDSReadOnlyWithSQLLogArchiveAccess

RAM authorization for PolarDB-X

ApsaraDB for HBase

-

hbase

Supported

Supported

resource-level

  • AliyunHBaseFullAccess

  • AliyunHBaseReadOnlyAccess

Create custom RAM authorization policies

Advanced Database & Application Migration (ADAM)

-

adam

Supported

service-level

  • AliyunADAMReadOnlyAccess

  • AliyunADAMFullAccess

RAM authorization for ADAM

PolarDB

-

polardb

Supported

Supported

operation-level

  • AliyunPolardbReadOnlyAccess

  • AliyunPolardbFullAccess

  • AliyunPolardbReadOnlyWithSQLLogArchiveAccess

Create a RAM user

Database Backup Service (DBS)

-

dbs

Supported

Supported

service-level

  • AliyunDBSFullAccess

  • AliyunDBSReadOnlyAccess

-

Database Autonomy Service (DAS)

-

hdm

Supported

Supported

service-level

  • AliyunHDMReadOnlyAccess

  • AliyunHDMFullAccess

  • AliyunHDMReadOnlyWithSQLLogArchiveAccess

Use DAS as a RAM user

ApsaraDB for OceanBase

-

oceanbase

Supported

service-level

  • AliyunOceanBaseFullAccess

  • AliyunOceanBaseReadOnlyAccess

-

ApsaraDB for Cassandra

-

cassandra

Supported

Supported

resource-level

  • AliyunCassandraFullAccess

  • AliyunCassandraReadOnlyAccess

Manage RAM users

ApsaraDB for ClickHouse

-

clickhouse

Supported

Supported

resource-level

  • AliyunClickHouseFullAccess

  • AliyunClickHouseReadOnlyAccess

Grant permissions to RAM users

Database Gateway (DG)

-

dg

Supported

Supported

resource-level

  • AliyunDGFullAccess

  • AliyunDGReadOnlyAccess

-

ApsaraDB for SelectDB

-

selectdb

Supported

Supported

operation-level

  • AliyunSelectDBFullAccess

  • AliyunSelectDBReadOnlyAccess

RAM authorization for ApsaraDB for SelectDB

Storage

Service

Sub-service

RAM code

Console

API

Authorization granularity

System policies

References

Object Storage Service (OSS)

-

oss

Supported

Supported

resource level

  • AliyunOSSFullAccess

  • AliyunOSSReadOnlyAccess

  • AliyunOSSImportReadOnlyAccess

  • AliyunOSSImportFullAccess

RAM authorization for OSS

NAS

-

nas

Supported

Supported

resource level

  • AliyunNASFullAccess

  • AliyunNASReadOnlyAccess

Control NAS access with RAM policies

Tablestore

-

ots

Supported

Supported

resource level

  • AliyunOTSFullAccess

  • AliyunOTSReadOnlyAccess

  • AliyunOTSWriteOnlyAccess

RAM authorization for Tablestore

Cloud Storage Gateway (CSG)

-

hcs-sgw

Supported

Supported

service level

AliyunHCSSGWFullAccess

RAM authorization for Cloud Storage Gateway

Cloud Backup

-

hbr

Supported

Supported

resource level

  • AliyunHBRFullAccess

  • AliyunHBRReadOnlyAccess

RAM authorization for Cloud Backup

Hybrid Cloud Storage

Hybrid Cloud Storage

hgw

Supported

operation level

  • AliyunHgwFullAccess

  • AliyunHgwReadOnlyAccess

-

Hybrid Cloud Storage

Remote Service

asrs

Supported

resource level

  • ASRSFullAccess

  • ASRSReadOnlyAccess

-

Cloud communication

Cloud service

Subservice / module

RAM code

Console

API

Authorization granularity

System policy

Related documentation

Short Message Service

-

dysms

Supported

Supported

service level

-

-

Networking

Cloud service

Sub-service/sub-module

RAM code

Console

API

Authorization granularity

System policy

Related documents

Virtual Private Cloud (VPC)

-

vpc

Supported

Supported

resource-level

  • AliyunVPCFullAccess

  • AliyunVPCReadOnlyAccess

  • AliyunVPCNetworkIntelligenceReadOnlyAccess

  • AliyunVPCPrefixListAccess

  • AliyunVPCPrefixListReadOnlyAccess

  • AliyunVpcPeerFullAccess

  • AliyunVpcPeerReadOnlyAccess

RAM authorization for VPC

Server Load Balancer (SLB)

Classic Load Balancer (CLB)

slb

Supported

Supported

resource-level

  • AliyunSLBReadOnlyAccess

  • AliyunSLBFullAccess

RAM authorization for Classic Load Balancer (CLB)

Server Load Balancer (SLB)

Application Load Balancer (ALB)

alb

Supported

Supported

resource-level

  • AliyunALBFullAccess

  • AliyunALBReadOnlyAccess

RAM authorization for Application Load Balancer (ALB)

Server Load Balancer (SLB)

Network Load Balancer (NLB)

nlb

Supported

Supported

resource-level

  • AliyunNLBFullAccess

  • AliyunNLBReadOnlyAccess

RAM authorization for Network Load Balancer (NLB)

Server Load Balancer (SLB)

Gateway Load Balancer (GWLB)

gwlb

Supported

Supported

resource-level

  • AliyunGWLBFullAccess

  • AliyunGWLBReadOnlyAccess

RAM authorization for Gateway Load Balancer (GWLB)

Express Connect

-

vpc

Supported

Supported

resource-level

  • AliyunExpressConnectFullAccess

  • AliyunExpressConnectReadOnlyAccess

Policies and examples for Express Connect

Elastic IP Address (EIP)

Elastic IP Address (EIP)

vpc

Supported

Supported

resource-level

  • AliyunEIPFullAccess

  • AliyunEIPReadOnlyAccess

RAM authorization for EIP

Elastic IP Address (EIP)

Anycast Elastic IP Address (Anycast EIP)

eipanycast

Supported

Supported

resource-level

  • AliyunAnycastEIPFullAccess

  • AliyunAnycastEIPReadOnlyAccess

RAM authorization for Anycast EIP

NAT Gateway

-

vpc

Supported

Supported

resource-level

  • AliyunNATGatewayReadOnlyAccess

  • AliyunNATGatewayFullAccess

RAM authorization for NAT Gateway

VPN Gateway

-

vpc

Supported

Supported

resource-level

  • AliyunVPNGatewayFullAccess

  • AliyunVPNGatewayReadOnlyAccess

RAM authorization for VPN Gateway

Internet Shared Bandwidth

-

vpc

Supported

Supported

resource-level

  • AliyunCommonBandwidthPackageReadOnlyAccess

  • AliyunCommonBandwidthPackageFullAccess

-

Global Accelerator (GA)

-

ga

Supported

Supported

resource-level

  • AliyunGlobalAccelerationReadOnlyAccess

  • AliyunGlobalAccelerationFullAccess

RAM authorization for Global Accelerator (GA)

Smart Access Gateway (SAG)

-

smartag

Supported

Supported

resource-level

-

RAM authorization for Smart Access Gateway (SAG)

Cloud Enterprise Network (CEN)

-

cen

Supported

Supported

resource-level

  • AliyunCENReadOnlyAccess

  • AliyunCENFullAccess

RAM authorization for Cloud Enterprise Network (CEN)

PrivateLink

-

privatelink

Supported

Supported

resource-level

  • AliyunPrivateLinkFullAccess

  • AliyunPrivateLinkReadOnlyAccess

  • AliyunPrivatelinkEndpointServiceReadOnlyAccess

  • AliyunPrivatelinkEndpointServiceFullAccess

  • AliyunPrivatelinkEndpointReadOnlyAccess

  • AliyunPrivatelinkEndpointFullAccess

RAM authorization for PrivateLink

Alibaba Cloud DNS PrivateZone

-

pvtz

Supported

Supported

resource-level

  • AliyunPvtzFullAccess

  • AliyunPvtzReadOnlyAccess

RAM authorization for Alibaba Cloud DNS PrivateZone

Cloud Data Transfer (CDT)

-

cdt

Supported

Supported

operation-level

  • AliyunCDTFullAccess

  • AliyunCDTReadOnlyAccess

System policy reference for CDT

VPC peering connection

-

vpc

Supported

Supported

resource-level

  • AliyunVpcPeerFullAccess

  • AliyunVpcPeerReadOnlyAccess

-

IPv6 Gateway

-

vpc

Supported

Supported

resource-level

  • AliyunIpv6FullAccess

  • AliyunIpv6ReadOnlyAccess

-

O&M management

Cloud service

Sub-module

Code

Console

API

Authorization granularity

System policies

Documentation

Application Real-Time Monitoring Service (ARMS)

-

arms

Supported

Supported

service level

  • AliyunARMSFullAccess

  • AliyunARMSReadOnlyAccess

RAM authentication for ARMS

CloudMonitor

-

cms

Supported

Supported

operation level

  • AliyunCloudMonitorFullAccess

  • AliyunCloudMonitorReadOnlyAccess

  • AliyunCloudMonitorMetricDataReadOnlyAccess

RAM authentication for CloudMonitor

Intelligent Advisor

-

advisor-intl

Supported

Supported

operation level

  • AliyunAdvisorFullAccess

  • AliyunAdvisorReadOnlyAccess

-

Cloud Shell

-

cloudshell

Supported

operation level

AliyunCloudShellFullAccess

-

Cloud Config

-

config

Supported

Supported

operation level

  • AliyunConfigFullAccess

  • AliyunConfigReadOnlyAccess

RAM authentication for Cloud Config

Logic Composer

-

composer

Supported

Supported

resource level

  • AliyunLogicComposerFullAccess

  • AliyunLogicComposerReadOnlyAccess

RAM authentication for Logic Composer

CloudOps Orchestration Service (OOS)

-

oos

Supported

Supported

resource level

  • AliyunOOSFullAccess

  • AliyunOOSReadOnlyAccess

RAM authentication for CloudOps Orchestration Service (OOS)

Cloud Governance Center (CGC)

Cloud Governance Center (CGC)

governance

Supported

operation level

  • AliyunGovernanceFullAccess

  • AliyunGovernanceReadOnlyAccess

-

Cloud Governance Center (CGC)

Service Catalog

servicecatalog

Supported

Supported

resource level

  • AliyunServiceCatalogAdminFullAccess

  • AliyunServiceCatalogEndUserFullAccess

  • AliyunServiceCatalogAdminReadOnlyAccess

  • AliyunServiceCatalogEndUserReadOnlyAccess

Middleware

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

Documentation

Enterprise Distributed Application Service (EDAS)

-

edas

Supported

Supported

resource level

  • AliyunEDASFullAccess

  • AliyunEDASReadOnlyAccess

  • AliyunEDASApplicationFullAccess

  • AliyunEDASApplicationReadOnlyAccess

  • AliyunEDASResourceReadOnlyAccess

  • AliyunEDASResourceFullAccess

RAM authorization for EDAS

Message Queue

Message Queue for Apache RocketMQ

mq

Supported

Supported

resource level

  • AliyunMQFullAccess

  • AliyunMQReadOnlyAccess

  • AliyunMQPubOnlyAccess

  • AliyunMQSubOnlyAccess

RAM authorization for Message Queue for Apache RocketMQ

Message Queue

Message Queue for MQTT

mq

Supported

Supported

resource level

  • AliyunMQFullAccess

  • AliyunMQReadOnlyAccess

  • AliyunMQPubOnlyAccess

  • AliyunMQSubOnlyAccess

RAM authorization for Message Queue for MQTT

Message Queue

Message Queue for RabbitMQ

amqp

Supported

Supported

resource level

  • AliyunAMQPFullAccess

  • AliyunAMQPReadOnlyAccess

RAM authorization for Message Queue for RabbitMQ

Message Service (MNS)

-

mns

Supported

Supported

resource level

  • AliyunMNSFullAccess

  • AliyunMNSReadOnlyAccess

RAM authorization for Message Service (MNS)

Message Queue for Apache Kafka

-

alikafka

Supported

Supported

resource level

  • AliyunKafkaFullAccess

  • AliyunKafkaReadOnlyAccess

RAM authorization for Message Queue for Apache Kafka

Application High Availability Service (AHAS)

-

ahas

Supported

Supported

service level

  • AliyunAHASFullAccess

  • AliyunAHASReadOnlyAccess

-

Alibaba Cloud Service Mesh (ASM)

-

servicemesh

Supported

Supported

resource level

  • AliyunASMFullAccess

  • AliyunASMReadOnlyAccess

RAM authorization for Alibaba Cloud Service Mesh

EventBridge

-

eventbridge

Supported

Supported

resource level

  • AliyunEventBridgeFullAccess

  • AliyunEventBridgeReadOnlyAccess

  • AliyunEventBridgeResourceCreatePolicy

  • AliyunEventBridgeResourceDeletePolicy

  • AliyunEventBridgeResourceUpdatePolicy

  • AliyunEventBridgePutEventsPolicy

RAM authorization for EventBridge

Media and CDN

Service

Subservice or submodule

RAM code

Console

API

Authorization granularity

System policies

References

Alibaba Cloud CDN

-

cdn

Supported

Supported

resource-level

  • AliyunCDNFullAccess

  • AliyunCDNReadOnlyAccess

RAM authorization for Alibaba Cloud CDN

ApsaraVideo for Media Processing (MPS)

-

mts

Supported

Supported

service-level

  • AliyunMTSFullAccess

  • AliyunMTSPlayerAuth

-

ApsaraVideo for VOD

-

vod

Supported

Supported

action-level

  • AliyunVODFullAccess

  • AliyunVODReadOnlyAccess

  • AliyunVODPlayAuth

  • AliyunVODUploadAuth

-

ApsaraVideo for Live

-

live

Supported

Supported

resource-level

  • AliyunLiveFullAccess

  • AliyunLiveReadOnlyAccess

ApsaraVideo for Live RAM authorization

Real-Time Communication (RTC)

-

rtc

Supported

Supported

resource-level

-

-

Dynamic Content Delivery Network (DCDN)

-

dcdn

Supported

Supported

resource-level

  • AliyunDCDNFullAccess

  • AliyunDCDNReadOnlyAccess

-

Edge Security Acceleration (ESA)

-

esa

Supported

Supported

resource-level

  • AliyunESAFullAccess

  • AliyunESAReadOnlyAccess

Edge Security Acceleration (ESA) RAM authorization

Enterprise applications

Service

Sub-service/sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Direct Mail

-

dm

Supported

Supported

operation level

  • AliyunDirectMailFullAccess

  • AliyunDirectMailReadOnlyAccess

-

API Gateway

-

apigateway

Supported

Supported

service level

  • AliyunApiGatewayFullAccess

  • AliyunApiGatewayReadOnlyAccess

RAM authorization for API Gateway

Alibaba Mail

-

alimail

Supported

operation level

  • AliyunAlimailFullAccess

  • AliyunAlimailReadOnlyAccess

-

Resource Management

Resource Directory

resourcemanager

Supported

Supported

operation level

  • AliyunResourceDirectoryFullAccess

  • AliyunResourceDirectoryReadOnlyAccess

RAM authorization for Resource Directory

Resource Management

Resource Sharing

resourcesharing

Supported

Supported

operation level

  • AliyunResourceSharingFullAccess

  • AliyunResourceSharingReadOnlyAccess

-

Resource Management

tag

tag

Supported

Supported

operation level

  • AliyunTagManagerAccess

  • AliyunTAGReadOnlyAccess

  • AliyunTagAdministratorAccess

RAM authorization for tags

Resource Management

Resource Center

resourcecenter

Supported

Supported

operation level

  • AliyunResourceCenterFullAccess

  • AliyunResourceCenterReadOnlyAccess

RAM authorization for Resource Center

Blockchain as a Service (BaaS)

Blockchain as a Service (BaaS)

baas

Supported

Supported

resource level

  • AliyunBaaSFullAccess

  • AliyunBaaSReadOnlyAccess

RAM authorization for Hyperledger Fabric

CloudQuotation (CQ)

-

assettech

Supported

service level

  • AliyunCQCloudFullAccess

  • AliyunCQCloudReadOnlyAccess

-

BizWorks

-

bizworks

Supported

service level

  • AliyunBizWorksFullAccess

  • AliyunBizWorksReadOnlyAccess

-

Domains and websites

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policies

References

Alibaba Cloud DNS

Alibaba Cloud DNS

alidns

Supported

Supported

resource-level

  • AliyunDNSFullAccess

  • AliyunDNSReadOnlyAccess

Alibaba Cloud DNS

Alibaba Cloud Public DNS

pubdns

Supported

Supported

resource-level

  • AliyunPubDNSReadOnlyAccess

  • AliyunPubDNSFullAccess

-

Alibaba Cloud Domains

-

domain

Supported

Supported

resource-level

  • AliyunDomainFullAccess

  • AliyunDomainReadonlyAccess

RAM authorization for Alibaba Cloud Domains

Artificial intelligence

Service

Module

RAM code

Console

API

Authorization granularity

System policies

References

Intelligent Speech Interaction

Intelligent Speech Interaction

nls

Supported

Supported

service level

  • AliyunNLSFullAccess

  • AliyunNLSReadOnlyAccess

  • AliyunNLSSpeechServiceAccess

  • AliyunNLSSlpAccess

-

Platform for AI (PAI)

-

pai

Supported

Supported

service level

-

-

Platform for AI (PAI)

-

paiplugin

Supported

operation level

  • AliyunPaiPluginFullAccess

  • AliyunPaiPluginReadOnlyAccess

-

Image Search

-

imagesearch

Supported

Supported

resource level

  • AliyunImagesearchReadOnlyAccess

  • AliyunImagesearchFullAccess

RAM authorization for Image Search

Machine Translation

-

alimt

Supported

Supported

operation level

  • AliyunMTFullAccess

  • AliyunMTReadOnlyAccess

-

Model Studio

-

sfm

Unsupported

Supported

resource level

  • AliyunSFMFullAccess

  • AliyunSFMReadOnlyAccess

  • AliyunBailianFullAccess

  • AliyunBailianReadOnlyAccess

RAM authorization for Model Studio

IoT

Service

Sub-service or module

RAM code

Console

API

Authorization granularity

System policy

References

IoT Platform

-

iot

Supported

Supported

resource level

  • AliyunIOTFullAccess

  • AliyunIOTReadOnlyAccess

  • AliyunIOTConsoleCommonAccess

RAM authorization for IoT Platform

Link IoT Edge

-

iot

Supported

Supported

resource level

  • AliyunIOTFullAccess

  • AliyunIOTReadOnlyAccess

  • AliyunIOTConsoleCommonAccess

RAM authorization for Link IoT Edge

Cloud-native Multi-model Database Lindorm

Time Series Database (TSDB)

hitsdb

Supported

Supported

operation level

-

-

Big data

Service

Sub-module

RAM code

Console

API

Granularity

System policies

References

DataWorks

-

dataworks

Supported

Supported

operation level

  • AliyunDataWorksFullAccess

  • AliyunDataWorksReadOnlyAccess

  • AliyunDataWorksExclusiveResourceGroupModify

  • AliyunDataWorksAccessingRdsReadOnlyPolicy

  • AliyunDataWorksAccessingDLFReadOnlyPolicy

  • AliyunDataWorksAccessingEMRReadOnlyPolicy

  • AliyunDataWorksAccessingAlikafkaPolicy

RAM policies for product and console permissions

Quick BI

-

-

Supported

Supported

service level

-

-

DataV

-

datav

Supported

service level

AliyunDataVFullAccess

-

Realtime Compute for Apache Flink

-

stream

Supported

Supported

resource level

  • AliyunStreamFullAccess

  • AliyunStreamReadOnlyAccess

RAM authorization

Elasticsearch

-

elasticsearch

Supported

Supported

resource level

  • AliyunElasticsearchReadOnlyAccess

  • AliyunElasticsearchFullAccess

  • AliyunElasticsearchServerlessFullAccess

  • AliyunElasticsearchServerlessReadOnlyAccess

RAM authorization

E-MapReduce

E-MapReduce

emr

Supported

Supported

service level

  • AliyunEMRFullAccess

  • AliyunEMRFlowAdmin

  • AliyunEMRDevelopAccess

  • AliyunEMRDlsFullAccess

  • AliyunEMRDlsReadOnlyAccess

Grant permissions to RAM users

Simple Log Service (SLS)

-

log

Supported

Supported

resource level

  • AliyunLogFullAccess

  • AliyunLogReadOnlyAccess

  • AliyunLogPutOpenEventPolicy

  • AliyunLogInvokeFCAccess

RAM authorization

Hologres

-

hologram

Supported

Supported

resource level

  • AliyunHologresFullAccess

  • AliyunHologresReadOnlyAccess

Quick start to granting permissions to RAM users

Developer services

Cloud services

Sub-service

RAM codes

Console

API

Authorization granularity

System policies

References

Alibaba Cloud DevOps

-

rdc

Supported

Supported

resource level

  • AliyunRDCFullAccess

  • AliyunRDCReadOnlyAccess

-

Tracing Analysis

-

xtrace

Supported

Supported

operation level

  • AliyunTracingAnalysisFullAccess

  • AliyunTracingAnalysisReadOnlyAccess

-

Security

Service

Sub-service/sub-module

RAM code

Console

API

Authorization granularity

System policy

Documentation

Security Center

-

  • yundun-sas

  • yundun-aegis

Supported

Supported

operation level

  • AliyunYundunSASFullAccess

  • AliyunYundunSASReadOnlyAccess

-

Server Guard

-

yundun-aegis

Supported

Supported

service level

  • AliyunYundunAegisFullAccess

  • AliyunYundunAegisReadOnlyAccess

-

Anti-DDoS

Anti-DDoS

yundun-ddos

Supported

Supported

service level

  • AliyunYundunDDosFullAccess

  • AliyunYundunDDosReadOnlyAccess

  • AliyunYundunDDoSRewardsReadOnlyAccess

  • AliyunYundunDDoSRewardsFullAccess

-

Anti-DDoS

Anti-DDoS Origin

  • yundun-high

  • yundun-ddoscoo

Supported

Supported

service level

  • AliyunYundunHighFullAccess

  • AliyunYundunHighReadOnlyAccess

-

Anti-DDoS

Anti-DDoS Origin (International)

  • yundun-high

  • yundun-ddoscoo

Supported

service level

  • AliyunYundunAntiDDoSPremiumFullAccess

  • AliyunYundunAntiDDoSPremiumReadOnlyAccess

-

Web Application Firewall (WAF)

Web Application Firewall (WAF)

yundun-waf

Supported

Supported

operation level

  • AliyunYundunWAFFullAccess

  • AliyunYundunWAFReadOnlyAccess

  • AliyunYundunWAFv3FullAccess

  • AliyunYundunWAFv3ReadOnlyAccess

-

Certificate Management Service

-

yundun-cert

Supported

Supported

service level

  • AliyunYundunCertFullAccess

  • AliyunYundunCertReadOnlyAccess

-

Cloud Firewall

-

yundun-cloudfirewall

Supported

Supported

resource level

  • AliyunYundunCloudFirewallReadOnlyAccess

  • AliyunYundunCloudFirewallFullAccess

RAM authorization for Cloud Firewall

Managed Security Service (MSSP)

-

mssp

Supported

service level

-

-

Content Moderation

-

yundun-greenweb

Supported

Supported

service level

  • AliyunYundunGreenWebFullAccess

  • AliyunYundunGreenWebConsoleOnlyAccess

  • AliyunYundunGreenWebReadOnlyAccess

-

Bastionhost

Bastionhost

yundun-bastionhost

Supported

service level

  • AliyunYundunBastionHostFullAccess

  • AliyunYundunBastionHostReadOnlyAccess

  • AliyunYundunBastionHostOperateOnlyAccess

  • AliyunYundunBastionHostAuditOnlyAccess

-

Data Security Center (DSC)

-

yundun-sddp

Supported

Supported

service level

  • AliyunYundunSDDPFullAccess

  • AliyunYundunSDDPReadOnlyAccess

  • AliyunYundunSDDPDataManager

-

Identity as a Service (IDaaS)

Identity as a Service (IDaaS)

yundun-idaas

Supported

operation level

  • AliyunYundunIdaasFullAccess

  • AliyunYundunIdaasReadOnlyAccess

-

Key Management Service (KMS)

-

kms

Supported

Supported

resource level

  • AliyunKMSFullAccess

  • AliyunKMSReadOnlyAccess

  • AliyunKMSSecretUserAccess

  • AliyunKMSCryptoAdminAccess

  • AliyunKMSCryptoUserAccess

  • AliyunKMSSecretAdminAccess

RAM authorization for KMS

Resource Access Management (RAM)

Resource Access Management (RAM)

  • ram

  • sts

  • ims

Supported

Supported

resource level

  • AliyunRAMFullAccess

  • AliyunRAMReadOnlyAccess

RAM authorization

Resource Access Management (RAM)

CloudSSO

cloudsso

Supported

resource level

  • AliyunCloudSSOReadOnlyAccess

  • AliyunCloudSSOFullAccess

-

ActionTrail

-

actiontrail

Supported

Supported

operation level

-

RAM authorization for ActionTrail

Support and services

Service

Sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Ticket

-

support

Supported

Supported

service level

AliyunSupportFullAccess

-

Alibaba Cloud Marketplace

Service

Sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Alibaba Cloud Marketplace

-

acm

Supported

Unsupported

service level

AliyunMarketplaceFullAccess

-

Other

Service

Sub-module

RAM code

Console

API

Authorization granularity

System policies

References

Billing Management

-

  • bss

  • bssapi

  • efc

Supported

Supported

operation level

  • AliyunBSSFullAccess

  • AliyunBSSReadOnlyAccess

  • AliyunBSSOrderAccess

  • AliyunBSSRefundAccess

  • AliyunBSSRenewReadOnlyAccess

  • AliyunBSSRenewFullAccess

  • AliyunBSSCartReadOnlyAccess

  • AliyunBSSCartFullAccess

  • AliyunBSSMyFreetierFullAccess

-

ICP Filing

-

  • beian

  • bsn

Supported

Unsupported

service level

AliyunBeianFullAccess

-