Services that work with RAM - Resource Access Management

This topic lists the Alibaba Cloud services that work with Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.

Overview

Each table in this topic contains the following columns:

Alibaba Cloud service: the name of the cloud service that supports RAM.
Sub-service or sub-module: the sub-service or sub-module of the cloud service. A hyphen (-) indicates none.
RAM code: the code that is used in RAM to indicate the cloud service.
Console: indicates whether RAM can be used to implement access control in the console of the service. A tick (√) indicates that RAM is supported. A cross (×) indicates that RAM is not supported. A circle (○) indicates that no console is provided for that service.
API: indicates whether RAM can be used to implement access control by calling the API of the service. A tick (√) indicates that RAM is supported by calling the API of the service. A cross (×) indicates that RAM is not supported by calling the API of the service. A circle (○) indicates that no API is provided for that service.
Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.
The following authorization granularity is defined:
- Service: You can control whether RAM users can access the service. You can grant RAM users or RAM roles the permissions to access all or none of the resources in the service.
- Operation: You can control whether RAM users or RAM roles can perform specific operations on a specific type of resource in the service.
- Resource: You can control whether RAM users can perform a specific operation on a specific resource in the service. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.
System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided for the service.
References: the topics that are related to both RAM and the service. A hyphen (-) indicates that no topics are related to RAM or the service.

Elastic computing

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
ECS	ECS	ecs	✓	✓	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess AliyunECSWorkbenchFullAccess	Authorization rules
Elastic Block Storage (EBS)	EBS	ecs	✓	✓	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	-
EBS	EBS	ebs	✓	✓	Resource	AliyunEBSFullAccess AliyunEBSReadOnlyAccess	-
ECS	Elastic GPU Service	ecs	✓	✓	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authorization rules
ECS	ECS Bare Metal Instance	ecs	✓	✓	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authorization rules
ECS	Super Computing Cluster	ecs	✓	✓	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authorization rules
ECS	Dedicated Host (DDH)	ecs	✓	✓	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authorization rules
ECS	Alibaba Cloud Linux 2	ecs	✓	✓	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authorization rules
Auto Scaling	-	ess	✓	✓	Operation	AliyunESSFullAccess AliyunESSReadOnlyAccess	API usage notes
Container Service for Kubernetes (ACK)	-	cs	✓	✓	Resource	AliyunCSFullAccess AliyunCSReadOnlyAccess	RAM authorization
Batch Compute	-	batchcompute	✓	✓	Service	-	-
Resource Orchestration Service (ROS)	-	ros	✓	✓	Resource	AliyunROSFullAccess AliyunROSReadOnlyAccess	Use RAM to control access to resources
Function Compute	-	fc	✓	✓	Resource	AliyunFCFullAccess AliyunFCReadOnlyAccess AliyunFCInvocationAccess	Grant permissions across Alibaba Cloud accounts by using RAM roles
Simple Application Server	-	swas	✓	○	Service	AliyunSWASFullAccess	-
Elastic High Performance Computing (E-HPC)	-	ehpc	✓	✓	Service	AliyunEHPCFullAccess AliyunEHPCReadOnlyAccess	-
Container Registry	-	cr	✓	✓	Resource	AliyunContainerRegistryFullAccess AliyunContainerRegistryReadOnlyAccess	RAM authentication rules
Elastic Desktop Service (EDS)	EDS	ecd	✓	✓	Operation	AliyunECDFullAccess AliyunECDReadOnlyAccess AliyunECDRamUserAccess AliyunECDTagFullAccess AliyunECDOfficeSiteFullAccess AliyunECDUserFullAccess AliyunECDPolicyGroupFullAccess AliyunECDDesktopFullAccess AliyunECDTechnicalSupportFullAccess	Attach an EDS system policy to a RAM user
Elastic Container Instance	-	eci	✓	✓	Resource	AliyunECIFullAccess AliyunECIReadOnlyAccess	Grant permissions to a RAM user
CloudFlow	-	fnf	✓	✓	Resource	AliyunFnFFullAccess AliyunFnFReadOnlyAccess	RAM authorization
Web App Service	-	webplus	✓	✓	Operation	AliyunWebPlusFullAccess AliyunWebPlusReadOnlyAccess	-
Compute Nest	-	computenest computenestsupplier	✓	○	Resource	AliyunComputeNestSupplierFullAccess AliyunComputeNestUserFullAccess AliyunComputeNestUserReadOnlyAccess AliyunComputeNestSupplierReadOnlyAccess	-
Alibaba Cloud Distributed Cloud Container Platform (ACK One)	-	adcp	✓	✓	Operation	AliyunAdcpFullAccess AliyunAdcpReadOnlyAccess	-

Databases

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
ApsaraDB RDS	ApsaraDB RDS	rds	✓	✓	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess AliyunRDSGADFullAccess AliyunRDSGADReadOnlyAccess AliyunRDSReadOnlyWithSQLLogArchiveAccess	Use RAM for resource authorization
ApsaraDB RDS	ApsaraDB RDS for MySQL	rds	✓	✓	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess	Use RAM for resource authorization
ApsaraDB RDS	ApsaraDB RDS for SQL Server	rds	✓	✓	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess	Use RAM for resource authorization
ApsaraDB RDS	ApsaraDB RDS for PostgreSQL	rds	✓	✓	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess	Use RAM for resource authorization
ApsaraDB RDS	ApsaraDB for MyBase	rds	✓	✓	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess	-
ApsaraDB for Redis	-	kvstore	✓	✓	Resource	AliyunKvstoreFullAccess AliyunKvstoreReadOnlyAccess	RAM authorization
ApsaraDB for MongoDB	-	dds	✓	✓	Resource	AliyunMongoDBFullAccess AliyunMongoDBReadOnlyAccess	-
AnalyticDB for PostgreSQL	-	gpdb	✓	✓	Resource	AliyunGPDBFullAccess AliyunGPDBReadOnlyAccess	-
Data Transmission Service (DTS)	-	dts	✓	✓	Operation	AliyunDTSFullAccess AliyunDTSReadOnlyAccess	Use a system policy to authorize a RAM user to manage DTS instances
Data Management (DMS)	-	dms	✓	✓	Service	AliyunDMSFullAccess AliyunDMSReadOnlyAccess	Authorize DMS to access Alibaba Cloud resources
AnalyticDB for MySQL	-	adb	✓	✓	Operation	AliyunADBFullAccess AliyunADBReadOnlyAccess AliyunADBDeveloperAccess	Manage RAM users and permissions
PolarDB for Xscale (PolarDB-X)	-	drds polardbx	✓	✓	Resource	AliyunDRDSReadOnlyAccess AliyunDRDSFullAccess AliyunDRDSReadOnlyWithSQLLogArchiveAccess	Use RAM for resource authorization
ApsaraDB for HBase	-	hbase	✓	✓	Resource	AliyunHBaseFullAccess AliyunHBaseReadOnlyAccess	Customize a RAM policy
Advanced Database & Application Migration (ADAM)	-	adam	✓	○	Service	AliyunADAMReadOnlyAccess AliyunADAMFullAccess	Logon accounts
PolarDB	-	polardb	✓	✓	Operation	AliyunPolardbReadOnlyAccess AliyunPolardbFullAccess AliyunPolardbReadOnlyWithSQLLogArchiveAccess	Create and grant permissions to a RAM user
Database Backup (DBS)	-	dbs	✓	✓	Service	AliyunDBSFullAccess AliyunDBSReadOnlyAccess	-
Database Autonomy Service (DAS)	-	hdm	✓	✓	Service	AliyunHDMReadOnlyAccess AliyunHDMFullAccess AliyunHDMReadOnlyWithSQLLogArchiveAccess	How do I use DAS as a RAM user?
Data Lake Analytics (DLA)	-	openanalytics	✓	✓	Resource	AliyunDLAFullAccess AliyunDLAReadOnlyAccess AliyunDLADeveloperAccess	Grant RAM users fine-grained permissions to access DLA
ApsaraDB for OceanBase	-	oceanbase	✓	○	Service	AliyunOceanBaseFullAccess AliyunOceanBaseReadOnlyAccess	-
ApsaraDB for Cassandra	-	cassandra	✓	✓	Resource	AliyunCassandraFullAccess AliyunCassandraReadOnlyAccess	Manage RAM users
LedgerDB	-	ledgerdb	✓	✓	Resource	AliyunLedgerDBFullAccess AliyunLedgerDBReadOnlyAccess	RAM user authorization
ApsaraDB for ClickHouse	-	clickhouse	✓	✓	Resource	AliyunClickHouseFullAccess AliyunClickHouseReadOnlyAccess	Authorize RAM users to access resources
Database Gateway (DG)	-	dg	✓	✓	Resource	AliyunDGFullAccess AliyunDGReadOnlyAccess	-

Storage

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Object Storage Service (OSS)	-	oss	✓	✓	Resource	AliyunOSSFullAccess AliyunOSSReadOnlyAccess AliyunOSSImportReadOnlyAccess AliyunOSSImportFullAccess	RAM policies
Apsara File Storage NAS (NAS)	-	nas	✓	✓	Resource	AliyunNASFullAccess AliyunNASReadOnlyAccess	Perform access control based on RAM policies
Tablestore (OTS)	-	ots	✓	✓	Resource	AliyunOTSFullAccess AliyunOTSReadOnlyAccess AliyunOTSWriteOnlyAccess	Configure a custom policy
Cloud Storage Gateway (CSG)	-	hcs-sgw	✓	✓	Service	AliyunHCSSGWFullAccess	Use RAM to implement account-based access control
Cloud Backup	-	hbr	✓	✓	Resource	AliyunHBRFullAccess AliyunHBRReadOnlyAccess	Create a RAM user and authorize the RAM user to access Cloud Backup
Hybrid Cloud Storage Array (CSA)	CSA	hgw	✓	○	Operation	AliyunHgwFullAccess AliyunHgwReadOnlyAccess	-
CSA	Remote Service	asrs	✓	○	Resource	ASRSFullAccess ASRSReadonlyAccess	-

Cloud communications

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Short Message Service (SMS)

dysms

✓

Service

Network

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Virtual Private Cloud (VPC)	-	vpc	✓	✓	Resource	AliyunVPCFullAccess AliyunVPCReadOnlyAccess AliyunVPCNetworkIntelligenceReadOnlyAccess AliyunVPCPrefixListAccess AliyunVPCPrefixListReadOnlyAccess AliyunVpcPeerFullAccess AliyunVpcPeerReadOnlyAccess	RAM authorization
Server Load Balancer (SLB)	SLB	slb	✓	✓	Resource	AliyunSLBReadOnlyAccess AliyunSLBFullAccess	RAM authorization
SLB	Application Load Balancer (ALB)	alb	✓	✓	Resource	AliyunALBFullAccess AliyunALBReadOnlyAccess	-
SLB	Network Load Balancer (NLB)	nlb	✓	✓	Resource	AliyunNLBFullAccess AliyunNLBReadOnlyAccess	-
Express Connect	-	vpc	✓	✓	Resource	AliyunExpressConnectFullAccess AliyunExpressConnectReadOnlyAccess	Custom policies for Express Connect
Elastic IP Address (EIP)	EIP	vpc	✓	✓	Resource	AliyunEIPFullAccess AliyunEIPReadOnlyAccess	Grant permissions to a RAM user
EIP	Anycast Elastic IP Address (Anycast EIP)	eipanycast	✓	✓	Resource	AliyunAnycastEIPFullAccess AliyunAnycastEIPReadOnlyAccess	RAM authorization
NAT Gateway	-	vpc	✓	✓	Resource	AliyunNATGatewayReadOnlyAccess AliyunNATGatewayFullAccess	Grant permissions to a RAM user
VPN Gateway	-	vpc	✓	✓	Resource	AliyunVPNGatewayFullAccess AliyunVPNGatewayReadOnlyAccess	Grant permissions to a RAM user
Internet Shared Bandwidth	-	vpc	✓	✓	Resource	AliyunCommonBandwidthPackageReadOnlyAccess AliyunCommonBandwidthPackageFullAccess	-
Global Accelerator (GA)	-	ga	✓	✓	Resource	AliyunGlobalAccelerationReadOnlyAccess AliyunGlobalAccelerationFullAccess	Grant permissions to a RAM user
Smart Access Gateway (SAG)	-	smartag	✓	✓	Resource	-	RAM authentication
Cloud Enterprise Network (CEN)	-	cen	✓	✓	Resource	AliyunCENReadOnlyAccess AliyunCENFullAccess	RAM authentication
PrivateLink	-	privatelink	✓	✓	Resource	AliyunPrivateLinkFullAccess AliyunPrivateLinkReadOnlyAccess AliyunPrivatelinkEndpointServiceReadOnlyAccess AliyunPrivatelinkEndpointServiceFullAccess AliyunPrivatelinkEndpointReadOnlyAccess AliyunPrivatelinkEndpointFullAccess	RAM authorization
Alibaba Cloud DNS PrivateZone	-	pvtz	✓	✓	Resource	AliyunPvtzFullAccess AliyunPvtzReadOnlyAccess	Grant permissions to a RAM user
Cloud Data Transfer (CDT)	-	cdt	✓	✓	Operation	AliyunCDTFullAccess AliyunCDTReadOnlyAccess	System policies for CDT
VPC peering connection	-	vpc	✓	✓	Resource	AliyunVpcPeerFullAccess AliyunVpcPeerReadOnlyAccess	-
IPv6 Gateway	-	vpc	✓	✓	Resource	AliyunIpv6FullAccess AliyunIpv6ReadOnlyAccess	-

O&M and management

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Application Real-Time Monitoring Service (ARMS)	-	arms	✓	✓	Service	AliyunARMSFullAccess AliyunARMSReadOnlyAccess	Use RAM users to manage permissions
CloudMonitor	-	cms	✓	✓	Operation	AliyunCloudMonitorFullAccess AliyunCloudMonitorReadOnlyAccess AliyunCloudMonitorMetricDataReadOnlyAccess	RAM authentication
Intelligent Advisor	-	advisor-intl	✓	✓	Operation	AliyunAdvisorFullAccess AliyunAdvisorReadOnlyAccess	-
Cloud Shell	-	cloudshell	✓	○	Operation	AliyunCloudShellFullAccess	-
Cloud Config	-	config	✓	✓	Operation	AliyunConfigFullAccess AliyunConfigReadOnlyAccess	RAM user authorization
Logic Composer	-	composer	✓	✓	Resource	AliyunLogicComposerFullAccess AliyunLogicComposerReadOnlyAccess	Grant permissions to a RAM user
CloudOps Orchestration Service (OOS)	-	oos	✓	✓	Resource	AliyunOOSFullAccess AliyunOOSReadOnlyAccess	RAM authorization
Cloud Governance Center (CGC)	CGC	governance	✓	○	Operation	AliyunGovernanceFullAccess AliyunGovernanceReadOnlyAccess	-

Middleware

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Enterprise Distributed Application Service (EDAS)	-	edas	✓	✓	Resource	AliyunEDASFullAccess AliyunEDASReadOnlyAccess AliyunEDASApplicationFullAccess AliyunEDASApplicationReadOnlyAccess AliyunEDASResourceReadOnlyAccess AliyunEDASResourceFullAccess	Manage RAM users
ApsaraMQ	ApsaraMQ for RocketMQ	mq	✓	✓	Resource	AliyunMQFullAccess AliyunMQReadOnlyAccess AliyunMQPubOnlyAccess AliyunMQSubOnlyAccess	Grant permissions to RAM users
ApsaraMQ	ApsaraMQ for MQTT	mq	✓	✓	Resource	AliyunMQFullAccess AliyunMQReadOnlyAccess AliyunMQPubOnlyAccess AliyunMQSubOnlyAccess	Grant permissions to RAM users
ApsaraMQ	ApsaraMQ for RabbitMQ	amqp	✓	✓	Resource	AliyunAMQPFullAccess AliyunAMQPReadOnlyAccess	Grant permissions to RAM users
Message Service (MNS)	-	mns	✓	✓	Resource	AliyunMNSFullAccess AliyunMNSReadOnlyAccess	Authorize a RAM user
Application Configuration Management	-	acms	✓	✓	Resource	AliyunACMFullAccess	Access control
ApsaraMQ for Kafka	-	alikafka	✓	✓	Service	AliyunKafkaFullAccess AliyunKafkaReadOnlyAccess	Grant permissions to RAM users
Application High Availability Service	-	ahas	✓	✓	Service	AliyunAHASFullAccess AliyunAHASReadOnlyAccess	-
Alibaba Cloud Service Mesh (ASM)	-	servicemesh	✓	✓	Resource	AliyunASMFullAccess AliyunASMReadOnlyAccess	Authorization overview
EventBridge	-	eventbridge	✓	✓	Resource	AliyunEventBridgeFullAccess AliyunEventBridgeReadOnlyAccess AliyunEventBridgeResourceCreatePolicy AliyunEventBridgeResourceDeletePolicy AliyunEventBridgeResourceUpdatePolicy AliyunEventBridgePutEventsPolicy	Policies and examples

Media services and CDN

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
CDN	-	cdn	✓	✓	Resource	AliyunCDNFullAccess AliyunCDNReadOnlyAccess	RAM authorization
ApsaraVideo Media Processing (MPS)	-	mts	✓	✓	Service	AliyunMTSFullAccess AliyunMTSPlayerAuth	-
ApsaraVideo VOD (VOD)	-	vod	✓	✓	Operation	AliyunVODFullAccess AliyunVODReadOnlyAccess AliyunVODPlayAuth AliyunVODUploadAuth	-
ApsaraVideo Live	-	live	✓	✓	Resource	AliyunLiveFullAccess AliyunLiveReadOnlyAccess	Authentication rules on API requests
Real-Time Communication	-	rtc	✓	✓	Resource	-	-
Dynamic Content Delivery Network (DCDN)	-	dcdn	✓	✓	Resource	AliyunDCDNFullAccess AliyunDCDNReadOnlyAccess	-

Enterprise applications

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Direct Mail	-	dm	✓	✓	Operation	AliyunDirectMailFullAccess AliyunDirectMailReadOnlyAccess	-
API Gateway	-	apigateway	✓	✓	Service	AliyunApiGatewayFullAccess AliyunApiGatewayReadOnlyAccess	Use RAM to manage the permissions on API resources
Alibaba Mail	-	alimail	✓	○	Operation	AliyunAlimailFullAccess AliyunAlimailReadOnlyAccess	-
Resource Management	Resource Management	resourcemanager	✓	✓	Operation	AliyunResourceDirectoryFullAccess AliyunResourceDirectoryReadOnlyAccess	RAM authorization
Resource Management	Resource Sharing	resourcesharing	✓	✓	Operation	AliyunResourceSharingFullAccess AliyunResourceSharingReadOnlyAccess	-
Resource Management	Tag service	tag	✓	✓	Operation	AliyunTagManagerAccess AliyunTAGReadOnlyAccess AliyunTagAdministratorAccess	Tag
Resource Management	Resource Center	resourcecenter	✓	✓	Operation	AliyunResourceCenterFullAccess AliyunResourceCenterReadOnlyAccess	Grant a RAM user the permissions to use Resource Center
Blockchain as a Service (BaaS)	BaaS	baas	✓	✓	Resource	AliyunBaaSFullAccess AliyunBaaSReadOnlyAccess	Hyperledger Fabric RAM authentication
CloudQuotation (CQ)	-	assettech	✓	○	Service	AliyunCQLoudFullAccess AliyunCQLoudReadOnlyAccess	-
BizWorks	-	bizworks	✓	○	Service	AliyunBizWorksFullAccess AliyunBizWorksReadOnlyAccess	-

Domains and websites

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Alibaba Cloud DNS (DNS)	DNS	alidns	✓	✓	Resource	AliyunDNSFullAccess AliyunDNSReadOnlyAccess	Manage permissions RAM authorization
DNS	Alibaba Cloud Public DNS	pubdns	✓	✓	Resource	AliyunPubDNSReadOnlyAccess AliyunPubDNSFullAccess	-
Domain Names	-	domain	✓	✓	Resource	AliyunDomainFullAccess AliyunDomainReadonlyAccess	Authentication rules for the Domains API

Artificial intelligence

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Intelligent Speech Interaction	Intelligent Speech Interaction	nls	✓	✓	Service	AliyunNLSFullAccess AliyunNLSReadOnlyAccess AliyunNLSSpeechServiceAccess AliyunNLSSlpAccess	-
Platform for AI (PAI)	-	pai	✓	✓	Service	-	-
PAI	-	paiplugin	○	✓	Operation	AliyunPaiPluginFullAccess AliyunPaiPluginReadOnlyAccess	-
Image Search	-	imagesearch	✓	✓	Resource	AliyunImagesearchReadOnlyAccess AliyunImagesearchFullAccess	Grant permissions to RAM users
Machine Translation	-	alimt	✓	✓	Operation	AliyunMTFullAccess AliyunMTReadOnlyAccess	-

IoT

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
IoT Platform	-	iot	✓	✓	Resource	AliyunIOTFullAccess AliyunIOTReadOnlyAccess AliyunIOTConsoleCommonAccess	Access IoT Platform as a RAM user
Link IoT Edge	-	iot	✓	✓	Resource	AliyunIOTFullAccess AliyunIOTReadOnlyAccess AliyunIOTConsoleCommonAccess	Access resources of other Alibaba Cloud services
Lindorm	Time Series Database (TSDB)	hitsdb	✓	✓	Operation	-	-

Big data

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
DataWorks	-	dataworks	✓	✓	Operation	AliyunDataWorksFullAccess AliyunDataWorksReadOnlyAccess AliyunDataWorksExclusiveResourceGroupModify AliyunDataWorksAccessingRdsReadOnlyPolicy AliyunDataWorksAccessingDLFReadOnlyPolicy AliyunDataWorksAccessingEMRReadOnlyPolicy AliyunDataWorksAccessingAlikafkaPolicy	Manage permissions on the DataWorks services and the entities in the DataWorks console by using RAM policies
Quick BI	-	-	✓	✓	Service	-	-
DataV	-	datav	✓	○	Service	AliyunDataVFullAccess	-
Realtime Compute for Apache Flink	-	stream	✓	✓	Resource	AliyunStreamFullAccess AliyunStreamReadOnlyAccess	Grant permissions to a RAM user
Elasticsearch	-	elasticsearch	✓	✓	Resource	AliyunElasticsearchReadOnlyAccess AliyunElasticsearchFullAccess AliyunElasticsearchServerlessFullAccess AliyunElasticsearchServerlessReadOnlyAccess	Elasticsearch objects supported for authorization
E-MapReduce (EMR)	E-MapReduce	emr	✓	✓	Service	AliyunEMRFullAccess AliyunEMRFlowAdmin AliyunEMRDevelopAccess AliyunEMRDlsFullAccess AliyunEMRDlsReadOnlyAccess	Grant permissions to RAM users
Simple Log Service	-	log	✓	✓	Resource	AliyunLogFullAccess AliyunLogReadOnlyAccess AliyunLogPutOpenEventPolicy AliyunLogInvokeFCAccess	Authorization rules
Hologres	-	hologram	✓	✓	Resource	AliyunHologresFullAccess AliyunHologresReadOnlyAccess	Grant permissions to a RAM user

Developer services

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Apsara Devops	-	rdc	✓	✓	Resource	AliyunRDCFullAccess AliyunRDCReadOnlyAccess	-
Managed Service for OpenTelemetry	-	xtrace	✓	✓	Operation	AliyunTracingAnalysisFullAccess AliyunTracingAnalysisReadOnlyAccess	-

Security

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Security Center	-	yundun-sas yundun-aegis	✓	✓	Operation	AliyunYundunSASFullAccess AliyunYundunSASReadOnlyAccess	-
Server Guard	-	yundun-aegis	✓	✓	Service	AliyunYundunAegisFullAccess AliyunYundunAegisReadOnlyAccess	-
Anti-DDoS	Anti-DDoS	yundun-ddos	✓	✓	Service	AliyunYundunDDosFullAccess AliyunYundunDDosReadOnlyAccess AliyunYundunDDoSRewardsReadOnlyA AliyunYundunDDoSRewardsFullAccess	-
Anti-DDoS	Anti-DDoS Proxy	yundun-high yundun-ddoscoo	✓	✓	Service	AliyunYundunHighFullAccess AliyunYundunHighReadOnlyAccess	-
Anti-DDoS	Anti-DDoS Proxy (Outside Chinese Mainland)	yundun-high yundun-ddoscoo	✓	○	Service	AliyunYundunAntiDDoSPremiumFullAccess AliyunYundunAntiDDoSPremiumReadOnlyAccess	-
Web Application Firewall (WAF)	WAF	yundun-waf	✓	✓	Operation	AliyunYundunWAFFullAccess AliyunYundunWAFReadOnlyAccess AliyunYundunWAFv3FullAccess AliyunYundunWAFv3ReadOnlyAccess	-
Certificate Management Service	-	yundun-cert	✓	✓	Service	AliyunYundunCertFullAccess AliyunYundunCertReadOnlyAccess	-
Cloud Firewall	-	yundun-cloudfirewall	✓	✓	Service	AliyunYundunCloudFirewallReadOnlyAccess AliyunYundunCloudFirewallFullAccess	-
Managed Security Service (MSSP)	-	mssp	✓	○	Service	-	-
Content Moderation	-	yundun-greenweb	✓	✓	Service	AliyunYundunGreenWebFullAccess AliyunYundunGreenWebConsoleOnlyAccess AliyunYundunGreenWebReadOnlyAccess	-
Bastionhost	Bastionhost	yundun-bastionhost	✓	○	Service	AliyunYundunBastionHostFullAccess AliyunYundunBastionHostReadOnlyAccess AliyunYundunBastionHostOperateOnlyAccess AliyunYundunBastionHostAuditOnlyAccess	-
Data Security Center (DSC)	-	yundun-sddp	✓	✓	Service	AliyunYundunSDDPFullAccess AliyunYundunSDDPReadOnlyAccess AliyunYundunSDDPDataManager	-
Identity as a Service (IDaaS)	IDaaS	yundun-idaas	✓	○	Operation	AliyunYundunIdaasFullAccess AliyunYundunIdaasReadOnlyAccess	-
Key Management Service (KMS)	-	kms	✓	✓	Resource	AliyunKMSFullAccess AliyunKMSReadOnlyAccess AliyunKMSSecretUserAccess AliyunKMSCryptoAdminAccess AliyunKMSCryptoUserAccess AliyunKMSSecretAdminAccess	Use RAM to control access to KMS resources
RAM	RAM	ram sts ims	✓	✓	Resource	AliyunRAMFullAccess AliyunRAMReadOnlyAccess	RAM authorization
RAM	CloudSSO	cloudsso	✓	○	Resource	AliyunCloudSSOReadOnlyAccess AliyunCloudSSOFullAccess	-
ActionTrail	-	actiontrail	✓	✓	Operation	-	RAM account authentication

Technical support

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Ticket Management	-	support	✓	✓	Service	AliyunSupportFullAccess	-

Marketplace

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Alibaba Cloud Marketplace	-	acm	✓	×	Service	AliyunMarketplaceFullAccess	-

Others

Service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Billing Management	-	bss bssapi efc	✓	✓	Operation	AliyunBSSFullAccess AliyunBSSReadOnlyAccess AliyunBSSOrderAccess AliyunBSSRefundAccess AliyunBSSRenewReadOnlyAccess AliyunBSSRenewFullAccess AliyunBSSCartReadOnlyAccess AliyunBSSCartFullAccess AliyunBSSMyFreetierFullAccess	-
ICP Filing	-	beian bsn	✓	○	Service	AliyunBeianFullAccess	-