If you want to use a RAM user to perform operations, such as purchasing resources or modifying resource configurations of fully managed Flink, you must grant the required permissions to the RAM user by using an Alibaba Cloud account. The RAM user can be used to access the Realtime Compute for Apache Flink console and perform operations in the console only after the RAM user is granted the required permissions by the Alibaba Cloud account. This topic describes how to authorize a RAM user to access the Realtime Compute for Apache Flink console and perform operations in the console.
Background information
Policy | Description |
---|---|
AliyunStreamFullAccess (system policy) | This policy includes all permissions that are described in Permissions. |
AliyunStreamReadOnlyAccess (system policy) | This policy allows you to access the Realtime Compute for Apache Flink service in read-only mode. This policy includes only the following permissions that are described in Permissions: DescribeInstances, QueryCreateInstancePrice, QueryRenewInstancePrice, QueryModifyInstancePrice, QueryConvertPostpayInstancePrice, and DescribeNamespaces. |
Custom policies | You can use a custom policy to grant one or more permissions to a RAM user. Custom policies implement flexible and fine-grained permission management. |
- System policy: System policies are created by Alibaba Cloud. You can use these policies but cannot modify these policies. The updates of the policies are maintained by Alibaba Cloud.
- Custom policy: You can create, update, and delete custom policies and maintain the updates of these policies.
Prerequisites
A RAM user is created. If you have not created a RAM user, follow the instructions provided in Create a RAM user to create a RAM user.
Procedure
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
- In the Add Permissions panel, grant permissions to the RAM user.
- Click OK.
- Click Complete.
Permissions
- {#regionId}: the ID of the region in which the desired fully managed Flink instance resides.
- {#accountId}: the ID of the Alibaba Cloud account.
- {#instanceId}: the ID of the desired fully managed Flink instance.
- {#namespace}: the name of the desired workspace.
Item | Permission | Configuration of Action and Resource |
---|---|---|
Fully managed Flink instance | Purchase a fully managed Flink instance |
|
Release a pay-as-you-go fully managed Flink instance |
|
|
Renew a fully managed Flink instance |
|
|
Scale a fully managed Flink instance |
|
|
Change the billing method of a fully managed Flink instance |
|
|
View information of a fully managed Flink instance |
|
|
Query the price for creating a fully managed Flink instance |
|
|
Query the price for renewing a fully managed Flink instance |
|
|
Query the price for scaling a fully managed Flink instance |
|
|
Query the price for changing the billing method of a fully managed Flink instance from pay-as-you-go to subscription |
|
|
Workspace | Create a workspace |
|
Delete a workspace |
|
|
Modify workspace resources |
|
|
View information of a workspace |
|