Services that work with RAM - Resource Access Management

This topic lists the services that work with Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.

Overview

Each table in this topic contains the following columns:

Alibaba Cloud service: the name of the cloud service that supports RAM.
Sub-service or sub-module: the sub-service or sub-module of the cloud service. A hyphen (-) indicates none.
RAM code: the code that is used in RAM to indicate the cloud service.
Console: indicates whether RAM can be used to implement access control in the console of the service. A tick (√) indicates that RAM is supported. A cross (×) indicates that RAM is not supported. A circle (○) indicates that no console is provided for that service.
API: indicates whether RAM can be used to implement access control by calling the API of the service. A tick (√) indicates that RAM is supported by calling the API of the service. A cross (×) indicates that RAM is not supported by calling the API of the service. A circle (○) indicates that no API is provided for that service.
Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.
The following authorization granularity is defined:
- Service: You can control whether RAM users can access the service. You can grant RAM users or RAM roles the permissions to access all or none of the resources in the service.
- Operation: You can control whether RAM users or RAM roles can perform specific operations on a specific type of resource in the service.
- Resource: You can control whether RAM users can perform a specific operation on a specific resource in the service. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.
System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided for the service.
References: the topics that are related to both RAM and the service. A hyphen (-) indicates that no topics are related to RAM or the service.

Elastic computing

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
ECS	ECS	ecs	√	√	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authentication rules
Elastic Block Storage (EBS)	EBS	ecs	√	√	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	-
EBS	EBS	ebs	√	√	Resource	AliyunEBSFullAccess AliyunEBSReadOnlyAccess	-
ECS	Elastic GPU Service	ecs	√	√	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authentication rules
ECS	ECS Bare Metal Instance	ecs	√	√	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authentication rules
ECS	Super Computing Cluster	ecs	√	√	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authentication rules
ECS	Dedicated Host (DDH)	ecs	√	√	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authentication rules
ECS	Alibaba Cloud Linux 2	ecs	√	√	Resource	AliyunECSFullAccess AliyunECSReadOnlyAccess AliyunECSAssistantFullAccess AliyunECSAssistantReadonlyAccess AliyunECSNetworkInterfaceManagementAccess	Authentication rules
Auto Scaling	-	ess	√	√	Operation	AliyunESSFullAccess AliyunESSReadOnlyAccess	API usage instructions
Container Service for Kubernetes (ACK)	-	cs	√	√	Resource	AliyunCSFullAccess AliyunCSReadOnlyAccess	Use sub-accounts
Batch Compute	-	batchcompute	√	√	Service	-	-
Resource Orchestration Service (ROS)	-	ros	√	√	Resource	AliyunROSFullAccess AliyunROSReadOnlyAccess	Use RAM to control resource access
Function Compute	-	fc	√	√	Resource	AliyunFCFullAccess AliyunFCReadOnlyAccess AliyunFCInvocationAccess	Grant permissions across Alibaba Cloud accounts by using a RAM role
Simple Application Server	-	swas	√	○	Service	AliyunSWASFullAccess	-
Elastic High Performance Computing (E-HPC)	-	ehpc	√	√	Service	AliyunEHPCFullAccess AliyunEHPCReadOnlyAccess	-
Container Registry	-	cr	√	√	Resource	AliyunContainerRegistryFullAccess AliyunContainerRegistryReadOnlyAccess	Configure policies for RAM users to access Container Registry
Elastic Desktop Service (EDS)	Wuying Cloud Desktop	ecd	√	√	Operation	AliyunECDFullAccess AliyunECDReadOnlyAccess AliyunECDRamUserAccess	Grant permissions to RAM users
Elastic Container Instance	-	eci	√	√	Resource	AliyunECIFullAccess AliyunECIReadOnlyAccess	Grant permissions to a RAM user
Serverless Workflow (SWF)	-	fnf	√	√	Resource	AliyunFnFFullAccess AliyunFnFReadOnlyAccess	Authorization policy
Web App Service	-	webplus	√	√	Operation	AliyunWebPlusFullAccess AliyunWebPlusReadOnlyAccess	-
Compute Nest	-	computenest computenestsupplier	√	○	Resource	AliyunComputeNestSupplierFullAccess AliyunComputeNestUserFullAccess AliyunComputeNestUserReadOnlyAccess AliyunComputeNestSupplierReadOnlyAccess	-
Distributed Cloud Container Platform for Kubernetes (ACK One)	-	adcp	√	√	Operation	AliyunAdcpFullAccess AliyunAdcpReadOnlyAccess	-

Database

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
ApsaraDB RDS	ApsaraDB RDS	rds	√	√	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess AliyunRDSGADFullAccess AliyunRDSGADReadOnlyAccess	Use RAM for resource authorization
ApsaraDB RDS	ApsaraDB RDS for MySQL	rds	√	√	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess	Use RAM for resource authorization
ApsaraDB RDS	ApsaraDB RDS for SQL Server	rds	√	√	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess	Use RAM for resource authorization
ApsaraDB RDS	ApsaraDB RDS for PostgreSQL	rds	√	√	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess	Use RAM for resource authorization
ApsaraDB RDS	ApsaraDB MyBase	rds	√	√	Resource	AliyunRDSFullAccess AliyunRDSReadOnlyAccess	-
ApsaraDB for Redis	-	kvstore	√	√	Resource	AliyunKvstoreFullAccess AliyunKvstoreReadOnlyAccess	RAM authentication
ApsaraDB for MongoDB	-	dds	√	√	Resource	AliyunMongoDBFullAccess AliyunMongoDBReadOnlyAccess	-
AnalyticDB for PostgreSQL	-	gpdb	√	√	Resource	AliyunGPDBFullAccess AliyunGPDBReadOnlyAccess	Authentication rules for APIs
Data Transmission Service (DTS)	-	dts	√	√	Operation	AliyunDTSFullAccess AliyunDTSReadOnlyAccess	Authorize a RAM user to use DTS
Data Management (DMS)	-	dms	√	√	Service	AliyunDMSFullAccess AliyunDMSReadOnlyAccess	Authorize DMS to access Alibaba Cloud resources
AnalyticDB for MySQL	-	adb	√	√	Operation	AliyunADBFullAccess AliyunADBReadOnlyAccess	RAM users and permissions
PolarDB-X	-	drds polardbx	√	√	Resource	AliyunDRDSReadOnlyAccess AliyunDRDSFullAccess	Use RAM for resource authorization
ApsaraDB for HBase	-	hbase	√	√	Resource	AliyunHBaseFullAccess AliyunHBaseReadOnlyAccess	Use RAM for resource authorization
Advanced Database & Application Migration (ADAM)	-	adam	√	○	Service	AliyunADAMReadOnlyAccess AliyunADAMFullAccess	Authorize a RAM user to log on to the ADAM console
PolarDB	-	polardb	√	√	Operation	AliyunPolardbReadOnlyAccess AliyunPolardbFullAccess	Create and authorize a RAM user
Database Backup (DBS)	-	dbs	√	√	Service	AliyunDBSFullAccess AliyunDBSReadOnlyAccess	-
Database Autonomy Service (DAS)	-	hdm	√	√	Service	AliyunHDMReadOnlyAccess AliyunHDMFullAccess	What do I do if I fail to access DAS as a RAM user due to lack of permissions?
Data Lake Analytics (DLA)	-	openanalytics	√	√	Resource	AliyunDLAFullAccess AliyunDLAReadOnlyAccess AliyunDLADeveloperAccess	Grant RAM users fine-grained permissions to access DLA
ApsaraDB for OceanBase	-	oceanbase	√	○	Service	AliyunOceanBaseFullAccess AliyunOceanBaseReadOnlyAccess	-
ApsaraDB for Cassandra	-	cassandra	√	√	Resource	AliyunCassandraFullAccess AliyunCassandraReadOnlyAccess	Manage RAM users
LedgerDB	-	ledgerdb	√	√	Resource	AliyunLedgerDBFullAccess AliyunLedgerDBReadOnlyAccess	RAM user authorization
ApsaraDB for ClickHouse	-	clickhouse	√	√	Resource	AliyunClickHouseFullAccess AliyunClickHouseReadOnlyAccess	RAM-based authorization
Database Gateway (DG)	-	dg	√	√	Resource	AliyunDGFullAccess AliyunDGReadOnlyAccess	-

Storage

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Object Storage Service (OSS)	-	oss	√	√	Resource	AliyunOSSFullAccess AliyunOSSReadOnlyAccess	Overview
Apsara File Storage NAS (NAS)	-	nas	√	√	Resource	AliyunNASFullAccess AliyunNASReadOnlyAccess	Perform access control based on RAM policies
Tablestore	-	ots	√	√	Resource	AliyunOTSFullAccess AliyunOTSReadOnlyAccess AliyunOTSWriteOnlyAccess	Custom permissions
Cloud Storage Gateway (CSG)	-	hcs-sgw	√	√	Service	AliyunHCSSGWFullAccess	Use RAM to implement account-based access control
Hybrid Backup Recovery (HBR)	-	hbr	√	√	Resource	AliyunHBRFullAccess AliyunHBRReadOnlyAccess	Create a RAM user and authorize the RAM user to access HBR
Hybrid Cloud Storage	Hybrid Cloud Storage	hgw	√	○	Operation	AliyunHgwFullAccess AliyunHgwReadOnlyAccess	-
Hybrid Cloud Storage	Remote Service	asrs	√	○	Resource	ASRSFullAccess ASRSReadonlyAccess	-

Cloud communications

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Short Message Service (SMS)

dysms

√

Service

Networking

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Virtual private cloud (VPC)	-	vpc	√	√	Resource	AliyunVPCFullAccess AliyunVPCReadOnlyAccess	RAM user authorization
Server Load Balancer (SLB)	SLB	slb	√	√	Resource	AliyunSLBReadOnlyAccess AliyunSLBFullAccess	Authorize a RAM user
SLB	Application Load Balancer (ALB)	alb	√	√	Resource	AliyunALBFullAccess AliyunALBReadOnlyAccess	-
SLB	Network Load Balancer (NLB)	nlb	√	√	Resource	AliyunNLBFullAccess AliyunNLBReadOnlyAccess	-
Express Connect	-	vpc	√	√	Resource	AliyunExpressConnectFullAccess AliyunExpressConnectReadOnlyAccess	System policies and sample custom policies for Express Connect
Elastic IP Address (EIP)	EIP	vpc	√	√	Resource	AliyunEIPFullAccess AliyunEIPReadOnlyAccess	RAM user authorization
EIP	Anycast Elastic IP Address (Anycast EIP)	eipanycast	√	√	Resource	AliyunAnycastEIPFullAccess AliyunAnycastEIPReadOnlyAccess	RAM authorization
NAT Gateway	-	vpc	√	√	Resource	AliyunNATGatewayReadOnlyAccess AliyunNATGatewayFullAccess	RAM user authorization
VPN Gateway	-	vpc	√	√	Resource	AliyunVPNGatewayFullAccess AliyunVPNGatewayReadOnlyAccess	RAM user authorization
EIP Bandwidth Plan	-	vpc	√	√	Resource	AliyunCommonBandwidthPackageReadOnlyAccess AliyunCommonBandwidthPackageFullAccess	-
Global Accelerator	-	ga	√	√	Resource	AliyunGlobalAccelerationReadOnlyAccess AliyunGlobalAccelerationFullAccess	RAM user authorization
Smart Access Gateway (SAG)	-	smartag	√	√	Resource	-	RAM authentication
Cloud Enterprise Network (CEN)	-	cen	√	√	Resource	AliyunCENReadOnlyAccess AliyunCENFullAccess	RAM authentication
PrivateLink	-	privatelink	√	√	Resource	AliyunPrivateLinkFullAccess AliyunPrivateLinkReadOnlyAccess	RAM user authorization
Alibaba Cloud DNS PrivateZone	-	pvtz	√	√	Resource	AliyunPvtzFullAccess AliyunPvtzReadOnlyAccess	RAM
Cloud Data Transfer (CDT)	-	cdt	√	√	Operation	AliyunCDTFullAccess AliyunCDTReadOnlyAccess	RAM permission policy
VPC peering connection	-	vpc	√	√	Resource	AliyunVpcPeerFullAccess AliyunVpcPeerReadOnlyAccess	-
IPv6 Gateway	-	vpc	√	√	Resource	AliyunIpv6FullAccess AliyunIpv6ReadOnlyAccess	-

O&M management

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Application Real-Time Monitoring Service (ARMS)	-	arms	√	√	Service	AliyunARMSFullAccess AliyunARMSReadOnlyAccess	Grant different permissions to RAM users
CloudMonitor	-	cms	√	√	Operation	AliyunCloudMonitorFullAccess AliyunCloudMonitorReadOnlyAccess AliyunCloudMonitorMetricDataReadOnlyAccess	Control permissions of RAM users
Intelligent Advisor	-	advisor-intl	√	√	Operation	AliyunAdvisorFullAccess AliyunAdvisorReadOnlyAccess	-
Cloud Shell	-	cloudshell	√	○	Operation	-	-
Cloud Config	-	config	√	√	Operation	AliyunConfigFullAccess AliyunConfigReadOnlyAccess	RAM user authorization
Logic Composer	-	composer	√	√	Resource	AliyunLogicComposerFullAccess AliyunLogicComposerReadOnlyAccess	Grant permissions to a RAM user
Operation Orchestration Service (OOS)	-	oos	√	√	Resource	AliyunOOSFullAccess AliyunOOSReadOnlyAccess	RAM authorization policies
Cloud Governance Center	Cloud Governance Center	governance	√	○	Operation	AliyunGovernanceFullAccess AliyunGovernanceReadOnlyAccess	-

Middleware

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Enterprise Distributed Application Service (EDAS)	-	edas	√	√	Resource	AliyunEDASFullAccess AliyunEDASReadOnlyAccess AliyunEDASApplicationFullAccess AliyunEDASApplicationReadOnlyAccess AliyunEDASResourceReadOnlyAccess AliyunEDASResourceFullAccess	Manage RAM users
Message Queue	Message Queue for Apache RocketMQ	mq	√	√	Resource	AliyunMQFullAccess AliyunMQReadOnlyAccess AliyunMQPubOnlyAccess AliyunMQSubOnlyAccess	Grant permissions to RAM users
Message Queue	Message Queue for MQTT	mq	√	√	Resource	AliyunMQFullAccess AliyunMQReadOnlyAccess AliyunMQPubOnlyAccess AliyunMQSubOnlyAccess	Grant permissions to RAM users
Message Queue	Message Queue for RabbitMQ	amqp	√	√	Resource	AliyunAMQPFullAccess AliyunAMQPReadOnlyAccess	Grant permissions to RAM users
Message Service	-	mns	√	√	Resource	AliyunMNSFullAccess AliyunMNSReadOnlyAccess	Create a custom policy
Application Configuration Management	-	acms	√	√	Resource	AliyunACMFullAccess	Access control
Message Queue for Apache Kafka	-	alikafka	√	√	Service	AliyunKafkaFullAccess AliyunKafkaReadOnlyAccess	Grant permissions to RAM users
Application High Availability Service	-	ahas	√	√	Service	AliyunAHASFullAccess AliyunAHASReadOnlyAccess	-
Alibaba Cloud Service Mesh (ASM)	-	servicemesh	√	√	Resource	-	Overview
EventBridge	-	eventbridge	√	√	Resource	AliyunEventBridgeFullAccess AliyunEventBridgeReadOnlyAccess AliyunEventBridgeResourceCreatePolicy AliyunEventBridgeResourceDeletePolicy AliyunEventBridgeResourceUpdatePolicy AliyunEventBridgePutEventsPolicy	Policies

Media services and CDN

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
CDN	-	cdn	√	√	Resource	AliyunCDNFullAccess AliyunCDNReadOnlyAccess	RAM authentication
ApsaraVideo Media Processing (MPS)	-	mts	√	√	Service	AliyunMTSFullAccess AliyunMTSPlayerAuth	-
ApsaraVideo VOD (VOD)	-	vod	√	√	Operation	AliyunVODFullAccess AliyunVODReadOnlyAccess AliyunVODPlayAuth AliyunVODUploadAuth	-
ApsaraVideo Live	-	live	√	√	Resource	AliyunLiveFullAccess AliyunLiveReadOnlyAccess	Sub-account console operating instructions
Real-Time Communication	-	rtc	√	√	Resource	-	-
Dynamic Route for CDN (DCDN)	-	dcdn	√	√	Resource	AliyunDCDNFullAccess AliyunDCDNReadOnlyAccess	-

Enterprise applications

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Direct Mail	-	dm	√	√	Operation	AliyunDirectMailFullAccess AliyunDirectMailReadOnlyAccess	-
API Gateway	-	apigateway	√	√	Service	AliyunApiGatewayFullAccess AliyunApiGatewayReadOnlyAccess	Use RAM to manage user permissions for API Gateway
Alibaba Mail	-	alimail	√	○	Operation	AliyunAlimailFullAccess AliyunAlimailReadOnlyAccess	-
Resource Management	Resource Management	resourcemanager	√	√	Operation	AliyunResourceDirectoryFullAccess AliyunResourceDirectoryReadOnlyAccess	RAM authorization
Resource Management	Resource Sharing	resourcesharing	√	√	Operation	AliyunResourceSharingFullAccess AliyunResourceSharingReadOnlyAccess	-
Resource Management	the Tag service	tag	√	√	Operation	AliyunTagManagerAccess AliyunTAGReadOnlyAccess AliyunTagAdministratorAccess	Tag
Resource Management	Resource Center	resourcecenter	√	√	Operation	AliyunResourceCenterFullAccess AliyunResourceCenterReadOnlyAccess	Permissions for a RAM user to access Resource Center
BaaS	BaaS	baas	√	√	Resource	AliyunBaaSFullAccess AliyunBaaSReadOnlyAccess	Hyperledger Fabric RAM authentication
CloudQuotation (CQ)	-	assettech	√	○	Service	AliyunCQLoudFullAccess AliyunCQLoudReadOnlyAccess	-
BizWorks	-	bizworks	√	○	Service	AliyunBizWorksFullAccess AliyunBizWorksReadOnlyAccess	-

Domains and websites

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Alibaba Cloud DNS (DNS)	DNS	alidns	√	√	Resource	AliyunDNSFullAccess AliyunDNSReadOnlyAccess	RAM authorization
DNS	Alibaba Cloud Public DNS	pubdns	√	√	Resource	AliyunPubDNSReadOnlyAccess AliyunPubDNSFullAccess	-
Domains	-	domain	√	√	Resource	AliyunDomainFullAccess	Authentication rules for the Domains API

Artificial intelligence

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Intelligent Speech Interaction	Intelligent Speech Interaction	nls	√	√	Service	AliyunNLSFullAccess AliyunNLSReadOnlyAccess	-
Machine Learning	-	pai	√	√	Service	-	-
Machine Learning	-	paiplugin	○	√	Operation	AliyunPaiPluginFullAccess AliyunPaiPluginReadOnlyAccess	-
Image search	-	imagesearch	√	√	Resource	AliyunImagesearchReadOnlyAccess AliyunImagesearchFullAccess	Grant permissions to RAM users
Machine Translation	-	alimt	√	√	Operation	AliyunMTFullAccess AliyunMTReadOnlyAccess	-

IoT

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
IoT Platform	-	iot	√	√	Resource	AliyunIOTFullAccess AliyunIOTReadOnlyAccess	RAM user access
Link IoT Edge	-	iot	√	√	Resource	AliyunIOTFullAccess AliyunIOTReadOnlyAccess	Access resources of other Alibaba Cloud services
Lindorm	Time Series Database (TSDB)	hitsdb	√	√	Operation	-	-

Big data

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
DataWorks	-	dataworks	√	√	Operation	AliyunDataWorksFullAccess	Manage permissions on the DataWorks services and the entities in the DataWorks console by using RAM policies
Quick BI	-	-	√	√	Service	-	-
DataV	-	datav	√	○	Service	AliyunDataVFullAccess	-
Realtime Compute for Apache Flink	-	stream	√	√	Resource	AliyunStreamFullAccess AliyunStreamReadOnlyAccess	Grant permissions to a RAM user
Elasticsearch	-	elasticsearch	√	√	Resource	AliyunElasticsearchReadOnlyAccess AliyunElasticsearchFullAccess	Types of resources that can be authorized
E-MapReduce	E-MapReduce	emr	√	√	Service	AliyunEMRFullAccess AliyunEMRFlowAdmin AliyunEMRDevelopAccess	-
Log Service	-	log	√	√	Resource	AliyunLogFullAccess AliyunLogReadOnlyAccess	RAM authentication rules
Hologres	-	hologram	√	√	Resource	AliyunHologresFullAccess AliyunHologresReadOnlyAccess	Grant permissions to a RAM user

Developer services

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Apsara Devops	-	rdc	√	√	Resource	AliyunRDCFullAccess AliyunRDCReadOnlyAccess	-
Tracing Analysis	-	xtrace	√	√	Operation	AliyunTracingAnalysisFullAccess AliyunTracingAnalysisReadOnlyAccess	-

Security

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Security Center	-	yundun-sas yundun-aegis	√	√	Operation	AliyunYundunSASFullAccess AliyunYundunSASReadOnlyAccess	-
Server Guard	-	yundun-aegis	√	√	Service	AliyunYundunAegisFullAccess AliyunYundunAegisReadOnlyAccess	-
Anti-DDoS	Anti-DDoS	yundun-ddos	√	√	Service	AliyunYundunDDosFullAccess AliyunYundunDDosReadOnlyAccess	-
Anti-DDoS	Anti-DDoS Pro	yundun-high yundun-ddoscoo	√	√	Service	AliyunYundunHighFullAccess AliyunYundunHighReadOnlyAccess	-
Anti-DDoS	Anti-DDoS Premium	yundun-high yundun-ddoscoo	√	○	Service	AliyunYundunAntiDDoSPremiumFullAccess AliyunYundunAntiDDoSPremiumReadOnlyAccess	-
GameShield	-	yundun-gameshield	√	○	Service	AliyunYundunGameShieldReadOnlyAccess	-
Web Application Firewall (WAF)	WAF	yundun-waf	√	√	Operation	AliyunYundunWAFFullAccess AliyunYundunWAFReadOnlyAccess	-
Certificate Management Service	-	yundun-cert	√	√	Service	AliyunYundunCertFullAccess AliyunYundunCertReadOnlyAccess	-
Cloud Firewall	-	yundun-cloudfirewall	√	√	Service	AliyunYundunCloudFirewallReadOnlyAccess AliyunYundunCloudFirewallFullAccess	-
Managed Security Service (MSSP)	-	mssp	√	○	Service	-	-
Content Moderation	-	yundun-greenweb	√	√	Service	AliyunYundunGreenWebFullAccess	-
Bastionhost	Bastionhost	yundun-bastionhost	√	○	Service	AliyunYundunBastionHostFullAccess AliyunYundunBastionHostReadOnlyAccess AliyunYundunBastionHostOperateOnlyAccess AliyunYundunBastionHostAuditOnlyAccess	-
Data Security Center (DSC)	-	yundun-sddp	√	√	Service	AliyunYundunSDDPFullAccess AliyunYundunSDDPReadOnlyAccess	-
Identity as a Service (IDaaS)	IDaaS	yundun-idaas	√	○	Operation	AliyunYundunIdaasFullAccess AliyunYundunIdaasReadOnlyAccess	-
Key Management Service (KMS)	-	kms	√	√	Resource	AliyunKMSFullAccess AliyunKMSReadOnlyAccess AliyunKMSCryptoAccess	Use RAM to control access to KMS resources
RAM	RAM	ram sts ims	√	√	Resource	AliyunRAMFullAccess AliyunRAMReadOnlyAccess	RAM authentication
RAM	CloudSSO	cloudsso	√	○	Resource	AliyunCloudSSOReadOnlyAccess AliyunCloudSSOFullAccess	-
ActionTrail	-	actiontrail	√	√	Operation	-	RAM account authentication

Technical support

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Ticket Management	-	support	√	√	Service	AliyunSupportFullAccess	-

Alibaba Cloud Marketplace

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Alibaba Cloud Marketplace	-	acm	√	×	Service	AliyunMarketplaceFullAccess	-

Others

Alibaba Cloud service	Sub-service or sub-module	RAM code	Console	API	Authorization granularity	System policy	References
Billing Management	-	bss bssapi efc	√	√	Operation	AliyunBSSFullAccess AliyunBSSReadOnlyAccess AliyunBSSOrderAccess AliyunBSSRefundAccess AliyunBSSRenewReadOnlyAccess AliyunBSSRenewFullAccess	-
ICP Filing	-	beian bsn	√	○	Service	AliyunBeianFullAccess	-