All Products
Search

This Product

    Resource Management:Service-linked role for Resource Center

    Document Center

    Resource Management:Service-linked role for Resource Center

    Last Updated:Oct 10, 2025

    This topic describes how to create a service-linked role for Resource Center, view the information about the service-linked role, and delete the service-linked role.

    Overview

    A service-linked role is a Resource Access Management (RAM) role whose trusted entity is an Alibaba Cloud service. This role is designed to enable secure, cross-service access. The following table provides information about the service-linked role for Resource Center.

    Service-linked role for Resource Center

    Service identifier

    Permission policy

    AliyunServiceRoleForResourceMetaCenter

    rmc.resourcemanager.aliyuncs.com

    AliyunServiceRolePolicyForResourceMetaCenter

    AliyunServiceRoleForResourceCenterDelivery

    delivery.resourcecenter.aliyuncs.com

    AliyunServiceRolePolicyForResourceCenterDelivery

    For more information, see Service-linked roles.

    AliyunServiceRoleForResourceMetaCenter

    Scenarios

    Resource Center assumes this service-linked role to access resources in other cloud services. This provides a global view of your resources and enables resource search across accounts, services, or regions.

    Each time Resource Center retrieves cloud resources, an event is generated and recorded in ActionTrail. This facilitates security compliance auditing in the future.

    Create the service-linked role

    The system automatically creates the service-linked role when you perform the following operations:

    • Activate Resource Center. In this case, the system creates the service-linked role within the current logon account. For more information, see Activate Resource Center.

    • Enable the cross-account resource search feature. In this case, the system creates the service-linked role for each member in your resource directory. For more information, see Enable cross-account resource search.

    View the information about the service-linked role

    After the service-linked role is created, you can go to the Roles page of the RAM console and search for AliyunServiceRoleForResourceMetaCenter. Then, you can view the following information about the service-linked role on the role details page:

    • Basic information

      In the Basic Information section, you can view the basic information about the role, such as the name, creation time, Alibaba Cloud Resource Name (ARN), and description.

    • Permission policy

      On the Permissions tab, you can click the policy name AliyunServiceRolePolicyForResourceMetaCenter to view the policy document.

      Note

      You cannot view the permission policy that is attached to a service-linked role on the Policies page of the RAM console. You can view the permission policy only on the role details page.

    • Trust policy

      On the Trust Policy tab, you can view the document of the trust policy that is attached to the role. A trust policy is a policy that contains the trusted entities of a RAM role. A trusted entity refers to an entity that can assume the RAM role. The trusted entity of a service-linked role is a cloud service. You can view the value of the Service field in the trust policy of the service-linked role to obtain the trusted entity.

    For more information about how to view information about a service-linked role, see View the information about a RAM role.

    Delete the service-linked role

    Warning

    After a service-linked role is deleted, the features that depend on the role cannot be used. Proceed with caution.

    After you deactivate Resource Center, you can manually delete this service-linked role in the RAM console. For more information, see Delete a RAM role.

    AliyunServiceRoleForResourceCenterDelivery

    Scenarios

    This service-linked role is used for the resource delivery feature in Resource Center. During a delivery task, Resource Center assumes this role to access resources in other services.

    Create the service-linked role

    The system automatically creates the service-linked role within the current logon account when you create a resource delivery task. For more information, see Create a resource delivery task in single-account mode.

    View the information about the service-linked role

    After the service-linked role is created, you can go to the Roles page of the RAM console and search for AliyunServiceRoleForResourceCenterDelivery. Then, you can view the following information about the service-linked role on the role details page:

    • Basic information

      In the Basic Information section, you can view the basic information about the role, such as the name, creation time, ARN, and description.

    • Permission policy

      On the Permissions tab, you can click the policy name AliyunServiceRolePolicyForResourceCenterDelivery to view the policy document.

      Note

      You cannot view the permission policy that is attached to a service-linked role on the Policies page of the RAM console. You can view the permission policy only on the role details page.

    • Trust policy

      On the Trust Policy tab, you can view the document of the trust policy that is attached to the role. A trust policy is a policy that contains the trusted entities of a RAM role. A trusted entity refers to an entity that can assume the RAM role. The trusted entity of a service-linked role is a cloud service. You can view the value of the Service field in the trust policy of the service-linked role to obtain the trusted entity.

    For more information about how to view information about a service-linked role, see View the information about a RAM role.

    Delete the service-linked role

    Warning

    After a service-linked role is deleted, the features that depend on the role cannot be used. Proceed with caution.

    After you deactivate Resource Center, you can manually delete this service-linked role in the RAM console. For more information, see Delete a RAM role.