All Products
Search

This Product

    Smart Access Gateway:Grant a RAM user the permissions on QoS policies and flow logs

    Document Center

    Smart Access Gateway:Grant a RAM user the permissions on QoS policies and flow logs

    Last Updated:Apr 07, 2024

    This topic describes how to grant a Resource Access Management (RAM) user the permissions to use quality of service (QoS) policies and flow logs.

    Procedure

    1. View the RAM policies that are attached to a RAM user.

      1. Log on to the RAM console with your Alibaba Cloud account.

      2. In the left-side navigation pane, choose Permissions > Grants.

      3. On the Grants page, find the RAM user that you want to manage and view the permission policies attached to the RAM user.

        If the AliyunSmartAccessGatewayFullAccess permission policy is attached to the RAM user, the RAM user can use QoS policies and flow logs without other permissions. You can click AliyunSmartAccessGatewayFullAccess to view the details. The following code block shows the content of the AliyunSmartAccessGatewayFullAccess RAM policy: 

        {
    "Version": "1",
    "Statement": [
        {
            "Action": "smartag:*",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    2. If the AliyunSmartAccessGatewayFullAccess RAM policy is not attached to the RAM user, you can create a custom policy and attach it to the RAM user. This grants the RAM user the required permissions.

      If the RAM user needs to use QoS policies and flow logs, perform the following steps to create and attach a custom policy to the RAM user.

      1. Log on to the RAM console.

      2. In the left-side navigation pane, choose Permissions > Policies.

      3. On the Policies page, click Create Policy.

      4. On the Create Policy page, click the JSON tab, configure the following parameters, click Next to edit policy information, and then click OK:

        • Name: Enter a name for the custom policy.

        • Description: Enter a description for the custom policy.

        • Policy document: Enter the content of the policy.

          • QoS policy

            {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "smartag:AssociateQos",
                "smartag:CreateQos",
                "smartag:CreateQosCar",
                "smartag:CreateQosPolicy",
                "smartag:DeleteQosCar",
                "smartag:DeleteQosPolicy",
                "smartag:DescribeQosCars",
                "smartag:DescribeQosPolicies",
                "smartag:DisassociateQos",
                "smartag:GetQosAttribute",
                "smartag:ModifyQos",
                "smartag:ModifyQosCar",
                "smartag:ModifyQosPolicy"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

          • Flow log

            {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "smartag:ActiveFlowLog",
                "smartag:AssociateFlowLog",
                "smartag:CreateFlowLog",
                "smartag:DeactiveFlowLog",
                "smartag:DescribeFlowLogSags",
                "smartag:DisassociateFlowLog",
                "smartag:ModifyFlowLogAttribute"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

        For more information, see Create custom policies.

      5. In the left-side navigation pane, choose Identities > Users.

      6. On the Users page, find the RAM user and click Add Permissions in the Actions column.

      7. In the Add Permissions panel, confirm the authorized scope and principal.

      8. In the Select Policy section, click Custom Policy, select the custom policy created in Step 2, and then click OK.

        After you complete the preceding steps, you can perform Step 1 to view the RAM policy that is attached to the RAM user.