Before an end user can manage products, they must be granted permission to access the Service Catalog console. An end user can be a RAM user or a RAM role. This example uses a RAM user.
Prerequisites
Ensure that an administrator has created a RAM user. For instructions, see Create a RAM user.
Procedure
Console
-
Log on to the RAM console.
-
On the Users page, find the target user and click Add Permissions in the Operation column.
-
In the Grant Permission panel, grant permission to the RAM user.
-
For Resource Scope, select Account.
-
Select Permission Policy: Search for and select AliyunServiceCatalogEndUserFullAccess, which is a System Policy. If you also need to grant other Custom Policies, you need to first create a custom permission policy and then select the required permissions.
NoteThe
AliyunServiceCatalogEndUserFullAccesspolicy grants end users the permissions required to launch products and manage instances in the Service Catalog console.
-
-
Click OK.
API
Grant a custom policy
-
Call CreatePolicy to create a custom policy. For more information, see Permission policy elements and Overview of sample policies.
-
Call the AttachPolicyToUser operation to attach the permission policy to the specified RAM user. In the request, set
PolicyTypetoCustom.
Grant a system policy
Call the AttachPolicyToUser operation to attach the permission policy to the specified RAM user. In the request, set PolicyType to System and PolicyName to AliyunServiceCatalogEndUserFullAccess.