Before you can use a Resource Access Management (RAM) user to use the data shipping feature of the new version to ship data to MaxCompute, you must complete authorization. This topic describes how to grant a RAM user the permissions to ship data to MaxCompute.
Prerequisites
A RAM user is created. For more information about how to create a RAM user, see Create a RAM user.
Procedure
Create a custom policy on the RAM console. For more information, see Create a custom policy on the JSON tab.
On the JSON tab, replace the existing contents in the editor with the following script.
ImportantReplace
ProjectNameandLogstoreNamein the following script with actual values.If you want to use a RAM user to configure alerts for data shipping jobs, you must grant the RAM user the permissions to manage alerts. For more information, see Authorize a RAM user to manage alerts.
{ "Version": "1", "Statement": [{ "Effect": "Allow", "Action": [ "log:GetLogStore", "log:GetIndex", "log:GetLogStoreHistogram", "log:GetLogStoreLogs" ], "Resource": [ "acs:log:*:*:project/ProjectName/logstore/LogstoreName", "acs:log:*:*:project/ProjectName/logstore/internal-diagnostic_log" ] }, { "Effect": "Allow", "Action": [ "log:CreateJob", "log:UpdateJob", "log:DeleteJob", "log:ListJobs", "log:GetJob" ], "Resource": "acs:log:*:*:project/ProjectName/job/*" }, { "Effect": "Allow", "Action": [ "log:ListLogStores", "log:ListDashboard", "log:ListSavedSearch" ], "Resource": "acs:log:*:*:project/ProjectName/*" }, { "Effect": "Allow", "Action": [ "ram:PassRole", "ram:GetRole", "ram:ListRoles" ], "Resource": "*" } ] }Attach the custom policy to the RAM user. For more information, see Grant permissions to a RAM user.