Before you can use a Resource Access Management (RAM) user to manage OSS-HDFS data shipping jobs, you must grant the RAM user the job management permissions.
Prerequisites
A RAM user is created. For more information, see Create a RAM user.
Procedure
Log on to the RAM console by using you Alibaba Cloud account or a RAM user who has administrative rights.
Create a custom policy. On the JSON tab, replace the existing contents in the editor with the following script. For more information, see Create a custom policy in script edit mode.
ImportantReplace
ProjectNameandLogstoreNamein the script based on your actual situation.If you want to use a RAM user to configure alerts for OSS-HDFS data shipping jobs, you must grant the RAM user the management permissions on alerts. For more information, see Authorize a RAM user to manage alerts.
{ "Version": "1", "Statement": [{ "Effect": "Allow", "Action": [ "log:GetLogStore", "log:GetIndex", "log:GetLogStoreHistogram", "log:GetLogStoreLogs" ], "Resource": [ "acs:log:*:*:project/ProjectName/logstore/LogstoreName", "acs:log:*:*:project/ProjectName/logstore/internal-diagnostic_log" ] }, { "Effect": "Allow", "Action": [ "log:CreateJob", "log:UpdateJob", "log:DeleteJob", "log:ListJobs", "log:GetJob" ], "Resource": "acs:log:*:*:project/ProjectName/job/*" }, { "Effect": "Allow", "Action": [ "log:ListLogStores", "log:ListDashboard", "log:ListSavedSearch" ], "Resource": "acs:log:*:*:project/ProjectName/*" }, { "Effect": "Allow", "Action": [ "ram:PassRole", "ram:GetRole", "ram:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": "oss:GetBucketInfo", "Resource": "acs:oss:*:*:BucketName" } ] }Add the created custom policy to the RAM user. For more information, see Grant permissions to a RAM user.