This topic describes the operation and data access permissions required for alert management.
Operation permissions
Alert operations involve creating, deleting, modifying, and viewing alert tasks.
Alibaba Cloud account: An Alibaba Cloud account has management permissions on Simple Log Service. If you perform alert operations using this account, no additional permissions are needed.
Resource Access Management (RAM) user: To perform alert operations as a RAM user, you must first have an Alibaba Cloud account to assign the necessary permissions to the RAM user. We recommend that you use a RAM user to perform alert operations. For more information, see Authorize a RAM user to manage alerts.
Data access permissions
To monitor data across projects, regions, or Alibaba Cloud accounts based on an alert rule, Simple Log Service must assume a RAM role to access the required logstores or metricstores. In such cases, you must grant the required permissions to the RAM role. For more information, see Monitor data across projects.
To record alert information in an eventstore, Simple Log Service must assume a RAM role to access the required eventstore. In such cases, you must grant the required permissions to the RAM role. For more information, see Grant permissions to write alerts to an eventstore.