All Products
Search
Document Center

ApsaraVideo VOD:RAM authorization

Last Updated:Apr 16, 2024
Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM to prevent RAM users from sharing the AccessKey pairs of your Alibaba Cloud account. You can also use RAM to grant minimum permissions to RAM users. RAM uses policies to define permissions.
This topic describes the elements, such as Action, Resource, and Condition, which are defined by VOD. You can use the elements to create policies in RAM. The code (RamCode) in RAM that is used to indicate VOD is vod. You can grant permissions on VOD at the OPERATION.

General structure of a policy

Policies can be stored as JSON files. The following code provides an example on the general structure of a policy:
{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}
The following list describes the fields in the policy:
  • Effect: specifies the authorization effect. Valid values: Allow, Deny.
  • Action: specifies one or more API operations that are allowed or denied. For more information, see the Action section of this topic.
  • Resource: specifies one or more resources to which the policy applies. You can use an Alibaba Cloud Resource Name (ARN) to specify a resource. For more information, see the Resource section of this topic.
  • Condition: specifies one or more conditions that are required for the policy to take effect. This is an optional field. For more information, see the Condition section of this topic.
    • Condition_operator: specifies the conditional operators. Different types of conditions support different conditional operators. For more information, see Policy elements.
    • Condition_key: specifies the condition keys.
    • Condition_value: specifies the condition values.

Action

VOD defines the values that you can use in the Action element of a policy statement. The following table describes the values.
  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • API operation: the API operation that you can call to perform the operation.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition key: the condition keys that are defined by the Alibaba Cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Generic Condition Keyword.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
ActionsAPI operationAccess levelResource typeCondition keyAssociated operation
vod:AddAITemplateAddAITemplateWrite
All Resources
*
NoneNone
vod:AddCategoryAddCategoryWrite
All Resources
*
NoneNone
vod:AddEditingProjectAddEditingProjectWrite
All Resources
*
NoneNone
vod:AddTranscodeTemplateGroupAddTranscodeTemplateGroupWrite
All Resources
*
NoneNone
vod:AddVodDomainAddVodDomainWrite
Domain
acs:vod:*:{#accountId}:domain/{#domainId}
NoneNone
vod:AddVodTemplateAddVodTemplateWrite
All Resources
*
NoneNone
vod:AddVodTemplateAddVodTemplateRead
All Resources
*
NoneNone
vod:AddWatermarkAddWatermarkWrite
All Resources
*
NoneNone
vod:AttachAppPolicyToIdentityAttachAppPolicyToIdentityRead
All Resources
*
NoneNone
vod:BatchSetVodDomainConfigsBatchSetVodDomainConfigsList
All Resources
*
NoneNone
vod:BatchStartVodDomainBatchStartVodDomainRead
All Resources
*
NoneNone
vod:BatchStopVodDomainBatchStopVodDomainRead
All Resources
*
NoneNone
vod:CreateAppInfoCreateAppInfoWrite
All Resources
*
NoneNone
vod:CreateAuditCreateAuditWrite
All Resources
*
NoneNone
vod:CreateUploadAttachedMediaCreateUploadAttachedMediaWrite
All Resources
*
NoneNone
vod:CreateUploadImageCreateUploadImageWrite
All Resources
*
NoneNone
vod:CreateUploadImageCreateUploadImageWrite
All Resources
*
NoneNone
vod:CreateUploadVideoCreateUploadVideoWrite
All Resources
*
NoneNone
vod:CreateUploadVideoCreateUploadVideoWrite
All Resources
*
NoneNone
vod:CreateUploadVideoCreateUploadVideoWrite
All Resources
*
NoneNone
vod:DecryptKMSDataKeyDecryptKMSDataKeyRead
All Resources
*
NoneNone
vod:DeleteAITemplateDeleteAITemplateWrite
All Resources
*
NoneNone
vod:DeleteAttachedMediaDeleteAttachedMediaWrite
All Resources
*
NoneNone
vod:DeleteCategoryDeleteCategoryWrite
All Resources
*
NoneNone
vod:DeleteDynamicImageDeleteDynamicImageWrite
All Resources
*
NoneNone
vod:DeleteEditingProjectDeleteEditingProjectWrite
All Resources
*
NoneNone
vod:DeleteImageDeleteImageWrite
All Resources
*
NoneNone
vod:DeleteImageDeleteImageWrite
All Resources
*
NoneNone
vod:DeleteMessageCallbackDeleteMessageCallbackWrite
All Resources
*
NoneNone
vod:DeleteMezzaninesDeleteMezzaninesWrite
All Resources
*
NoneNone
vod:DeleteMultipartUploadDeleteMultipartUploadRead
All Resources
*
NoneNone
vod:DeleteStreamDeleteStreamWrite
All Resources
*
NoneNone
vod:DeleteStreamDeleteStreamWrite
All Resources
*
NoneNone
vod:DeleteTranscodeTemplateGroupDeleteTranscodeTemplateGroupWrite
All Resources
*
NoneNone
vod:DeleteVideoDeleteVideoWrite
All Resources
*
NoneNone
vod:DeleteVideoDeleteVideoWrite
All Resources
*
NoneNone
vod:DeleteVodDomainDeleteVodDomainWrite
All Resources
*
NoneNone
vod:DeleteVodDomainDeleteVodDomainWrite
All Resources
*
NoneNone
vod:DeleteVodSpecificConfigDeleteVodSpecificConfigWrite
All Resources
*
NoneNone
vod:DeleteVodTemplateDeleteVodTemplateWrite
All Resources
*
NoneNone
vod:DeleteWatermarkDeleteWatermarkWrite
All Resources
*
NoneNone
vod:DescribePlayTopVideosDescribePlayTopVideosList
All Resources
*
NoneNone
vod:DescribePlayUserAvgDescribePlayUserAvgRead
All Resources
*
NoneNone
vod:DescribePlayUserAvgDescribePlayUserAvgRead
All Resources
*
NoneNone
vod:DescribePlayUserTotalDescribePlayUserTotalRead
All Resources
*
NoneNone
vod:DescribePlayUserTotalDescribePlayUserTotalRead
All Resources
*
NoneNone
vod:DescribePlayVideoStatisDescribePlayVideoStatisRead
All Resources
*
NoneNone
vod:DescribeVodAIDataDescribeVodAIDataRead
All Resources
*
NoneNone
vod:DescribeVodCertificateListDescribeVodCertificateListList
All Resources
*
NoneNone
vod:DescribeVodDomainBpsDataDescribeVodDomainBpsDataRead
All Resources
*
NoneNone
vod:DescribeVodDomainCertificateInfoDescribeVodDomainCertificateInfoRead
All Resources
*
NoneNone
vod:DescribeVodDomainCertificateInfoDescribeVodDomainCertificateInfoRead
All Resources
*
NoneNone
vod:DescribeVodDomainConfigsDescribeVodDomainConfigsRead
All Resources
*
NoneNone
vod:DescribeVodDomainConfigsDescribeVodDomainConfigsRead
All Resources
*
NoneNone
vod:DescribeVodDomainConfigsDescribeVodDomainConfigsList
All Resources
*
NoneNone
vod:DescribeVodDomainDetailDescribeVodDomainDetailRead
All Resources
*
NoneNone
vod:DescribeVodDomainLogDescribeVodDomainLogWrite
All Resources
*
NoneNone
vod:DescribeVodDomainLogDescribeVodDomainLogRead
All Resources
*
NoneNone
vod:DescribeVodDomainTrafficDataDescribeVodDomainTrafficDataRead
All Resources
*
NoneNone
vod:DescribeVodDomainUsageDataDescribeVodDomainUsageDataRead
All Resources
*
NoneNone
vod:DescribeVodRefreshTasksDescribeVodRefreshTasksList
All Resources
*
NoneNone
vod:DescribeVodStorageDataDescribeVodStorageDataRead
All Resources
*
NoneNone
vod:DescribeVodTranscodeDataDescribeVodTranscodeDataRead
All Resources
*
NoneNone
vod:DescribeVodUserDomainsDescribeVodUserDomainsList
Domain
acs:vod:*:{#accountId}:domain/*
NoneNone
vod:DescribeVodVerifyContentDescribeVodVerifyContentRead
All Resources
*
NoneNone
vod:GenerateKMSDataKeyGenerateKMSDataKeyRead
All Resources
*
NoneNone
vod:GetAIImageJobsGetAIImageJobsList
All Resources
*
NoneNone
vod:GetAIMediaAuditJobGetAIMediaAuditJobRead
All Resources
*
NoneNone
vod:GetAITemplateGetAITemplateRead
All Resources
*
NoneNone
vod:GetAIVideoTagResultGetAIVideoTagResultRead
All Resources
*
NoneNone
vod:GetAppInfosGetAppInfosList
All Resources
*
NoneNone
vod:GetAttachedMediaInfoGetAttachedMediaInfoRead
All Resources
*
NoneNone
vod:GetAuditHistoryGetAuditHistoryRead
All Resources
*
NoneNone
vod:GetCategoriesGetCategoriesList
All Resources
*
NoneNone
vod:GetDefaultAITemplateGetDefaultAITemplateRead
All Resources
*
NoneNone
vod:GetEditingProjectGetEditingProjectRead
All Resources
*
NoneNone
vod:GetEditingProjectMaterialsGetEditingProjectMaterialsList
All Resources
*
NoneNone
vod:GetImageInfoGetImageInfoRead
All Resources
*
NoneNone
vod:GetImageInfosGetImageInfosList
All Resources
*
NoneNone
vod:GetMediaAuditAudioResultDetailGetMediaAuditAudioResultDetailRead
All Resources
*
NoneNone
vod:GetMediaAuditResultGetMediaAuditResultRead
All Resources
*
NoneNone
vod:GetMediaAuditResultDetailGetMediaAuditResultDetailRead
All Resources
*
NoneNone
vod:GetMediaAuditResultTimelineGetMediaAuditResultTimelineRead
All Resources
*
NoneNone
vod:GetMediaDNAResultGetMediaDNAResultRead
All Resources
*
NoneNone
vod:GetMessageCallbackGetMessageCallbackRead
All Resources
*
NoneNone
vod:GetMezzanineInfoGetMezzanineInfoRead
All Resources
*
NoneNone
vod:GetPlayInfoGetPlayInfoRead
All Resources
*
NoneNone
vod:GetTranscodeSummaryGetTranscodeSummaryRead
All Resources
*
NoneNone
vod:GetTranscodeTaskGetTranscodeTaskRead
All Resources
*
NoneNone
vod:GetTranscodeTemplateGroupGetTranscodeTemplateGroupRead
All Resources
*
NoneNone
vod:GetURLUploadInfosGetURLUploadInfosRead
All Resources
*
NoneNone
vod:GetUploadDetailsGetUploadDetailsList
All Resources
*
NoneNone
vod:GetVideoInfoGetVideoInfoRead
All Resources
*
NoneNone
vod:GetVideoInfosGetVideoInfosList
All Resources
*
NoneNone
vod:GetVideoListGetVideoListList
All Resources
*
NoneNone
vod:GetVideoPlayAuthGetVideoPlayAuthRead
All Resources
*
NoneNone
vod:GetVodTemplateGetVodTemplateRead
All Resources
*
NoneNone
vod:GetWatermarkGetWatermarkRead
All Resources
*
NoneNone
vod:ListAIImageInfoListAIImageInfoList
All Resources
*
NoneNone
vod:ListAIJobListAIJobList
All Resources
*
NoneNone
vod:ListAITemplateListAITemplateList
All Resources
*
NoneNone
vod:ListAppInfoListAppInfoList
All Resources
*
NoneNone
vod:ListAppPoliciesForIdentityListAppPoliciesForIdentityList
All Resources
*
NoneNone
vod:ListAuditSecurityIpListAuditSecurityIpList
All Resources
*
NoneNone
vod:ListDynamicImageListDynamicImageList
All Resources
*
NoneNone
vod:ListLiveRecordVideoListLiveRecordVideoList
All Resources
*
NoneNone
vod:ListSnapshotsListSnapshotsList
All Resources
*
NoneNone
vod:ListTranscodeTaskListTranscodeTaskList
All Resources
*
NoneNone
vod:ListTranscodeTemplateGroupListTranscodeTemplateGroupList
All Resources
*
NoneNone
vod:ListVodTemplateListVodTemplateList
All Resources
*
NoneNone
vod:ListWatermarkListWatermarkList
All Resources
*
NoneNone
vod:PreloadVodObjectCachesPreloadVodObjectCachesList
All Resources
*
NoneNone
vod:ProduceEditingProjectVideoProduceEditingProjectVideoRead
All Resources
*
NoneNone
vod:RefreshUploadVideoRefreshUploadVideoRead
All Resources
*
NoneNone
vod:RefreshVodObjectCachesRefreshVodObjectCachesList
All Resources
*
NoneNone
vod:RegisterMediaRegisterMediaRead
All Resources
*
NoneNone
vod:SearchEditingProjectSearchEditingProjectList
All Resources
*
NoneNone
vod:SearchMediaSearchMediaList
All Resources
*
NoneNone
vod:SetAuditSecurityIpSetAuditSecurityIpRead
All Resources
*
NoneNone
vod:SetDefaultAITemplateSetDefaultAITemplateRead
All Resources
*
NoneNone
vod:SetDefaultTranscodeTemplateGroupSetDefaultTranscodeTemplateGroupRead
All Resources
*
NoneNone
vod:SetDefaultWatermarkSetDefaultWatermarkRead
All Resources
*
NoneNone
vod:SetEditingProjectMaterialsSetEditingProjectMaterialsList
All Resources
*
NoneNone
vod:SetMessageCallbackSetMessageCallbackRead
All Resources
*
NoneNone
vod:SetVodDomainCertificateSetVodDomainCertificateRead
All Resources
*
NoneNone
vod:SubmitAIImageAuditJobSubmitAIImageAuditJobWrite
All Resources
*
NoneNone
vod:SubmitAIImageJobSubmitAIImageJobWrite
All Resources
*
NoneNone
vod:SubmitAIJobSubmitAIJobWrite
All Resources
*
NoneNone
vod:SubmitAIMediaAuditJobSubmitAIMediaAuditJobWrite
All Resources
*
NoneNone
vod:SubmitDynamicImageJobSubmitDynamicImageJobWrite
All Resources
*
NoneNone
vod:SubmitMediaDNADeleteJobSubmitMediaDNADeleteJobWrite
All Resources
*
NoneNone
vod:SubmitPreprocessJobsSubmitPreprocessJobsWrite
All Resources
*
NoneNone
vod:SubmitSnapshotJobSubmitSnapshotJobWrite
All Resources
*
NoneNone
vod:SubmitTranscodeJobsSubmitTranscodeJobsWrite
All Resources
*
NoneNone
vod:SubmitWorkflowJobSubmitWorkflowJobWrite
All Resources
*
NoneNone
vod:UpdateAITemplateUpdateAITemplateWrite
All Resources
*
NoneNone
vod:UpdateAttachedMediaInfosUpdateAttachedMediaInfosWrite
All Resources
*
NoneNone
vod:UpdateCategoryUpdateCategoryWrite
All Resources
*
NoneNone
vod:UpdateEditingProjectUpdateEditingProjectWrite
All Resources
*
NoneNone
vod:UpdateImageInfosUpdateImageInfosWrite
All Resources
*
NoneNone
vod:UpdateTranscodeTemplateGroupUpdateTranscodeTemplateGroupWrite
All Resources
*
NoneNone
vod:UpdateVideoInfoUpdateVideoInfoWrite
All Resources
*
NoneNone
vod:UpdateVideoInfosUpdateVideoInfosWrite
All Resources
*
NoneNone
vod:UpdateVodDomainUpdateVodDomainWrite
All Resources
*
NoneNone
vod:UpdateVodTemplateUpdateVodTemplateWrite
All Resources
*
NoneNone
vod:UpdateWatermarkUpdateWatermarkWrite
All Resources
*
NoneNone
vod:UploadMediaByURLUploadMediaByURLWrite
All Resources
*
NoneNone
vod:VerifyVodDomainOwnerVerifyVodDomainOwnerRead
All Resources
*
NoneNone

Resource

In VOD, you cannot specify an ARN in the Resource element in a policy statement. If you want to authorize a RAM user or a RAM role to access VOD, you cannot specify an ARN in the "Resource": "*".

Condition

VOD does not define service-specific condition keys. For more information about common condition keys that are defined by Alibaba Cloud, see Generic Condition Keyword.

What to do next

You can create a custom policy and attach the policy to a RAM user, RAM user group, or RAM role. For more information, see the following topics: