Izin role terkait layanan untuk ACK One - Container Service for Kubernetes

ACK One (Distributed Cloud Container Platform for Kubernetes) menggunakan peran terkait layanan untuk mengakses layanan Alibaba Cloud lainnya atas nama Anda. Topik ini menjelaskan peran terkait layanan untuk ACK One dan izin yang dimilikinya.

Tetapkan peran terkait layanan

Untuk menyelesaikan otorisasi, Anda harus menggunakan Akun Alibaba Cloud atau akun administrator RAM.

Peran terkait layanan dibuat secara otomatis—Anda tidak perlu membuatnya secara manual. Saat pertama kali membuka Konsol ACK One, konsol akan meminta Anda untuk menyelesaikan otorisasi. Ikuti petunjuk di layar untuk menyelesaikannya.

Penting

Hanya Akun Alibaba Cloud dan administrator akun RAM yang dapat menyelesaikan otorisasi peran. Pengguna RAM biasa tidak dapat melakukan operasi ini. Jika konsol menampilkan error izin, masuklah dengan Akun Alibaba Cloud atau akun administrator RAM.

Peran terkait layanan untuk ACK One

ACK One menggunakan peran terkait layanan berikut:

Nama Peran	Tujuan	Diperlukan
`AliyunCSDefaultRole`	Memungkinkan ACK One mengakses resource ECS, VPC, SLB, Resource Orchestration Service (ROS), dan Auto Scaling selama manajemen kluster.	Diperlukan untuk semua fitur ACK One
`AliyunServiceRoleForAdcp`	Memungkinkan ACK One mengakses resource ECS, VPC, dan SLB selama manajemen kluster.	Diperlukan untuk semua fitur ACK One
`AliyunAdcpServerlessKubernetesRole`	Memungkinkan instans fleet ACK One dan kluster Kubernetes untuk alur kerja Argo terdistribusi mengakses resource VPC, ECS, Alibaba Cloud DNS PrivateZone, Elastic Container Instance, dan Simple Log Service.	Diperlukan untuk semua fitur ACK One
`AliyunAdcpManagedMseRole`	Memungkinkan instans fleet ACK One mengakses resource Microservices Engine (MSE).	Diperlukan hanya untuk gerbang multi-kluster

AliyunAdcpManagedMseRole hanya diperlukan saat Anda menggunakan gerbang multi-kluster. Peran ini tidak memengaruhi fitur ACK One lainnya.

Izin peran terkait layanan

AliyunServiceRoleForAdcp

Peran ini memberikan izin kepada ACK One untuk mengelola grup keamanan dan antarmuka jaringan di ECS, tabel rute dan load balancer di VPC, topologi CEN, instans SLB, service mesh ASM, aplikasi RAM, serta pemantauan Prometheus ARMS.

Izin terkait ECS

ecs:CreateSecurityGroup
ecs:CreateSecurityGroupPermissions
ecs:DeleteSecurityGroup
ecs:DescribeAccountAttributes
ecs:DescribeSecurityGroups
ecs:AuthorizeSecurityGroup
ecs:RevokeSecurityGroup
ecs:AuthorizeSecurityGroupEgress
ecs:RevokeSecurityGroupEgress
ecs:DescribeNetworkInterfaces
ecs:DescribeZones

Izin terkait VPC

vpc:DescribeVpcAttribute
vpc:DescribeVSwitchAttributes
vpc:AllocateEipAddress
vpc:AssociateEipAddress
vpc:UnassociateEipAddress
vpc:ReleaseEipAddress
vpc:DescribeEipAddresses
vpc:TagResources
vpc:DeletionProtection
vpc:DescribeRouteTableList
vpc:CreateRouteEntry
vpc:DeleteRouteEntry
vpc:AcceptVpcPeerConnection
vpc:GetVpcPeerConnectionAttribute
vpc:DescribeVSwitches
vpc:DescribeVpcs

Izin terkait CEN

cen:DescribeCenAttachedChildInstances
cen:DescribeCens

Izin terkait SLB

slb:DescribeLoadBalancerAttribute
slb:CreateLoadBalancer
slb:DeleteLoadBalancer
slb:StartLoadBalancerListener
slb:StopLoadBalancerListener
slb:CreateLoadBalancerTCPListener
slb:CreateLoadBalancerHTTPListener
slb:DeleteLoadBalancerListener
slb:AddTags
slb:RemoveTags
slb:SetLoadBalancerDeleteProtection
slb:SetLoadBalancerModificationProtection
slb:DescribeZones
slb:CreateAccessControlList
slb:DescribeAccessControlLists
slb:AddAccessControlListEntry
slb:RemoveAccessControlListEntry
slb:SetLoadBalancerTCPListenerAttribute

Izin terkait ASM

servicemesh:CreateServiceMesh
servicemesh:DeleteServiceMesh
servicemesh:DescribeServiceMeshDetail
servicemesh:DescribeServiceMeshes
servicemesh:DescribeServiceMeshKubeconfig
servicemesh:DescribeServiceMeshLogs
servicemesh:ModifyServiceMesh
servicemesh:ModifyServiceMeshName
servicemesh:DescribeClustersInServiceMesh
servicemesh:AddClusterIntoServiceMesh
servicemesh:RemoveClusterFromServiceMesh
servicemesh:UpdateMeshFeature
servicemesh:DescribeRegions
servicemesh:DescribeServiceMeshUpgradeStatus
servicemesh:DescribeVersions
servicemesh:RevokeKubeconfig
servicemesh:UpdateServiceMeshOwner

Izin terkait RAM

ram:CreateApplication
ram:ListApplications
ram:ListAppSecretIds
ram:GetApplication
ram:UpdateApplication
ram:CreateAppSecret
ram:GetAppSecret
ram:DeleteApplication
ram:DeleteAppSecret
ram:CreateApplication
ram:ListApplications
ram:ListAppSecretIds
ram:CreateServiceLinkedRole

Izin terkait ARMS

arms:InstallManagedPrometheus
arms:UninstallManagedPrometheus

AliyunAdcpServerlessKubernetesRole

Peran ini memberikan izin kepada instans fleet ACK One dan kluster alur kerja Argo untuk mengelola alamat IP elastis dan vSwitch di VPC, antarmuka jaringan di ECS, zona privat DNS, kelompok kontainer Elastic Container Instance, serta proyek dan penyimpanan log Simple Log Service.

Izin terkait VPC

vpc:DescribeVSwitches
vpc:DescribeVpcs
vpc:AssociateEipAddress
vpc:DescribeEipAddresses
vpc:AllocateEipAddress
vpc:ReleaseEipAddress
vpc:AddCommonBandwidthPackageIp
vpc:RemoveCommonBandwidthPackageIp

Izin terkait ECS

ecs:DescribeSecurityGroups
ecs:CreateNetworkInterface
ecs:CreateNetworkInterfacePermission
ecs:DescribeNetworkInterfaces
ecs:AttachNetworkInterface
ecs:DetachNetworkInterface
ecs:DeleteNetworkInterface
ecs:DeleteNetworkInterfacePermission

Izin terkait ARMS

arms:GetManagedPrometheusStatus
arms:InstallManagedPrometheus
arms:UninstallManagedPrometheus

Izin terkait Alibaba Cloud DNS PrivateZone

pvtz:AddZone
pvtz:DeleteZone
pvtz:DescribeZones
pvtz:DescribeZoneInfo
pvtz:BindZoneVpc
pvtz:AddZoneRecord
pvtz:DeleteZoneRecord
pvtz:DeleteZoneRecordsByRR
pvtz:DescribeZoneRecordsByRR
pvtz:DescribeZoneRecords

Izin terkait Elastic Container Instance

eci:CreateContainerGroup
eci:DeleteContainerGroup
eci:DescribeContainerGroups
eci:DescribeContainerGroupStatus
eci:DescribeContainerGroupEvents
eci:DescribeContainerLog
eci:UpdateContainerGroup
eci:UpdateContainerGroupByTemplate
eci:CreateContainerGroupFromTemplate
eci:RestartContainerGroup
eci:ExportContainerGroupTemplate
eci:DescribeContainerGroupMetric
eci:DescribeMultiContainerGroupMetric
eci:ResizeContainerGroupVolume
eci:ExecContainerCommand
eci:CreateImageCache
eci:DescribeImageCaches
eci:DeleteImageCache

Izin terkait Simple Log Service

log:CreateProject
log:GetProject
log:DeleteProject
log:CreateLogStore
log:GetLogStore
log:UpdateLogStore
log:DeleteLogStore
log:CreateConfig
log:UpdateConfig
log:GetConfig
log:DeleteConfig
log:CreateMachineGroup
log:UpdateMachineGroup
log:GetMachineGroup
log:DeleteMachineGroup
log:ApplyConfigToGroup
log:GetAppliedMachineGroups
log:GetAppliedConfigs
log:RemoveConfigFromMachineGroup
log:CreateIndex
log:GetIndex
log:UpdateIndex
log:DeleteIndex
log:CreateSavedSearch
log:GetSavedSearch
log:UpdateSavedSearch
log:DeleteSavedSearch
log:CreateDashboard
log:GetDashboard
log:UpdateDashboard
log:DeleteDashboard
log:CreateJob
log:GetJob
log:DeleteJob
log:PostLogStoreLogs
log:UpdateJob

Izin terkait RAM

ram:CreateServiceLinkedRole

AliyunAdcpManagedMseRole

Peran ini memberikan izin kepada instans fleet ACK One untuk mengelola gerbang, sumber layanan, dan aturan pengendalian traffic di Microservices Engine (MSE), serta pengumpulan data Simple Log Service dan kemampuan untuk membuat peran terkait layanan tambahan.

Izin terkait MSE

mse:AddBlackWhiteList
mse:AddGateway
mse:AddServiceSource
mse:CreateApplication
mse:DeleteGateway
mse:GetBlackWhiteList
mse:GetGateway
mse:GetGatewayDetail
mse:GetGatewayOption
mse:ListServiceSource
mse:ListTagResources
mse:ModifyLosslessRule
mse:TagResources
mse:UntagResources
mse:UpdateBlackWhiteList
mse:UpdateGatewayOption
mse:UpdateServiceSource

Izin terkait Simple Log Service

log:CloseProductDataCollection
log:OpenProductDataCollection
log:GetProductDataCollection

Izin terkait RAM

ram:CreateServiceLinkedRole

AliyunCSManagedKubernetesRole

Peran ini memberikan izin kepada kluster ACK One untuk mengelola instans, antarmuka jaringan, dan entri rute di ECS, load balancer dan kelompok server di SLB, entri rute di VPC, proyek log dan penyimpanan log di Simple Log Service, resource ALB dan NLB, serta metrik CloudMonitor (CMS) dan image Container Registry (ACR).

Izin terkait ECS

ecs:Describe\*
ecs:CreateRouteEntry
ecs:DeleteRouteEntry
ecs:CreateNetworkInterface
ecs:DeleteNetworkInterface
ecs:CreateNetworkInterfacePermission
ecs:DeleteNetworkInterfacePermission
ecs:ModifyInstanceAttribute
ecs:AttachKeyPair
ecs:StopInstance
ecs:StartInstance
ecs:ReplaceSystemDisk

Izin terkait SLB

slb:Describe\*
slb:CreateLoadBalancer
slb:DeleteLoadBalancer
slb:ModifyLoadBalancerInternetSpec
slb:RemoveBackendServers
slb:AddBackendServers
slb:RemoveTags
slb:AddTags
slb:TagResources
slb:UnTagResources
slb:ListTagResources
slb:StopLoadBalancerListener
slb:StartLoadBalancerListener
slb:SetLoadBalancerHTTPListenerAttribute
slb:SetLoadBalancerHTTPSListenerAttribute
slb:SetLoadBalancerTCPListenerAttribute
slb:SetLoadBalancerUDPListenerAttribute
slb:CreateLoadBalancerHTTPSListener
slb:CreateLoadBalancerHTTPListener
slb:CreateLoadBalancerTCPListener
slb:CreateLoadBalancerUDPListener
slb:DeleteLoadBalancerListener
slb:CreateVServerGroup
slb:DescribeVServerGroups
slb:DeleteVServerGroup
slb:SetVServerGroupAttribute
slb:DescribeVServerGroupAttribute
slb:ModifyVServerGroupBackendServers
slb:AddVServerGroupBackendServers
slb:ModifyLoadBalancerInstanceSpec
slb:ModifyLoadBalancerInternetSpec
slb:SetLoadBalancerModificationProtection
slb:SetLoadBalancerDeleteProtection
slb:SetLoadBalancerName
slb:ModifyLoadBalancerInstanceChargeType
slb:RemoveVServerGroupBackendServers

Izin terkait VPC

vpc:Describe\*
vpc:DeleteRouteEntry
vpc:CreateRouteEntry

Izin terkait Simple Log Service

log:CreateProject
log:GetProject
log:GetProductDataCollection
log:OpenProductDataCollection
log:CloseProductDataCollection
log:GetLogStoreHistogram
log:AnalyzeProductLog
log:CreateIndex
log:UpdateIndex
log:DeleteIndex
log:CreateLogStore
log:UpdateLogStore
log:DeleteLogStore
log:CreateDashboard
log:UpdateDashboard
log:DeleteDashboard
log:SetGeneralDataAccessConfig

Izin terkait ALB

alb:EnableLoadBalancerIpv6Internet
alb:DisableLoadBalancerIpv6Internet
alb:CreateAcl
alb:DeleteAcl
alb:ListAcls
alb:ListAclRelations
alb:AddEntriesToAcl
alb:AssociateAclsWithListener
alb:ListAclEntries
alb:RemoveEntriesFromAcl
alb:DissociateAclsFromListener
alb:TagResources
alb:UnTagResources
alb:ListServerGroups
alb:ListServerGroupServers
alb:AddServersToServerGroup
alb:RemoveServersFromServerGroup
alb:ReplaceServersInServerGroup
alb:CreateLoadBalancer
alb:DeleteLoadBalancer
alb:UpdateLoadBalancerAttribute
alb:UpdateLoadBalancerEdition
alb:EnableLoadBalancerAccessLog
alb:DisableLoadBalancerAccessLog
alb:EnableDeletionProtection
alb:DisableDeletionProtection
alb:ListLoadBalancers
alb:GetLoadBalancerAttribute
alb:ListListeners
alb:CreateListener
alb:GetListenerAttribute
alb:UpdateListenerAttribute
alb:ListListenerCertificates
alb:AssociateAdditionalCertificatesWithListener
alb:DissociateAdditionalCertificatesFromListener
alb:DeleteListener
alb:CreateRule
alb:DeleteRule
alb:UpdateRuleAttribute
alb:CreateRules
alb:UpdateRulesAttribute
alb:DeleteRules
alb:ListRules
alb:UpdateListenerLogConfig
alb:CreateServerGroup
alb:DeleteServerGroup
alb:UpdateServerGroupAttribute
alb:UpdateLoadBalancerAddressTypeConfig
alb:AttachCommonBandwidthPackageToLoadBalancer
alb:DetachCommonBandwidthPackageFromLoadBalancer
alb:UpdateServerGroupServersAttribute
alb:MoveResourceGroup
alb:ListAScripts
alb:CreateAScripts
alb:UpdateAScripts
alb:DeleteAScripts
alb:LoadBalancerJoinSecurityGroup
alb:LoadBalancerLeaveSecurityGroup
alb:DescribeZones

Izin terkait NLB

nlb:TagResources
nlb:UnTagResources
nlb:ListTagResources
nlb:CreateLoadBalancer
nlb:DeleteLoadBalancer
nlb:GetLoadBalancerAttribute
nlb:ListLoadBalancers
nlb:UpdateLoadBalancerAttribute
nlb:UpdateLoadBalancerAddressTypeConfig
nlb:UpdateLoadBalancerZones
nlb:CreateListener
nlb:DeleteListener
nlb:ListListeners
nlb:UpdateListenerAttribute
nlb:StopListener
nlb:StartListener
nlb:GetListenerAttribute
nlb:GetListenerHealthStatus
nlb:CreateServerGroup
nlb:DeleteServerGroup
nlb:UpdateServerGroupAttribute
nlb:AddServersToServerGroup
nlb:RemoveServersFromServerGroup
nlb:UpdateServerGroupServersAttribute
nlb:ListServerGroups
nlb:ListServerGroupServers
nlb:LoadBalancerLeaveSecurityGroup
nlb:LoadBalancerJoinSecurityGroup
nlb:DisableLoadBalancerIpv6Internet
nlb:EnableLoadBalancerIpv6Internet
nlb:UpdateLoadBalancerProtection
nlb:AttachCommonBandwidthPackageToLoadBalancer
nlb:DetachCommonBandwidthPackageFromLoadBalancer
nlb:GetJobStatus

Izin terkait CMS

cms:DescribeMetricData
cms:DescribeMetricLast
cms:DescribeMetricMetaList
cms:DescribeMetricTop
cms:QueryMetricData
cms:QueryMetricLast
cms:DescribeMetricList
cms:QueryMetricList
cms:MetricMeta

Izin terkait ACR

cr:Get\*
cr:List\*
cr:PullRepository

AliyunCSManagedLogRole

Peran ini memberikan izin kepada kluster ACK One untuk mengelola seluruh siklus hidup resource Simple Log Service — termasuk proyek log, penyimpanan log, konfigurasi, kelompok mesin, indeks, pencarian tersimpan, dasbor, dan pekerjaan — serta kemampuan untuk mengirim entri log dan memicu event EventBridge.

Izin terkait Simple Log Service

log:CreateProject
log:GetProject
log:DeleteProject
log:CreateLogStore
log:GetLogStore
log:UpdateLogStore
log:DeleteLogStore
log:CreateConfig
log:UpdateConfig
log:GetConfig
log:DeleteConfig
log:CreateMachineGroup
log:UpdateMachineGroup
log:GetMachineGroup
log:DeleteMachineGroup
log:ApplyConfigToGroup
log:GetAppliedMachineGroups
log:GetAppliedConfigs
log:RemoveConfigFromMachineGroup
log:RemoveConfigFromGroup
log:CreateIndex
log:GetIndex
log:UpdateIndex
log:DeleteIndex
log:CreateSavedSearch
log:GetSavedSearch
log:UpdateSavedSearch
log:DeleteSavedSearch
log:CreateDashboard
log:GetDashboard
log:UpdateDashboard
log:DeleteDashboard
log:CreateJob
log:GetJob
log:DeleteJob
log:UpdateJob
log:PostLogStoreLogs
log:CreateSortedSubStore
log:GetSortedSubStore
log:ListSortedSubStore
log:UpdateSortedSubStore
log:DeleteSortedSubStore
log:CreateApp
log:UpdateApp
log:GetApp
log:DeleteApp
log:GetLogStoreLogs
log:TagResources
log:ListJobs
log:ListTagResources
log:UntagResources
log:CreateResourceRecord
log:UpdateResourceRecord
log:UpsertResourceRecord
log:GetResourceRecord
log:DeleteResourceRecord
log:ListResourceRecords
log:ListResources
log:GetResource
log:PutLogs
log:UpdateLogStoreMeteringMode
log:GetLogStoreMeteringMode
log:CreateLogtailPipelineConfig
log:DeleteLogtailPipelineConfig
log:GetLogtailPipelineConfig
log:UpdateLogtailPipelineConfig
log:ListLogtailPipelineConfig
log:CreateSubStore
cs:UpdateContactGroup
cs:DescribeTemplates
cs:DescribeTemplateAttribute
eventbridge:PutEvents

AliyunCSManagedCmsRole

Peran ini memberikan izin kepada kluster ACK One untuk mengelola grup monitor CloudMonitor (CMS), aturan metrik, dan grup tag dinamis, serta membaca metrik dari SLS dan SLB dan melaporkan data melalui ARMS Sentinel.

Izin terkait CMS

cms:DescribeMonitorGroups
cms:DescribeMonitorGroupInstances
cms:CreateMonitorGroup
cms:DeleteMonitorGroup
cms:ModifyMonitorGroupInstances
cms:CreateMonitorGroupInstances
cms:DeleteMonitorGroupInstances
cms:TaskConfigCreate
cms:TaskConfigList
cms:DescribeMetricList
cms:QueryMetricList
cms:CreateDynamicTagGroup
cms:PutGroupMetricRule
cms:DescribeMetricRuleList
cms:DeleteMetricRules
cs:DescribeMonitorToken
ahas:GetSentinelAppSumMetric
log:GetLogStoreLogs
slb:DescribeMetricList
sls:GetLogs
sls:PutLogs

AliyunCSManagedArmsRole

Peran ini memberikan izin kepada kluster ACK One untuk mengakses seluruh API Application Real-Time Monitoring Service (ARMS) — termasuk aturan alert, grup kontak, aturan distribusi, pemantauan Prometheus, dan manajemen lingkungan — serta manajemen gerbang MSE dan penulisan log Simple Log Service.

Izin terkait ARMS

arms:CMonitorCloudInstances
arms:CMonitorRegister
arms:ConfigAgentLabel
arms:CreateAlertRules
arms:CreateAlertTemplate
arms:CreateApp
arms:CreateContact
arms:CreateContactGroup
arms:CreateDispatchRule
arms:CreateOrUpdateIMRobot
arms:CreateOrUpdateWebhookContact
arms:CreateProm
arms:CreatePrometheusAlertRule
arms:DeleteAlert
arms:DeleteAlertContact
arms:DeleteAlertContactGroup
arms:DeleteAlertRules
arms:DeleteAlertTemplate
arms:DeleteApp
arms:DeleteContact
arms:DeleteContactGroup
arms:DeleteContactLink
arms:DeleteContactMember
arms:DeleteDispatchRule
arms:DeleteIMRobot
arms:DeletePrometheusAlertRule
arms:DeleteWebhookContact
arms:DescribeDispatchRule
arms:DescribeIMRobots
arms:DescribePrometheusAlertRule
arms:DescribeWebhookContacts
arms:DisableAlertTemplate
arms:EnableAlertTemplate
arms:GetAlarmHistories
arms:GetAlert
arms:GetAlertEvents
arms:GetAlertRules
arms:GetAlertRulesByPage
arms:GetAssumeRoleCredentials
arms:GetCommercialStatus
arms:InstallEventer
arms:InstallManagedPrometheus
arms:ListActivatedAlerts
arms:ListAlertTemplates
arms:ListDashboards
arms:ListDispatchRule
arms:ListEscalationPolicies
arms:ListOnCallSchedules
arms:ListPrometheusAlertRules
arms:ListPrometheusAlertTemplates
arms:QueryAlarmHistory
arms:QueryAlarmName
arms:SaveAlert
arms:SaveContactGroup
arms:SaveContactMember
arms:SaveTraceAppConfig
arms:SearchAlarmHistories
arms:SearchAlertRules
arms:SearchContact
arms:SearchContactGroup
arms:SearchEvents
arms:SendTTSVerifyLink
arms:StartAlert
arms:StartAlertRule
arms:StopAlert
arms:StopAlertRule
arms:UninstallManagedPrometheus
arms:UpdateAlertRules
arms:UpdateAlertTemplate
arms:UpdateContact
arms:UpdateContactGroup
arms:UpdateContactMember
arms:UpdateDispatchRule
arms:UpdatePrometheusAlertRule
arms:UpgradeAddonRelease
arms:CheckServiceStatus
arms:GetClusterAllUrl
arms:GetClusterInfoForArms
arms:GetExploreUrl
arms:GetIntegrationState
arms:GetManagedPrometheusStatus
arms:ListAlertEvents
arms:QueryMetric
arms:QueryPromInstallStatus
arms:SearchAlertContactGroup
arms:SearchAlertHistories
arms:CreateAlertContact
arms:CreateAlertContactGroup
arms:ImportCustomAlertRules
arms:SearchAlertContact
arms:UpdateAlertContact
arms:UpdateAlertContactGroup
arms:UpdateAlertRule
arms:UpdateWebhook
arms:InnerFetchContactGroupByArmsContactGroupId
xtrace:GetToken
arms:ListEnvironments
arms:DescribeAddonRelease
arms:InstallAddon
arms:DeleteAddonRelease
arms:ListEnvironmentDashboards
arms:ListAddonReleases
arms:CreateEnvironment
arms:InitEnvironment
arms:DescribeEnvironment
arms:InstallEnvironmentFeature
arms:ListEnvironmentFeatures
arms:UpdateEnvironment
arms:GetPrometheusInstance
arms:GetPrometheusApiToken

Izin terkait MSE

mse:AddBlackWhiteList
mse:AddGateway
mse:AddServiceSource
mse:CreateApplication
mse:DeleteGateway
mse:GetBlackWhiteList
mse:GetGateway
mse:GetGatewayDetail
mse:GetGatewayOption
mse:ListServiceSource
mse:ListTagResources
mse:ModifyLosslessRule
mse:TagResources
mse:UntagResources
mse:UpdateBlackWhiteList
mse:UpdateGatewayOption
mse:UpdateServiceSource
mse:GetLicenseKey
mse:CreateGovernanceKubernetesCluster
mse:ReportOnePilotInfo
mse:GenerateAgentLogSts
mse:GetOpenSergoInfoByClusterId
mse:ListNamespaces
mse:ReportAppProfile

Izin terkait Simple Log Service

log:PostLogStoreLogs
log:RemoteWritePrometheus
log:RemoteWrite

Langkah selanjutnya

Untuk ikhtisar izin dan skenario otorisasi ACK One, lihat Ikhtisar otorisasi.
Untuk memberikan izin kepada Pengguna RAM atau Peran RAM pada resource ACK One, lihat Lampirkan kebijakan izin sistem ke Pengguna RAM atau Peran RAM.
Untuk memberikan izin kepada Pengguna RAM atau Peran RAM pada resource Kubernetes di kluster tertentu, lihat Berikan izin RBAC kepada Pengguna RAM atau Peran RAM.