Saat pertama kali menggunakan kelompok sumber daya eksklusif, Anda harus memberikan izin kepada DataWorks untuk mengakses produk Alibaba Cloud lainnya. Setelah otorisasi selesai, sistem akan secara otomatis membuat peran terkait layanan bernama AliyunServiceRoleForDataWorks. Peran ini digunakan oleh DataWorks untuk mengakses sumber daya Anda di produk Alibaba Cloud lainnya. Topik ini menjelaskan cara melihat detail peran tersebut.
Latar Belakang
Untuk informasi lebih lanjut tentang peran terkait layanan, lihat Peran terkait layanan.
Pengenalan AliyunServiceRoleForDataWorks
Nama peran: AliyunServiceRoleForDataWorks
Tujuan peran: Mengizinkan DataWorks mengakses sumber daya Anda di produk cloud lainnya, seperti Elastic Computing Service (ECS), virtual private cloud (VPC), File Storage NAS, Container Registry (ACR), MaxCompute, dan Object Storage Service (OSS).
Kebijakan peran yang disambungkan: AliyunServiceRolePolicyForDataWorks
Detail kebijakan:
Masuk ke Konsol RAM dan pilih untuk melihat detail peran terkait layanan.
Klik nama peran terkait layanan. Pada tab Permission Management, Anda dapat melihat detail kebijakan sistem yang disambungkan. Kebijakan ini mencakup izin untuk produk berikut:
Izin akses untuk Elastic Computing Service (ECS)
{ "Version": "1", "Statement": [ { "Action": [ "ecs:AttachNetworkInterface", "ecs:AuthorizeSecurityGroup", "ecs:AuthorizeSecurityGroupEgress", "ecs:CreateNetworkInterface", "ecs:CreateNetworkInterfacePermission", "ecs:CreateSecurityGroup", "ecs:DeleteNetworkInterface", "ecs:DeleteNetworkInterfacePermission", "ecs:DeleteSecurityGroup", "ecs:DescribeNetworkInterfacePermissions", "ecs:DescribeNetworkInterfaces", "ecs:DescribeSecurityGroupAttribute", "ecs:DescribeSecurityGroupReferences", "ecs:DescribeSecurityGroups", "ecs:DetachNetworkInterface", "ecs:JoinSecurityGroup", "ecs:LeaveSecurityGroup", "ecs:ModifyNetworkInterfaceAttribute", "ecs:ModifySecurityGroupAttribute", "ecs:ModifySecurityGroupPolicy", "ecs:ModifySecurityGroupRule", "ecs:RevokeSecurityGroup", "ecs:RevokeSecurityGroupEgress", "ecs:AssignIpv6Addresses", "ecs:UnassignIpv6Addresses" ], "Resource": "*", "Effect": "Allow" } ] }Izin akses untuk virtual private cloud (VPC)
{ "Version": "1", "Statement": [ { "Action": [ "vpc:DescribeVpcs", "vpc:DescribeVpcAttribute", "vpc:DescribeVSwitches", "vpc:DescribeVSwitchAttributes", "vpc:CreateVpc", "vpc:CreateVSwitch" ], "Resource": "*", "Effect": "Allow" } ] }Izin akses untuk File Storage NAS
{ "Version": "1", "Statement": [ { "Action": [ "nas:DescribeFileSystems", "nas:DescribeMountTargets", "nas:CreateMountTarget", "nas:ModifyMountTarget", "nas:DescribeProtocolMountTarget" ], "Effect": "Allow", "Resource": "*" } ] }Izin akses untuk Container Registry (ACR)
{ "Version": "1", "Statement": [ { "Action": [ "cr:ListNamespace", "cr:ListRepository", "cr:GetAuthorizationToken", "cr:ListInstanceEndpoint", "cr:PullRepository", "cr:PushRepository", "cr:GetInstance", "cr:GetInstanceVpcEndpoint", "cr:ListInstance", "cr:ListInstanceDomain", "cr:GetRepository", "cr:GetRepositoryLayers", "cr:ListRepositoryTag", "cr:GetNamespace", "cr:GetRepoTag", "cr:CreateInstanceVpcEndpointLinkedVpc", "cr:GetInstanceEndpoint" ], "Resource": "*", "Effect": "Allow" } ] }Izin akses untuk MaxCompute
{ "Version": "1", "Statement": [ { "Action": [ "odps:GetImage", "odps:AddImage", "odps:RemoveImage" ], "Resource": "*", "Effect": "Allow" } ] }Izin akses untuk Object Storage Service (OSS)
{ "Version": "1", "Statement": [ { "Action": [ "oss:GetObject", "oss:PutObject", "oss:DeleteObject", "oss:ListParts", "oss:AbortMultipartUpload", "oss:ListObjects", "oss:ListBuckets", "oss:PutBucketCors", "oss:GetBucketCors", "oss:DeleteBucketCors", "oss:GetBucketInfo", "oss:ListBuckets" ], "Resource": "*", "Effect": "Allow" } ] }Izin kontrol untuk sumber daya DataWorks
{ "Version": "1", "Statement": [ { "Action": [ "dataworks:ListTagResources", "dataworks:TagResources", "dataworks:UntagResources", "dataworks:ChangeResourceManagerResourceGroup" ], "Resource": "*", "Effect": "Allow" } ] }