リソースグループを活用することで、Cloud Backupリソースの一元管理が可能になり、RAM (Resource Access Management) ポリシーを用いたグループ単位でのきめ細かなアクセス制御を実現できます。これにより、Alibaba Cloud アカウントで最小権限の原則 (PoLP) を徹底できます。
リソースグループレベルの権限設定は、サポート対象リソースタイプとアクションに限られます。サポート対象外アクションの場合、リソースグループに対するポリシーを指定しても無視されます。アクセス制御のため、アカウントに対するポリシーを設定する必要があります。
仕組み
リソースグループは、プロジェクトや環境ごとにリソースを整理します。リソースをグループ化したら、そのグループにのみ権限を限定する RAM ポリシーをアイデンティティ (RAM ユーザー、ユーザーグループ、ロールなど) にアタッチできます。詳細については、「リソースのグループ化と権限付与」をご参照ください。
このアプローチには、主に 2 つのメリットがあります。
-
きめ細かなアクセス制御:アカウント全体の権限を付与する代わりに、アイデンティティのアクセスを特定のグループ内のリソースのみに制限できます。これにより、プロジェクト固有のワークロードを分離し、意図しないアクセスのリスクを軽減できます。
-
管理の簡素化:新しいリソースがリソースグループに追加されると、そのグループに限定された権限を持つ RAM アイデンティティは自動的にアクセスできます。新しいリソースが作成されるたびに RAM ポリシーを更新する必要はありません。
RAM ユーザーへのリソースグループレベルの権限付与
このセクションでは、特定のリソースグループ内のCloud Backupリソースにのみアクセス権限を RAM ユーザーに付与する方法について説明します。
1. 前提条件
-
RAM ユーザーが作成されていること。
-
リソースグループを作成し、対象リソースがそのグループ内にあること。詳細については、「リソースグループの作成」、「リソースをリソースグループに自動追加」、および「リソースをリソースグループに手動で追加」をご参照ください。
2. 権限付与
リソースグループレベルの権限は、Resource Management コンソールまたは RAM コンソールのいずれかから付与できます。
Resource Management コンソール
-
Resource Management コンソールにログインします。
-
[Resource Group] ページで、対象のリソースグループを見つけ、[Actions] 列の [Manage Permission] をクリックします。
-
[Permissions] タブで、[Grant Permission] をクリックします。
-
[Grant Permission] パネルで、プリンシパルとアクセスポリシーを設定します。
-
Principal:RAM ユーザーを選択します。
-
Policy:[System Policy] または [Custom Policy] を選択します。詳細については、「カスタム権限ポリシーの作成」をご参照ください。
-
-
[Grant Permissions] をクリックします。
詳細については、「リソースグループに対する RAM アイデンティティへの権限付与」をご参照ください。
RAM コンソール
-
Alibaba Cloud アカウント (root ユーザー)または RAM 管理者アカウントを使用して、RAM コンソールにログインします。
-
左側のメニューで、を選択します。[Users] ページで、対象の RAM ユーザーを見つけ、[Actions] 列の [Add Permissions] をクリックします。
-
[Grant Permission] パネルで、RAM ユーザーに権限を追加します。
-
Resource Scope:[Resource Group] を選択します。
-
Principal:既存の RAM ユーザーまたは前のステップで作成した RAM ユーザーを選択します。
-
Access Policy:[System Policy] または [Custom Policy] を選択します。詳細については、「カスタム権限ポリシーの作成」をご参照ください。
-
-
[OK] をクリックします。
詳細については、「RAM ユーザーへの権限付与」をご参照ください。
サポート対象リソース
以下のCloud Backupリソースは、リソースグループレベルの権限付与をサポートしています。
|
Alibaba Cloud サービス |
サービスコード |
リソースタイプ |
|
Cloud Backup |
hbr |
hanainstance : SAP HANA インスタンス |
|
Cloud Backup |
hbr |
vault : ボールト |
上表に記載されていないリソースタイプのサポートをリクエストするには、Resource Management コンソールでフィードバックを送信してください。
サポート対象外アクション
以下のCloud Backupアクションは、リソースグループレベルの権限付与をサポートしていません。
|
アクション |
説明 |
|
hbr:ActivateClient |
- |
|
hbr:ActivateEcsClient |
- |
|
hbr:AddContainerCluster |
- |
|
hbr:AddCrossAccount |
- |
|
hbr:AddDataSource |
- |
|
hbr:AddHanaMetadata |
- |
|
hbr:AddIndexCluster |
- |
|
hbr:AddParameter |
- |
|
hbr:AddServer |
- |
|
hbr:AddSqlServerLog |
- |
|
hbr:AddVcenter |
- |
|
hbr:BatchCountTables |
- |
|
hbr:BrowseAirFiles |
- |
|
hbr:BrowseFileDetectionRiskFiles |
- |
|
hbr:BrowseFiles |
- |
|
hbr:CallMaintenanceApi |
- |
|
hbr:CallUniGatewayApi |
- |
|
hbr:CancelBackupJob |
- |
|
hbr:CancelDiscoveringDatabase |
- |
|
hbr:CancelFileDetection |
- |
|
hbr:CancelHanaBackup |
- |
|
hbr:CancelHanaRestore |
- |
|
hbr:CancelJob |
- |
|
hbr:CancelRestore |
- |
|
hbr:CancelRestoreJob |
- |
|
hbr:CancelSqlServerRestore |
- |
|
hbr:CancelStreamFileSyncTask |
- |
|
hbr:CancelVmBackup |
- |
|
hbr:CancelVmLocalRestore |
- |
|
hbr:CancelVmMigration |
- |
|
hbr:CheckRole |
- |
|
hbr:CheckSlrRole |
- |
|
hbr:ClientReceiveMessage |
- |
|
hbr:ClientSendMessage |
- |
|
hbr:CommitTestRestore |
- |
|
hbr:CompleteVmIncrementalMigration |
- |
|
hbr:ControlReplicationVault |
- |
|
hbr:ControlUniBackupJob |
- |
|
hbr:ControlUniBackupPlan |
- |
|
hbr:ConvertToPostPaidInstance |
- |
|
hbr:CreateAirEcsInstance |
- |
|
hbr:CreateAirRestoreJob |
- |
|
hbr:CreateBackupEssentialEdition |
- |
|
hbr:CreateBackupJob |
- |
|
hbr:CreateBackupPlan |
- |
|
hbr:CreateBackupSourceGroup |
- |
|
hbr:CreateChildBackupJobs |
- |
|
hbr:CreateClient |
- |
|
hbr:CreateCluster |
- |
|
hbr:CreateContact |
- |
|
hbr:CreateContactGroup |
- |
|
hbr:CreateEcsAirBackup |
- |
|
hbr:CreateHanaRestore |
- |
|
hbr:CreateJob |
- |
|
hbr:CreateJobs |
- |
|
hbr:CreatePolicy |
- |
|
hbr:CreatePolicyBindings |
- |
|
hbr:CreatePolicyV2 |
- |
|
hbr:CreateReportFileGenerateTask |
- |
|
hbr:CreateRestore |
- |
|
hbr:CreateRestoreJob |
- |
|
hbr:CreateSlr |
- |
|
hbr:CreateSnapshot |
- |
|
hbr:CreateSnapshot2 |
- |
|
hbr:CreateSqlServerInstance |
- |
|
hbr:CreateSqlServerRestore |
- |
|
hbr:CreateSqlServerSnapshot |
- |
|
hbr:CreateSubTask |
- |
|
hbr:CreateTempFileUploadUrl |
- |
|
hbr:CreateUniBackupPlan |
- |
|
hbr:CreateUniBackupVault |
- |
|
hbr:CreateUniRestorePlan |
- |
|
hbr:CreateUploadLogTask |
- |
|
hbr:CreateVaultTransition |
- |
|
hbr:CreateVmBackupPlan |
- |
|
hbr:CreateVmMigrationPlan |
- |
|
hbr:DeleteAirEcsInstance |
- |
|
hbr:DeleteBackupClient |
- |
|
hbr:DeleteBackupClientResource |
- |
|
hbr:DeleteBackupEssentialEdition |
- |
|
hbr:DeleteBackupPlan |
- |
|
hbr:DeleteBackupSourceGroup |
- |
|
hbr:DeleteClients |
- |
|
hbr:DeleteCluster |
- |
|
hbr:DeleteContact |
- |
|
hbr:DeleteContactGroup |
- |
|
hbr:DeleteContainerCluster |
- |
|
hbr:DeleteCrossAccount |
- |
|
hbr:DeleteEcsAirBackup |
- |
|
hbr:DeleteHanaMetadata |
- |
|
hbr:DeleteJob |
- |
|
hbr:DeletePolicy |
- |
|
hbr:DeletePolicyBinding |
- |
|
hbr:DeletePolicyV2 |
- |
|
hbr:DeleteServer |
- |
|
hbr:DeleteSnapshot |
- |
|
hbr:DeleteSqlServerBackupJob |
- |
|
hbr:DeleteSqlServerInstance |
- |
|
hbr:DeleteSqlServerLog |
- |
|
hbr:DeleteSqlServerSnapshot |
- |
|
hbr:DeleteUdmDisk |
- |
|
hbr:DeleteUdmEcsInstance |
- |
|
hbr:DeleteUniBackupClient |
- |
|
hbr:DeleteUniBackupCluster |
- |
|
hbr:DeleteUniBackupPlan |
- |
|
hbr:DeleteUniBackupVault |
- |
|
hbr:DeleteUniRestorePlan |
- |
|
hbr:DeleteVcenter |
- |
|
hbr:DeleteVmBackupPlanExecution |
- |
|
hbr:DeleteVmMigrationPlan |
- |
|
hbr:DescribeAirEcsInstancesInfo |
- |
|
hbr:DescribeAirInstances |
- |
|
hbr:DescribeAirSnapshots |
- |
|
hbr:DescribeAlertConfig |
- |
|
hbr:DescribeBackupClients |
- |
|
hbr:DescribeBackupJobStatistics |
- |
|
hbr:DescribeBackupJobs |
- |
|
hbr:DescribeBackupJobs2 |
- |
|
hbr:DescribeBackupPlans |
- |
|
hbr:DescribeBackupSourceGroups |
- |
|
hbr:DescribeBackupSources |
- |
|
hbr:DescribeClientAlertConfig |
- |
|
hbr:DescribeClientVersion |
- |
|
hbr:DescribeClusters |
- |
|
hbr:DescribeContainerCluster |
- |
|
hbr:DescribeContainerResource |
- |
|
hbr:DescribeCrossAccounts |
- |
|
hbr:DescribeDataSourceProtectionDetails |
- |
|
hbr:DescribeDataSourceProtectionStatistics |
- |
|
hbr:DescribeDataSources |
- |
|
hbr:DescribeDisks |
- |
|
hbr:DescribeEcsInstances |
- |
|
hbr:DescribeFeatureTrialInfo |
- |
|
hbr:DescribeFeatureUser |
- |
|
hbr:DescribeFileDetections |
- |
|
- |
|
|
hbr:DescribeHanaBackupSetting |
- |
|
hbr:DescribeHanaBackups |
- |
|
hbr:DescribeHanaMetadata |
- |
|
hbr:DescribeHanaRetentionSetting |
- |
|
hbr:DescribeIndexClusters |
- |
|
hbr:DescribeInstances |
- |
|
hbr:DescribeInstancesInVault |
- |
|
hbr:DescribeInstancesInfo |
- |
|
hbr:DescribeJobs |
- |
|
hbr:DescribeKmsAliases |
- |
|
hbr:DescribeKmsKeys |
- |
|
hbr:DescribeNasFileSystems |
- |
|
hbr:DescribeOtsInstances |
- |
|
hbr:DescribeOtsTableSnapshots |
- |
|
hbr:DescribeOverview |
- |
|
hbr:DescribeParameterSchemas |
- |
|
hbr:DescribeParameters |
- |
|
hbr:DescribePlans |
- |
|
hbr:DescribePolicies |
- |
|
hbr:DescribePoliciesV2 |
- |
|
hbr:DescribePolicyBindingAlertConfig |
- |
|
hbr:DescribePolicyBindings |
- |
|
hbr:DescribeProtectedEcsInstances |
- |
|
hbr:DescribeRecoverableOtsInstances |
- |
|
hbr:DescribeRestoreJobs |
- |
|
hbr:DescribeRestoreJobs2 |
- |
|
hbr:DescribeRestores |
- |
|
hbr:DescribeSecurityGroups |
- |
|
hbr:DescribeServers |
- |
|
hbr:DescribeSnapshotExistenceByTimeRange |
- |
|
hbr:DescribeSnapshots |
- |
|
hbr:DescribeSqlServerDatabases |
- |
|
hbr:DescribeSqlServerInstances |
- |
|
hbr:DescribeSqlServerLogs |
- |
|
hbr:DescribeSqlServerRestores |
- |
|
hbr:DescribeSqlServerSnapshots |
- |
|
hbr:DescribeStreamFileSyncTasks |
- |
|
hbr:DescribeSubTask |
- |
|
hbr:DescribeUdmDisks |
- |
|
hbr:DescribeUdmEcsInstances |
- |
|
hbr:DescribeUdmSnapshotLinks |
- |
|
hbr:DescribeUdmSnapshots |
- |
|
hbr:DescribeUniBackupClients |
- |
|
hbr:DescribeUniBackupCluster |
- |
|
hbr:DescribeUniBackupInstanceDetail |
- |
|
hbr:DescribeUniBackupInstances |
- |
|
hbr:DescribeUniBackupPlans |
- |
|
hbr:DescribeUniBackupTrialInfo |
- |
|
hbr:DescribeUniBackupTrialUser |
- |
|
hbr:DescribeUniBackupVault |
- |
|
hbr:DescribeUniHistories |
- |
|
hbr:DescribeUniRestoreInfo |
- |
|
hbr:DescribeUniRestorePlans |
- |
|
hbr:DescribeUserBusinessStatus |
- |
|
hbr:DescribeVSwitches |
- |
|
hbr:DescribeVcenters |
- |
|
hbr:DescribeVmBackupPlanExecution |
- |
|
hbr:DescribeVmBackupPlanExecutions |
- |
|
hbr:DescribeVmBackupPlans |
- |
|
hbr:DescribeVmClientFlowControlPolicy |
- |
|
hbr:DescribeVmIncrementalMigrationJob |
- |
|
hbr:DescribeVmIncrementalMigrations |
- |
|
hbr:DescribeVmMigrationPlans |
- |
|
hbr:DescribeVmMigrations |
- |
|
hbr:DescribeVpcs |
- |
|
hbr:DetachNasFileSystem |
- |
|
hbr:DisableAirBackupPlan |
- |
|
hbr:DisableBackupPlan |
- |
|
hbr:DisableEcsAirBackup |
- |
|
hbr:DisableJob |
- |
|
hbr:DisableVmBackupPlan |
- |
|
hbr:DiscoverDatabase |
- |
|
hbr:EnableAirBackupPlan |
- |
|
hbr:EnableBackupPlan |
- |
|
hbr:EnableEcsAirBackup |
- |
|
hbr:EnableJob |
- |
|
hbr:EnableVmBackupPlan |
- |
|
hbr:ExecuteAirBackupPlan |
- |
|
hbr:ExecuteBackupPlan |
- |
|
hbr:ExecuteHanaBackup |
- |
|
hbr:ExecuteJob |
- |
|
hbr:ExecutePlan |
- |
|
hbr:ExecutePolicyV2 |
- |
|
hbr:ExploreVcenter |
- |
|
hbr:GenerateClientToken |
- |
|
hbr:GenerateInstallLocalBackupClientScript |
- |
|
hbr:GenerateStsCredential |
- |
|
hbr:GenerateUninstallLocalBackupClientScript |
- |
|
hbr:GetAirStatistics |
- |
|
hbr:GetBasicStatistics |
- |
|
hbr:GetBucket |
- |
|
hbr:GetClientDownloadLink |
- |
|
hbr:GetClientsToRestore |
- |
|
hbr:GetDirectorySize |
- |
|
hbr:GetDiscoveredDatabase |
- |
|
hbr:GetFileDetectionStatistics |
- |
|
hbr:GetGlobalStatistics |
- |
|
hbr:GetMetrics |
- |
|
hbr:GetNasToRestore |
- |
|
hbr:GetOssBucketsToRestore |
- |
|
hbr:GetProtectedResource |
- |
|
hbr:GetReactivateUserToken |
- |
|
hbr:GetRunningAgents |
- |
|
hbr:GetSnapshotErrorFileDownloadLink |
- |
|
hbr:GetSnapshotRiskFileDownloadLink |
- |
|
hbr:GetSqlServerDatabasesToRestore |
- |
|
hbr:GetSqlServersToRestore |
- |
|
hbr:GetSyncActualSize |
- |
|
hbr:GetSystemSettings |
- |
|
hbr:GetTempFileDownloadLink |
- |
|
hbr:GetTrialInfo |
- |
|
hbr:GetUniBackupInstallerToken |
- |
|
hbr:GetUserToken |
- |
|
hbr:GetValidParameter |
- |
|
hbr:GetVaultBuckets |
- |
|
hbr:GetVaultCredential |
- |
|
hbr:GetVaultList |
- |
|
hbr:GetVaultTransition |
- |
|
hbr:GetVaults |
- |
|
hbr:InitClusterForCpfs |
- |
|
hbr:InstallBackupClients |
- |
|
hbr:InstallLocalBackupClients |
- |
|
hbr:InstallUniBackupAgent |
- |
|
hbr:KeepAfterTrialExpiration |
- |
|
hbr:ListBucketInventory |
- |
|
hbr:ListGrayReleaseObjectTypes |
- |
|
hbr:ListOssBuckets |
- |
|
hbr:ListOtsInstances |
- |
|
hbr:ListOtsTables |
- |
|
hbr:ListPolicyTagDataSources |
- |
|
hbr:ListProtectedResources |
- |
|
hbr:ListReportFiles |
- |
|
hbr:ListTagKeys |
- |
|
hbr:ListTagResources |
- |
|
hbr:ListTagValues |
- |
|
hbr:ListVaultTransitions |
- |
|
hbr:LocalRestoreVms |
- |
|
hbr:OfflineAgent |
- |
|
hbr:OpenHbrService |
- |
|
hbr:OpsDescribeClientConnectionStatistics |
- |
|
hbr:OpsDescribeClientConnections |
- |
|
hbr:OpsDescribeMessageStatistics |
- |
|
hbr:OpsDescribeMessages |
- |
|
hbr:OpsDescribePolicies |
- |
|
hbr:OpsDescribePolicyBindings |
- |
|
hbr:OpsExecutePlans |
- |
|
hbr:PreCheckDatabase |
- |
|
hbr:PreCheckSourceGroup |
- |
|
hbr:PrecheckSqlServerInstance |
- |
|
hbr:QueryAvailableInstances |
- |
|
hbr:RecordSubTaskLaunch |
- |
|
hbr:RemoveDataSource |
- |
|
hbr:RemoveParameter |
- |
|
hbr:RemoveVmBackupPlan |
- |
|
hbr:RenewClientToken |
- |
|
hbr:ReportFileDetectionRiskFiles |
- |
|
hbr:ReportStatistics |
- |
|
hbr:ResumeVmMigration |
- |
|
hbr:RunVmBackupPlan |
- |
|
hbr:SearchBackupFiles |
- |
|
hbr:SearchHistoricalSnapshots |
- |
|
hbr:SearchObject |
- |
|
hbr:SendEmailVerifyCode |
- |
|
hbr:SendMessage |
- |
|
hbr:SendMobileVerifyCode |
- |
|
hbr:SendSlaRecord |
- |
|
hbr:SetNasLimiterForFileSystem |
- |
|
hbr:SetSystemSetting |
- |
|
hbr:StartHanaDatabaseAsync |
- |
|
hbr:StopHanaDatabaseAsync |
- |
|
hbr:SubmitStreamFileSyncTask |
- |
|
hbr:TagResources |
- |
|
hbr:TestRestoreVmMigration |
- |
|
hbr:UninstallBackupClients |
- |
|
hbr:UninstallLocalBackupClients |
- |
|
hbr:UninstallUniBackupAgent |
- |
|
hbr:UntagResources |
- |
|
hbr:UpdateAirAlertConfig |
- |
|
hbr:UpdateAirInstance |
- |
|
hbr:UpdateAlertConfig |
- |
|
hbr:UpdateBackupJob |
- |
|
hbr:UpdateBackupJobToConfirmed |
- |
|
hbr:UpdateBackupJobs |
- |
|
hbr:UpdateBackupPlan |
- |
|
hbr:UpdateBackupSourceGroup |
- |
|
hbr:UpdateClientAlertConfig |
- |
|
hbr:UpdateClientClusterForCpfs |
- |
|
hbr:UpdateCluster |
- |
|
hbr:UpdateContact |
- |
|
hbr:UpdateContactGroup |
- |
|
hbr:UpdateContainerCluster |
- |
|
hbr:UpdateDataSource |
- |
|
hbr:UpdateFeatureUserTrialInfo |
- |
|
hbr:UpdateHanaBackupSetting |
- |
|
hbr:UpdateHanaRestore |
- |
|
hbr:UpdateHanaRetentionSetting |
- |
|
- |
|
|
hbr:UpdateJob |
- |
|
hbr:UpdateParameter |
- |
|
hbr:UpdatePlan |
- |
|
hbr:UpdatePolicy |
- |
|
hbr:UpdatePolicyBinding |
- |
|
hbr:UpdatePolicyBindingAlertConfig |
- |
|
hbr:UpdatePolicyV2 |
- |
|
hbr:UpdateRestore |
- |
|
hbr:UpdateRestoreJob |
- |
|
hbr:UpdateServer |
- |
|
hbr:UpdateSnapshot |
- |
|
hbr:UpdateSnapshotInner |
- |
|
hbr:UpdateSqlServerInstance |
- |
|
hbr:UpdateSqlServerRestore |
- |
|
hbr:UpdateSubTask |
- |
|
hbr:UpdateUniBackupCluster |
- |
|
hbr:UpdateUniBackupInstance |
- |
|
hbr:UpdateUniBackupPlan |
- |
|
hbr:UpdateUniBackupTrialUser |
- |
|
hbr:UpdateUniBackupVault |
- |
|
hbr:UpdateVcenter |
- |
|
hbr:UpdateVmBackupPlan |
- |
|
hbr:UpdateVmBackupPlanExecution |
- |
|
hbr:UpdateVmClientFlowControlPolicy |
- |
|
hbr:UpdateVmIncrementalMigration |
- |
|
hbr:UpdateVmMigration |
- |
|
hbr:UpgradeBackupClients |
- |
|
hbr:UpgradeUniBackupAgent |
- |
上記のアクションについては、 [Resource Scope] を [Account] に設定し、カスタムポリシーを作成する必要があります。
以下のポリシー例は、必要に応じてカスタマイズ可能です。
-
読み取り専用アクセスの許可
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "hbr:BatchCountTables", "hbr:BrowseFiles", "hbr:CheckRole", "hbr:DescribeAirEcsInstancesInfo", "hbr:DescribeAirInstances", "hbr:DescribeAirSnapshots", "hbr:DescribeAlertConfig", "hbr:DescribeBackupClients", "hbr:DescribeBackupJobStatistics", "hbr:DescribeBackupJobs", "hbr:DescribeBackupJobs2", "hbr:DescribeBackupPlans", "hbr:DescribeBackupSourceGroups", "hbr:DescribeBackupSources", "hbr:DescribeClientAlertConfig", "hbr:DescribeClientVersion", "hbr:DescribeClusters", "hbr:DescribeContainerCluster", "hbr:DescribeContainerResource", "hbr:DescribeCrossAccounts", "hbr:DescribeDataSourceProtectionDetails", "hbr:DescribeDataSourceProtectionStatistics", "hbr:DescribeDataSources", "hbr:DescribeDisks", "hbr:DescribeEcsInstances", "hbr:DescribeFeatureTrialInfo", "hbr:DescribeFeatureUser", "hbr:DescribeFileDetections", "hbr:DescribeGatewayWaterLevel", "hbr:DescribeHanaBackupSetting", "hbr:DescribeHanaBackups", "hbr:DescribeHanaMetadata", "hbr:DescribeHanaRetentionSetting", "hbr:DescribeIndexClusters", "hbr:DescribeInstances", "hbr:DescribeInstancesInVault", "hbr:DescribeInstancesInfo", "hbr:DescribeJobs", "hbr:DescribeKmsAliases", "hbr:DescribeKmsKeys", "hbr:DescribeNasFileSystems", "hbr:DescribeOtsInstances", "hbr:DescribeOtsTableSnapshots", "hbr:DescribeOverview", "hbr:DescribeParameterSchemas", "hbr:DescribeParameters", "hbr:DescribePlans", "hbr:DescribePolicies", "hbr:DescribePoliciesV2", "hbr:DescribePolicyBindingAlertConfig", "hbr:DescribePolicyBindings", "hbr:DescribeProtectedEcsInstances", "hbr:DescribeRecoverableOtsInstances", "hbr:DescribeRestoreJobs", "hbr:DescribeRestoreJobs2", "hbr:DescribeRestores", "hbr:DescribeSecurityGroups", "hbr:DescribeServers", "hbr:DescribeSnapshotExistenceByTimeRange", "hbr:DescribeSnapshots", "hbr:DescribeSqlServerDatabases", "hbr:DescribeSqlServerInstances", "hbr:DescribeSqlServerLogs", "hbr:DescribeSqlServerRestores", "hbr:DescribeSqlServerSnapshots", "hbr:DescribeStreamFileSyncTasks", "hbr:DescribeSubTask", "hbr:DescribeUdmDisks", "hbr:DescribeUdmEcsInstances", "hbr:DescribeUdmSnapshotLinks", "hbr:DescribeUdmSnapshots", "hbr:DescribeUniBackupClients", "hbr:DescribeUniBackupCluster", "hbr:DescribeUniBackupInstanceDetail", "hbr:DescribeUniBackupInstances", "hbr:DescribeUniBackupPlans", "hbr:DescribeUniBackupTrialInfo", "hbr:DescribeUniBackupTrialUser", "hbr:DescribeUniBackupVault", "hbr:DescribeUniHistories", "hbr:DescribeUniRestoreInfo", "hbr:DescribeUniRestorePlans", "hbr:DescribeUserBusinessStatus", "hbr:DescribeVSwitches", "hbr:DescribeVcenters", "hbr:DescribeVmBackupPlanExecution", "hbr:DescribeVmBackupPlanExecutions", "hbr:DescribeVmBackupPlans", "hbr:DescribeVmClientFlowControlPolicy", "hbr:DescribeVmIncrementalMigrationJob", "hbr:DescribeVmIncrementalMigrations", "hbr:DescribeVmMigrationPlans", "hbr:DescribeVmMigrations", "hbr:DescribeVpcs", "hbr:GetAirStatistics", "hbr:GetBasicStatistics", "hbr:GetBucket", "hbr:GetClientDownloadLink", "hbr:GetClientsToRestore", "hbr:GetDirectorySize", "hbr:GetDiscoveredDatabase", "hbr:GetFileDetectionStatistics", "hbr:GetGlobalStatistics", "hbr:GetMetrics", "hbr:GetNasToRestore", "hbr:GetOssBucketsToRestore", "hbr:GetProtectedResource", "hbr:GetReactivateUserToken", "hbr:GetRunningAgents", "hbr:GetSnapshotErrorFileDownloadLink", "hbr:GetSnapshotRiskFileDownloadLink", "hbr:GetSqlServerDatabasesToRestore", "hbr:GetSqlServersToRestore", "hbr:GetSyncActualSize", "hbr:GetSystemSettings", "hbr:GetTempFileDownloadLink", "hbr:GetTrialInfo", "hbr:GetUniBackupInstallerToken", "hbr:GetUserToken", "hbr:GetValidParameter", "hbr:GetVaultBuckets", "hbr:GetVaultCredential", "hbr:GetVaultList", "hbr:GetVaultTransition", "hbr:GetVaults", "hbr:ListBucketInventory", "hbr:ListGrayReleaseObjectTypes", "hbr:ListOssBuckets", "hbr:ListOtsInstances", "hbr:ListOtsTables", "hbr:ListPolicyTagDataSources", "hbr:ListProtectedResources", "hbr:ListReportFiles", "hbr:ListTagKeys", "hbr:ListTagResources", "hbr:ListTagValues", "hbr:ListVaultTransitions", "hbr:PreCheckSourceGroup", "hbr:QueryAvailableInstances", "hbr:SearchBackupFiles", "hbr:SearchHistoricalSnapshots", "hbr:SearchObject" ], "Resource": "*" } ] } -
フルアクセスの許可
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "hbr:ActivateClient", "hbr:ActivateEcsClient", "hbr:AddContainerCluster", "hbr:AddCrossAccount", "hbr:AddDataSource", "hbr:AddHanaMetadata", "hbr:AddIndexCluster", "hbr:AddParameter", "hbr:AddServer", "hbr:AddSqlServerLog", "hbr:AddVcenter", "hbr:BatchCountTables", "hbr:BrowseAirFiles", "hbr:BrowseFileDetectionRiskFiles", "hbr:BrowseFiles", "hbr:CallMaintenanceApi", "hbr:CallUniGatewayApi", "hbr:CancelBackupJob", "hbr:CancelDiscoveringDatabase", "hbr:CancelFileDetection", "hbr:CancelHanaBackup", "hbr:CancelHanaRestore", "hbr:CancelJob", "hbr:CancelRestore", "hbr:CancelRestoreJob", "hbr:CancelSqlServerRestore", "hbr:CancelStreamFileSyncTask", "hbr:CancelVmBackup", "hbr:CancelVmLocalRestore", "hbr:CancelVmMigration", "hbr:CheckRole", "hbr:CheckSlrRole", "hbr:ClientReceiveMessage", "hbr:ClientSendMessage", "hbr:CommitTestRestore", "hbr:CompleteVmIncrementalMigration", "hbr:ControlReplicationVault", "hbr:ControlUniBackupJob", "hbr:ControlUniBackupPlan", "hbr:ConvertToPostPaidInstance", "hbr:CreateAirEcsInstance", "hbr:CreateAirRestoreJob", "hbr:CreateBackupEssentialEdition", "hbr:CreateBackupJob", "hbr:CreateBackupPlan", "hbr:CreateBackupSourceGroup", "hbr:CreateChildBackupJobs", "hbr:CreateClient", "hbr:CreateCluster", "hbr:CreateContact", "hbr:CreateContactGroup", "hbr:CreateEcsAirBackup", "hbr:CreateHanaRestore", "hbr:CreateJob", "hbr:CreateJobs", "hbr:CreatePolicy", "hbr:CreatePolicyBindings", "hbr:CreatePolicyV2", "hbr:CreateReportFileGenerateTask", "hbr:CreateRestore", "hbr:CreateRestoreJob", "hbr:CreateSlr", "hbr:CreateSnapshot", "hbr:CreateSnapshot2", "hbr:CreateSqlServerInstance", "hbr:CreateSqlServerRestore", "hbr:CreateSqlServerSnapshot", "hbr:CreateSubTask", "hbr:CreateTempFileUploadUrl", "hbr:CreateUniBackupPlan", "hbr:CreateUniBackupVault", "hbr:CreateUniRestorePlan", "hbr:CreateUploadLogTask", "hbr:CreateVaultTransition", "hbr:CreateVmBackupPlan", "hbr:CreateVmMigrationPlan", "hbr:DeleteAirEcsInstance", "hbr:DeleteBackupClient", "hbr:DeleteBackupClientResource", "hbr:DeleteBackupEssentialEdition", "hbr:DeleteBackupPlan", "hbr:DeleteBackupSourceGroup", "hbr:DeleteClients", "hbr:DeleteCluster", "hbr:DeleteContact", "hbr:DeleteContactGroup", "hbr:DeleteContainerCluster", "hbr:DeleteCrossAccount", "hbr:DeleteEcsAirBackup", "hbr:DeleteHanaMetadata", "hbr:DeleteJob", "hbr:DeletePolicy", "hbr:DeletePolicyBinding", "hbr:DeletePolicyV2", "hbr:DeleteServer", "hbr:DeleteSnapshot", "hbr:DeleteSqlServerBackupJob", "hbr:DeleteSqlServerInstance", "hbr:DeleteSqlServerLog", "hbr:DeleteSqlServerSnapshot", "hbr:DeleteUdmDisk", "hbr:DeleteUdmEcsInstance", "hbr:DeleteUniBackupClient", "hbr:DeleteUniBackupCluster", "hbr:DeleteUniBackupPlan", "hbr:DeleteUniBackupVault", "hbr:DeleteUniRestorePlan", "hbr:DeleteVcenter", "hbr:DeleteVmBackupPlanExecution", "hbr:DeleteVmMigrationPlan", "hbr:DescribeAirEcsInstancesInfo", "hbr:DescribeAirInstances", "hbr:DescribeAirSnapshots", "hbr:DescribeAlertConfig", "hbr:DescribeBackupClients", "hbr:DescribeBackupJobStatistics", "hbr:DescribeBackupJobs", "hbr:DescribeBackupJobs2", "hbr:DescribeBackupPlans", "hbr:DescribeBackupSourceGroups", "hbr:DescribeBackupSources", "hbr:DescribeClientAlertConfig", "hbr:DescribeClientVersion", "hbr:DescribeClusters", "hbr:DescribeContainerCluster", "hbr:DescribeContainerResource", "hbr:DescribeCrossAccounts", "hbr:DescribeDataSourceProtectionDetails", "hbr:DescribeDataSourceProtectionStatistics", "hbr:DescribeDataSources", "hbr:DescribeDisks", "hbr:DescribeEcsInstances", "hbr:DescribeFeatureTrialInfo", "hbr:DescribeFeatureUser", "hbr:DescribeFileDetections", "hbr:DescribeGatewayWaterLevel", "hbr:DescribeHanaBackupSetting", "hbr:DescribeHanaBackups", "hbr:DescribeHanaMetadata", "hbr:DescribeHanaRetentionSetting", "hbr:DescribeIndexClusters", "hbr:DescribeInstances", "hbr:DescribeInstancesInVault", "hbr:DescribeInstancesInfo", "hbr:DescribeJobs", "hbr:DescribeKmsAliases", "hbr:DescribeKmsKeys", "hbr:DescribeNasFileSystems", "hbr:DescribeOtsInstances", "hbr:DescribeOtsTableSnapshots", "hbr:DescribeOverview", "hbr:DescribeParameterSchemas", "hbr:DescribeParameters", "hbr:DescribePlans", "hbr:DescribePolicies", "hbr:DescribePoliciesV2", "hbr:DescribePolicyBindingAlertConfig", "hbr:DescribePolicyBindings", "hbr:DescribeProtectedEcsInstances", "hbr:DescribeRecoverableOtsInstances", "hbr:DescribeRestoreJobs", "hbr:DescribeRestoreJobs2", "hbr:DescribeRestores", "hbr:DescribeSecurityGroups", "hbr:DescribeServers", "hbr:DescribeSnapshotExistenceByTimeRange", "hbr:DescribeSnapshots", "hbr:DescribeSqlServerDatabases", "hbr:DescribeSqlServerInstances", "hbr:DescribeSqlServerLogs", "hbr:DescribeSqlServerRestores", "hbr:DescribeSqlServerSnapshots", "hbr:DescribeStreamFileSyncTasks", "hbr:DescribeSubTask", "hbr:DescribeUdmDisks", "hbr:DescribeUdmEcsInstances", "hbr:DescribeUdmSnapshotLinks", "hbr:DescribeUdmSnapshots", "hbr:DescribeUniBackupClients", "hbr:DescribeUniBackupCluster", "hbr:DescribeUniBackupInstanceDetail", "hbr:DescribeUniBackupInstances", "hbr:DescribeUniBackupPlans", "hbr:DescribeUniBackupTrialInfo", "hbr:DescribeUniBackupTrialUser", "hbr:DescribeUniBackupVault", "hbr:DescribeUniHistories", "hbr:DescribeUniRestoreInfo", "hbr:DescribeUniRestorePlans", "hbr:DescribeUserBusinessStatus", "hbr:DescribeVSwitches", "hbr:DescribeVcenters", "hbr:DescribeVmBackupPlanExecution", "hbr:DescribeVmBackupPlanExecutions", "hbr:DescribeVmBackupPlans", "hbr:DescribeVmClientFlowControlPolicy", "hbr:DescribeVmIncrementalMigrationJob", "hbr:DescribeVmIncrementalMigrations", "hbr:DescribeVmMigrationPlans", "hbr:DescribeVmMigrations", "hbr:DescribeVpcs", "hbr:DetachNasFileSystem", "hbr:DisableAirBackupPlan", "hbr:DisableBackupPlan", "hbr:DisableEcsAirBackup", "hbr:DisableJob", "hbr:DisableVmBackupPlan", "hbr:DiscoverDatabase", "hbr:EnableAirBackupPlan", "hbr:EnableBackupPlan", "hbr:EnableEcsAirBackup", "hbr:EnableJob", "hbr:EnableVmBackupPlan", "hbr:ExecuteAirBackupPlan", "hbr:ExecuteBackupPlan", "hbr:ExecuteHanaBackup", "hbr:ExecuteJob", "hbr:ExecutePlan", "hbr:ExecutePolicyV2", "hbr:ExploreVcenter", "hbr:GenerateClientToken", "hbr:GenerateInstallLocalBackupClientScript", "hbr:GenerateStsCredential", "hbr:GenerateUninstallLocalBackupClientScript", "hbr:GetAirStatistics", "hbr:GetBasicStatistics", "hbr:GetBucket", "hbr:GetClientDownloadLink", "hbr:GetClientsToRestore", "hbr:GetDirectorySize", "hbr:GetDiscoveredDatabase", "hbr:GetFileDetectionStatistics", "hbr:GetGlobalStatistics", "hbr:GetMetrics", "hbr:GetNasToRestore", "hbr:GetOssBucketsToRestore", "hbr:GetProtectedResource", "hbr:GetReactivateUserToken", "hbr:GetRunningAgents", "hbr:GetSnapshotErrorFileDownloadLink", "hbr:GetSnapshotRiskFileDownloadLink", "hbr:GetSqlServerDatabasesToRestore", "hbr:GetSqlServersToRestore", "hbr:GetSyncActualSize", "hbr:GetSystemSettings", "hbr:GetTempFileDownloadLink", "hbr:GetTrialInfo", "hbr:GetUniBackupInstallerToken", "hbr:GetUserToken", "hbr:GetValidParameter", "hbr:GetVaultBuckets", "hbr:GetVaultCredential", "hbr:GetVaultList", "hbr:GetVaultTransition", "hbr:GetVaults", "hbr:InitClusterForCpfs", "hbr:InstallBackupClients", "hbr:InstallLocalBackupClients", "hbr:InstallUniBackupAgent", "hbr:KeepAfterTrialExpiration", "hbr:ListBucketInventory", "hbr:ListGrayReleaseObjectTypes", "hbr:ListOssBuckets", "hbr:ListOtsInstances", "hbr:ListOtsTables", "hbr:ListPolicyTagDataSources", "hbr:ListProtectedResources", "hbr:ListReportFiles", "hbr:ListTagKeys", "hbr:ListTagResources", "hbr:ListTagValues", "hbr:ListVaultTransitions", "hbr:LocalRestoreVms", "hbr:OfflineAgent", "hbr:OpenHbrService", "hbr:OpsDescribeClientConnectionStatistics", "hbr:OpsDescribeClientConnections", "hbr:OpsDescribeMessageStatistics", "hbr:OpsDescribeMessages", "hbr:OpsDescribePolicies", "hbr:OpsDescribePolicyBindings", "hbr:OpsExecutePlans", "hbr:PreCheckDatabase", "hbr:PreCheckSourceGroup", "hbr:PrecheckSqlServerInstance", "hbr:QueryAvailableInstances", "hbr:RecordSubTaskLaunch", "hbr:RemoveDataSource", "hbr:RemoveParameter", "hbr:RemoveVmBackupPlan", "hbr:RenewClientToken", "hbr:ReportFileDetectionRiskFiles", "hbr:ReportStatistics", "hbr:ResumeVmMigration", "hbr:RunVmBackupPlan", "hbr:SearchBackupFiles", "hbr:SearchHistoricalSnapshots", "hbr:SearchObject", "hbr:SendEmailVerifyCode", "hbr:SendMessage", "hbr:SendMobileVerifyCode", "hbr:SendSlaRecord", "hbr:SetNasLimiterForFileSystem", "hbr:SetSystemSetting", "hbr:StartHanaDatabaseAsync", "hbr:StopHanaDatabaseAsync", "hbr:SubmitStreamFileSyncTask", "hbr:TagResources", "hbr:TestRestoreVmMigration", "hbr:UninstallBackupClients", "hbr:UninstallLocalBackupClients", "hbr:UninstallUniBackupAgent", "hbr:UntagResources", "hbr:UpdateAirAlertConfig", "hbr:UpdateAirInstance", "hbr:UpdateAlertConfig", "hbr:UpdateBackupJob", "hbr:UpdateBackupJobToConfirmed", "hbr:UpdateBackupJobs", "hbr:UpdateBackupPlan", "hbr:UpdateBackupSourceGroup", "hbr:UpdateClientAlertConfig", "hbr:UpdateClientClusterForCpfs", "hbr:UpdateCluster", "hbr:UpdateContact", "hbr:UpdateContactGroup", "hbr:UpdateContainerCluster", "hbr:UpdateDataSource", "hbr:UpdateFeatureUserTrialInfo", "hbr:UpdateHanaBackupSetting", "hbr:UpdateHanaRestore", "hbr:UpdateHanaRetentionSetting", "hbr:UpdateIndexCluster", "hbr:UpdateJob", "hbr:UpdateParameter", "hbr:UpdatePlan", "hbr:UpdatePolicy", "hbr:UpdatePolicyBinding", "hbr:UpdatePolicyBindingAlertConfig", "hbr:UpdatePolicyV2", "hbr:UpdateRestore", "hbr:UpdateRestoreJob", "hbr:UpdateServer", "hbr:UpdateSnapshot", "hbr:UpdateSnapshotInner", "hbr:UpdateSqlServerInstance", "hbr:UpdateSqlServerRestore", "hbr:UpdateSubTask", "hbr:UpdateUniBackupCluster", "hbr:UpdateUniBackupInstance", "hbr:UpdateUniBackupPlan", "hbr:UpdateUniBackupTrialUser", "hbr:UpdateUniBackupVault", "hbr:UpdateVcenter", "hbr:UpdateVmBackupPlan", "hbr:UpdateVmBackupPlanExecution", "hbr:UpdateVmClientFlowControlPolicy", "hbr:UpdateVmIncrementalMigration", "hbr:UpdateVmMigration", "hbr:UpgradeBackupClients", "hbr:UpgradeUniBackupAgent" ], "Resource": "*" } ] }
アカウントレベルの権限を付与すると、アカウント内のすべての関連リソースへのアクセスが許可されます。常に最小権限の原則に従ってください。
よくある質問
リソースがどのリソースグループに属しているかを確認するにはどうすればよいですか。
-
方法 1:所属サービスのコンソールで確認
-
リソースが所属する Alibaba Cloud サービスのコンソールに移動します。通常、リソースの詳細ページの基本情報セクションにリソースグループが記載されています。
-
-
方法 2:Resource Management コンソールで確認
-
Resource Management コンソールにログインします。
-
を選択します。
-
左側のメニューで、対象リソースを所有するアカウントを選択します (デフォルトは [Current Account]) を選択します。
-
フィルター条件を使用してリソースを検索します。
-
[Resource Group Name] 列に、リソースが属するグループが表示されます。
-
特定のリソースグループ内のすべてのリソースを表示するにはどうすればよいですか。
-
方法 1:
-
Resource Management コンソールにログインします。
-
を選択します。
-
左側のメニューで、リソースを所有するアカウント (デフォルトは [Current Account]) の下にある、対象のリソースグループ名をクリックします。
-
右側の画面で、[Select resource types] ドロップダウンリストからクラウドサービスを選択します。
-
そのグループ内のすべてのリソースが表示されます。
-
-
方法 2:
-
Resource Management コンソールにログインします。
-
を選択します。
-
対象のリソースグループを見つけ、[Actions] 列の [Manage Resource] をクリックします。
-
リソース管理ページで、[Service] ドロップダウンリストからクラウドサービスを選択します。
-
そのグループ内のすべてのリソースが表示されます。
-
複数のリソースを別のリソースグループに一括で移動するにはどうすればよいですか。
-
Resource Management コンソールにログインします。
-
左側のメニューで、 を選択します。
-
対象のリソースグループを見つけ、[Actions] 列の [Manage Resource] をクリックします。
-
リソース管理ページで、フィルター条件を使用して移動したいリソースを検索します。
-
移動したいリソースのチェックボックスを選択します。
-
ページ下部にある [Transfer] をクリックします。
-
ダイアログボックスで、移動先のリソースグループを選択し、 [Confirm] をクリックします。