當您使用資源群組對資源進行分組管理時,可以結合存取控制(RAM),在單個阿里雲帳號內實現資源的隔離和精微調權限管理。本文總結了Cloud Backup對資源群組的支援情況,以及資源群組層級的授權操作步驟。
-
只有支援資源群組的資源類型和支援資源群組層級授權的操作,資源群組層級授權才會生效。
-
對於不支援資源群組的資源類型,授予資源群組範圍的許可權將無效。在選擇資源範圍時,請選擇帳號層級,進行帳號層級授權。具體操作,請參見不支援資源群組層級授權的操作。
資源群組授權的工作原理
您可以使用資源群組(Resource Group)對阿里雲帳號內的資源進行分組管理。例如,為不同的專案建立對應的資源群組,並將資源轉移到對應的組中,以便集中管理各專案的資源。更多資訊,請參見什麼是資源群組。
在完成資源分組後,您可以為不同的RAM授權主體(RAM使用者、RAM使用者組或RAM角色)授予指定資源群組範圍的許可權,從而限定這個授權主體只能管理該資源群組內的資源。更多資訊,請參見資源分組和授權。
這種授權方式的優點有:
-
許可權精細化:確保每個身份能獲得最準確的資源存取權限,避免帳號下的多重專案的資源混合管理。
-
良好的擴充性:後續新增資源時,只需將其加入該資源群組,RAM身份便會自動獲得新資源的相應許可權,無需再次授權。
為RAM使用者授予資源群組層級的許可權
下面以RAM使用者為例,介紹授予指定資源群組內Cloud Backup資源許可權的操作步驟。
1. 前置步驟
2. 進行資源群組層級授權
您可以通過以下任一方式進行資源群組層級授權。
方式一:在資源管理主控台中授權
通過資源群組的許可權管理功能為指定 RAM 使用者授權。詳情操作可參見為RAM身份授予資源群組範圍的許可權。
方式二:在 RAM 控制台中授權
通過RAM控制台為指定 RAM 使用者進行資源群組層級授權。詳細操作可參見為RAM使用者授權。
支援資源群組的資源類型
Cloud Backup支援資源群組的資源類型如下表所示:
|
雲端服務 |
雲端服務代碼 |
資源類型 |
|
Cloud Backup |
hbr |
hanainstance : SAP HANA執行個體 |
|
Cloud Backup |
hbr |
vault : 倉庫 |
對於暫不支援資源群組的資源類型,如有需要,您可以在資源群組控制台提交反饋。
不支援資源群組層級授權的操作
Cloud Backup中不支援資源群組層級授權的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
hbr:ActivateClient |
- |
|
hbr:ActivateEcsClient |
- |
|
hbr:AddContainerCluster |
- |
|
hbr:AddCrossAccount |
- |
|
hbr:AddDataSource |
- |
|
hbr:AddHanaMetadata |
- |
|
hbr:AddIndexCluster |
- |
|
hbr:AddParameter |
- |
|
hbr:AddServer |
- |
|
hbr:AddSqlServerLog |
- |
|
hbr:AddVcenter |
- |
|
hbr:BatchCountTables |
- |
|
hbr:BrowseAirFiles |
- |
|
hbr:BrowseFileDetectionRiskFiles |
- |
|
hbr:BrowseFiles |
- |
|
hbr:CallMaintenanceApi |
- |
|
hbr:CallUniGatewayApi |
- |
|
hbr:CancelBackupJob |
- |
|
hbr:CancelDiscoveringDatabase |
- |
|
hbr:CancelFileDetection |
- |
|
hbr:CancelHanaBackup |
- |
|
hbr:CancelHanaRestore |
- |
|
hbr:CancelJob |
- |
|
hbr:CancelRestore |
- |
|
hbr:CancelRestoreJob |
- |
|
hbr:CancelSqlServerRestore |
- |
|
hbr:CancelStreamFileSyncTask |
- |
|
hbr:CancelVmBackup |
- |
|
hbr:CancelVmLocalRestore |
- |
|
hbr:CancelVmMigration |
- |
|
hbr:CheckRole |
- |
|
hbr:CheckSlrRole |
- |
|
hbr:ClientReceiveMessage |
- |
|
hbr:ClientSendMessage |
- |
|
hbr:CommitTestRestore |
- |
|
hbr:CompleteVmIncrementalMigration |
- |
|
hbr:ControlReplicationVault |
- |
|
hbr:ControlUniBackupJob |
- |
|
hbr:ControlUniBackupPlan |
- |
|
hbr:ConvertToPostPaidInstance |
- |
|
hbr:CreateAirEcsInstance |
- |
|
hbr:CreateAirRestoreJob |
- |
|
hbr:CreateBackupEssentialEdition |
- |
|
hbr:CreateBackupJob |
- |
|
hbr:CreateBackupPlan |
- |
|
hbr:CreateBackupSourceGroup |
- |
|
hbr:CreateChildBackupJobs |
- |
|
hbr:CreateClient |
- |
|
hbr:CreateCluster |
- |
|
hbr:CreateContact |
- |
|
hbr:CreateContactGroup |
- |
|
hbr:CreateEcsAirBackup |
- |
|
hbr:CreateHanaRestore |
- |
|
hbr:CreateJob |
- |
|
hbr:CreateJobs |
- |
|
hbr:CreatePolicy |
- |
|
hbr:CreatePolicyBindings |
- |
|
hbr:CreatePolicyV2 |
- |
|
hbr:CreateReportFileGenerateTask |
- |
|
hbr:CreateRestore |
- |
|
hbr:CreateRestoreJob |
- |
|
hbr:CreateSlr |
- |
|
hbr:CreateSnapshot |
- |
|
hbr:CreateSnapshot2 |
- |
|
hbr:CreateSqlServerInstance |
- |
|
hbr:CreateSqlServerRestore |
- |
|
hbr:CreateSqlServerSnapshot |
- |
|
hbr:CreateSubTask |
- |
|
hbr:CreateTempFileUploadUrl |
- |
|
hbr:CreateUniBackupPlan |
- |
|
hbr:CreateUniBackupVault |
- |
|
hbr:CreateUniRestorePlan |
- |
|
hbr:CreateUploadLogTask |
- |
|
hbr:CreateVmBackupPlan |
- |
|
hbr:CreateVmMigrationPlan |
- |
|
hbr:DeleteAirEcsInstance |
- |
|
hbr:DeleteBackupClient |
- |
|
hbr:DeleteBackupClientResource |
- |
|
hbr:DeleteBackupEssentialEdition |
- |
|
hbr:DeleteBackupPlan |
- |
|
hbr:DeleteBackupSourceGroup |
- |
|
hbr:DeleteClients |
- |
|
hbr:DeleteCluster |
- |
|
hbr:DeleteContact |
- |
|
hbr:DeleteContactGroup |
- |
|
hbr:DeleteContainerCluster |
- |
|
hbr:DeleteCrossAccount |
- |
|
hbr:DeleteEcsAirBackup |
- |
|
hbr:DeleteHanaMetadata |
- |
|
hbr:DeleteJob |
- |
|
hbr:DeletePolicy |
- |
|
hbr:DeletePolicyBinding |
- |
|
hbr:DeletePolicyV2 |
- |
|
hbr:DeleteServer |
- |
|
hbr:DeleteSnapshot |
- |
|
hbr:DeleteSqlServerBackupJob |
- |
|
hbr:DeleteSqlServerInstance |
- |
|
hbr:DeleteSqlServerLog |
- |
|
hbr:DeleteSqlServerSnapshot |
- |
|
hbr:DeleteUdmDisk |
- |
|
hbr:DeleteUdmEcsInstance |
- |
|
hbr:DeleteUniBackupClient |
- |
|
hbr:DeleteUniBackupPlan |
- |
|
hbr:DeleteUniBackupVault |
- |
|
hbr:DeleteUniRestorePlan |
- |
|
hbr:DeleteVcenter |
- |
|
hbr:DeleteVmBackupPlanExecution |
- |
|
hbr:DeleteVmMigrationPlan |
- |
|
hbr:DescribeAirEcsInstancesInfo |
- |
|
hbr:DescribeAirInstances |
- |
|
hbr:DescribeAirSnapshots |
- |
|
hbr:DescribeAlertConfig |
- |
|
hbr:DescribeBackupClients |
- |
|
hbr:DescribeBackupJobStatistics |
- |
|
hbr:DescribeBackupJobs |
- |
|
hbr:DescribeBackupJobs2 |
- |
|
hbr:DescribeBackupPlans |
- |
|
hbr:DescribeBackupSourceGroups |
- |
|
hbr:DescribeBackupSources |
- |
|
hbr:DescribeClientAlertConfig |
- |
|
hbr:DescribeClientVersion |
- |
|
hbr:DescribeClusters |
- |
|
hbr:DescribeContainerCluster |
- |
|
hbr:DescribeContainerResource |
- |
|
hbr:DescribeCrossAccounts |
- |
|
hbr:DescribeDataSourceProtectionDetails |
- |
|
hbr:DescribeDataSourceProtectionStatistics |
- |
|
hbr:DescribeDataSources |
- |
|
hbr:DescribeDisks |
- |
|
hbr:DescribeEcsInstances |
- |
|
hbr:DescribeFeatureTrialInfo |
- |
|
hbr:DescribeFeatureUser |
- |
|
hbr:DescribeFileDetections |
- |
|
hbr:DescribeGatewayWaterLevel |
- |
|
hbr:DescribeHanaBackupSetting |
- |
|
hbr:DescribeHanaBackups |
- |
|
hbr:DescribeHanaMetadata |
- |
|
hbr:DescribeHanaRetentionSetting |
- |
|
hbr:DescribeIndexClusters |
- |
|
hbr:DescribeInstances |
- |
|
hbr:DescribeInstancesInVault |
- |
|
hbr:DescribeInstancesInfo |
- |
|
hbr:DescribeJobs |
- |
|
hbr:DescribeKmsKeys |
- |
|
hbr:DescribeNasFileSystems |
- |
|
hbr:DescribeOtsInstances |
- |
|
hbr:DescribeOtsTableSnapshots |
- |
|
hbr:DescribeOverview |
- |
|
hbr:DescribeParameterSchemas |
- |
|
hbr:DescribeParameters |
- |
|
hbr:DescribePlans |
- |
|
hbr:DescribePolicies |
- |
|
hbr:DescribePoliciesV2 |
- |
|
hbr:DescribePolicyBindingAlertConfig |
- |
|
hbr:DescribePolicyBindings |
- |
|
hbr:DescribeProtectedEcsInstances |
- |
|
hbr:DescribeRecoverableOtsInstances |
- |
|
hbr:DescribeRestoreJobs |
- |
|
hbr:DescribeRestoreJobs2 |
- |
|
hbr:DescribeRestores |
- |
|
hbr:DescribeSecurityGroups |
- |
|
hbr:DescribeServers |
- |
|
hbr:DescribeSnapshotExistenceByTimeRange |
- |
|
hbr:DescribeSnapshots |
- |
|
hbr:DescribeSqlServerDatabases |
- |
|
hbr:DescribeSqlServerInstances |
- |
|
hbr:DescribeSqlServerLogs |
- |
|
hbr:DescribeSqlServerRestores |
- |
|
hbr:DescribeSqlServerSnapshots |
- |
|
hbr:DescribeStreamFileSyncTasks |
- |
|
hbr:DescribeSubTask |
- |
|
hbr:DescribeUdmDisks |
- |
|
hbr:DescribeUdmEcsInstances |
- |
|
hbr:DescribeUdmSnapshotLinks |
- |
|
hbr:DescribeUdmSnapshots |
- |
|
hbr:DescribeUniBackupClients |
- |
|
hbr:DescribeUniBackupCluster |
- |
|
hbr:DescribeUniBackupInstanceDetail |
- |
|
hbr:DescribeUniBackupInstances |
- |
|
hbr:DescribeUniBackupPlans |
- |
|
hbr:DescribeUniBackupTrialInfo |
- |
|
hbr:DescribeUniBackupTrialUser |
- |
|
hbr:DescribeUniBackupVault |
- |
|
hbr:DescribeUniHistories |
- |
|
hbr:DescribeUniRestoreInfo |
- |
|
hbr:DescribeUniRestorePlans |
- |
|
hbr:DescribeUserBusinessStatus |
- |
|
hbr:DescribeVSwitches |
- |
|
hbr:DescribeVcenters |
- |
|
hbr:DescribeVmBackupPlanExecution |
- |
|
hbr:DescribeVmBackupPlanExecutions |
- |
|
hbr:DescribeVmBackupPlans |
- |
|
hbr:DescribeVmClientFlowControlPolicy |
- |
|
hbr:DescribeVmIncrementalMigrationJob |
- |
|
hbr:DescribeVmIncrementalMigrations |
- |
|
hbr:DescribeVmMigrationPlans |
- |
|
hbr:DescribeVmMigrations |
- |
|
hbr:DescribeVpcs |
- |
|
hbr:DetachNasFileSystem |
- |
|
hbr:DisableAirBackupPlan |
- |
|
hbr:DisableBackupPlan |
- |
|
hbr:DisableEcsAirBackup |
- |
|
hbr:DisableJob |
- |
|
hbr:DisableVmBackupPlan |
- |
|
hbr:DiscoverDatabase |
- |
|
hbr:EnableAirBackupPlan |
- |
|
hbr:EnableBackupPlan |
- |
|
hbr:EnableEcsAirBackup |
- |
|
hbr:EnableJob |
- |
|
hbr:EnableVmBackupPlan |
- |
|
hbr:ExecuteAirBackupPlan |
- |
|
hbr:ExecuteBackupPlan |
- |
|
hbr:ExecuteHanaBackup |
- |
|
hbr:ExecuteJob |
- |
|
hbr:ExecutePlan |
- |
|
hbr:ExecutePolicyV2 |
- |
|
hbr:ExploreVcenter |
- |
|
hbr:GenerateClientToken |
- |
|
hbr:GenerateStsCredential |
- |
|
hbr:GetAirStatistics |
- |
|
hbr:GetBasicStatistics |
- |
|
hbr:GetBucket |
- |
|
hbr:GetClientDownloadLink |
- |
|
hbr:GetClientsToRestore |
- |
|
hbr:GetDirectorySize |
- |
|
hbr:GetDiscoveredDatabase |
- |
|
hbr:GetFileDetectionStatistics |
- |
|
hbr:GetGlobalStatistics |
- |
|
hbr:GetMetrics |
- |
|
hbr:GetNasToRestore |
- |
|
hbr:GetOssBucketsToRestore |
- |
|
hbr:GetProtectedResource |
- |
|
hbr:GetReactivateUserToken |
- |
|
hbr:GetRunningAgents |
- |
|
hbr:GetSnapshotErrorFileDownloadLink |
- |
|
hbr:GetSnapshotRiskFileDownloadLink |
- |
|
hbr:GetSqlServerDatabasesToRestore |
- |
|
hbr:GetSqlServersToRestore |
- |
|
hbr:GetSyncActualSize |
- |
|
hbr:GetSystemSettings |
- |
|
hbr:GetTempFileDownloadLink |
- |
|
hbr:GetTrialInfo |
- |
|
hbr:GetUniBackupInstallerToken |
- |
|
hbr:GetUserToken |
- |
|
hbr:GetValidParameter |
- |
|
hbr:GetVaultBuckets |
- |
|
hbr:GetVaultList |
- |
|
hbr:GetVaultTransition |
- |
|
hbr:GetVaults |
- |
|
hbr:InitClusterForCpfs |
- |
|
hbr:InstallBackupClients |
- |
|
hbr:InstallLocalBackupClients |
- |
|
hbr:InstallUniBackupAgent |
- |
|
hbr:KeepAfterTrialExpiration |
- |
|
hbr:ListBucketInventory |
- |
|
hbr:ListGrayReleaseObjectTypes |
- |
|
hbr:ListOssBuckets |
- |
|
hbr:ListOtsInstances |
- |
|
hbr:ListOtsTables |
- |
|
hbr:ListPolicyTagDataSources |
- |
|
hbr:ListProtectedResources |
- |
|
hbr:ListReportFiles |
- |
|
hbr:ListTagKeys |
- |
|
hbr:ListTagResources |
- |
|
hbr:ListTagValues |
- |
|
hbr:ListVaultTransitions |
- |
|
hbr:LocalRestoreVms |
- |
|
hbr:OfflineAgent |
- |
|
hbr:OpenHbrService |
- |
|
hbr:OpsDescribeClientConnectionStatistics |
- |
|
hbr:OpsDescribeClientConnections |
- |
|
hbr:OpsDescribeMessageStatistics |
- |
|
hbr:OpsDescribeMessages |
- |
|
hbr:OpsDescribePolicies |
- |
|
hbr:OpsDescribePolicyBindings |
- |
|
hbr:OpsExecutePlans |
- |
|
hbr:PreCheckDatabase |
- |
|
hbr:PreCheckSourceGroup |
- |
|
hbr:PrecheckSqlServerInstance |
- |
|
hbr:QueryAvailableInstances |
- |
|
hbr:RecordSubTaskLaunch |
- |
|
hbr:RemoveDataSource |
- |
|
hbr:RemoveParameter |
- |
|
hbr:RemoveVmBackupPlan |
- |
|
hbr:RenewClientToken |
- |
|
hbr:ReportFileDetectionRiskFiles |
- |
|
hbr:ReportStatistics |
- |
|
hbr:ResumeVmMigration |
- |
|
hbr:RunVmBackupPlan |
- |
|
hbr:SearchBackupFiles |
- |
|
hbr:SearchHistoricalSnapshots |
- |
|
hbr:SearchObject |
- |
|
hbr:SendEmailVerifyCode |
- |
|
hbr:SendMessage |
- |
|
hbr:SendMobileVerifyCode |
- |
|
hbr:SendSlaRecord |
- |
|
hbr:SetNasLimiterForFileSystem |
- |
|
hbr:SetSystemSetting |
- |
|
hbr:StartHanaDatabaseAsync |
- |
|
hbr:StopHanaDatabaseAsync |
- |
|
hbr:SubmitStreamFileSyncTask |
- |
|
hbr:TagResources |
- |
|
hbr:TestRestoreVmMigration |
- |
|
hbr:UninstallBackupClients |
- |
|
hbr:UninstallLocalBackupClients |
- |
|
hbr:UninstallUniBackupAgent |
- |
|
hbr:UntagResources |
- |
|
hbr:UpdateAirAlertConfig |
- |
|
hbr:UpdateAirInstance |
- |
|
hbr:UpdateAlertConfig |
- |
|
hbr:UpdateBackupJob |
- |
|
hbr:UpdateBackupJobToConfirmed |
- |
|
hbr:UpdateBackupJobs |
- |
|
hbr:UpdateBackupPlan |
- |
|
hbr:UpdateBackupSourceGroup |
- |
|
hbr:UpdateClientAlertConfig |
- |
|
hbr:UpdateClientClusterForCpfs |
- |
|
hbr:UpdateCluster |
- |
|
hbr:UpdateContact |
- |
|
hbr:UpdateContactGroup |
- |
|
hbr:UpdateContainerCluster |
- |
|
hbr:UpdateDataSource |
- |
|
hbr:UpdateFeatureUserTrialInfo |
- |
|
hbr:UpdateHanaBackupSetting |
- |
|
hbr:UpdateHanaRestore |
- |
|
hbr:UpdateHanaRetentionSetting |
- |
|
hbr:UpdateIndexCluster |
- |
|
hbr:UpdateJob |
- |
|
hbr:UpdateParameter |
- |
|
hbr:UpdatePlan |
- |
|
hbr:UpdatePolicy |
- |
|
hbr:UpdatePolicyBinding |
- |
|
hbr:UpdatePolicyBindingAlertConfig |
- |
|
hbr:UpdatePolicyV2 |
- |
|
hbr:UpdateRestore |
- |
|
hbr:UpdateRestoreJob |
- |
|
hbr:UpdateServer |
- |
|
hbr:UpdateSnapshot |
- |
|
hbr:UpdateSnapshotInner |
- |
|
hbr:UpdateSqlServerInstance |
- |
|
hbr:UpdateSqlServerRestore |
- |
|
hbr:UpdateSubTask |
- |
|
hbr:UpdateUniBackupInstance |
- |
|
hbr:UpdateUniBackupPlan |
- |
|
hbr:UpdateUniBackupTrialUser |
- |
|
hbr:UpdateUniBackupVault |
- |
|
hbr:UpdateVcenter |
- |
|
hbr:UpdateVmBackupPlan |
- |
|
hbr:UpdateVmBackupPlanExecution |
- |
|
hbr:UpdateVmClientFlowControlPolicy |
- |
|
hbr:UpdateVmIncrementalMigration |
- |
|
hbr:UpdateVmMigration |
- |
|
hbr:UpgradeBackupClients |
- |
對於不支援資源群組授權的操作,授權時資源範圍選取資源群組層級將無效。如果仍需要RAM使用者有上述操作許可權,您需要建立自訂權限原則,授權時資源範圍選取帳號層級。
以下是兩個自訂權限原則樣本,您可以根據實際需要調整策略內容。
-
允許不支援資源群組層級授權的全部唯讀操作:
Action中列舉不支援資源群組層級授權的所有隻讀操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "hbr:BrowseAirFiles", "hbr:BrowseFileDetectionRiskFiles", "hbr:BrowseFiles", "hbr:CancelDiscoveringDatabase", "hbr:CheckRole", "hbr:CheckSlrRole", "hbr:DescribeAirEcsInstancesInfo", "hbr:DescribeAirInstances", "hbr:DescribeAirSnapshots", "hbr:DescribeAlertConfig", "hbr:DescribeBackupClients", "hbr:DescribeBackupJobStatistics", "hbr:DescribeBackupJobs", "hbr:DescribeBackupJobs2", "hbr:DescribeBackupPlans", "hbr:DescribeBackupSourceGroups", "hbr:DescribeBackupSources", "hbr:DescribeClientAlertConfig", "hbr:DescribeClientVersion", "hbr:DescribeClusters", "hbr:DescribeContainerCluster", "hbr:DescribeContainerResource", "hbr:DescribeCrossAccounts", "hbr:DescribeDataSourceProtectionDetails", "hbr:DescribeDataSourceProtectionStatistics", "hbr:DescribeDataSources", "hbr:DescribeDisks", "hbr:DescribeEcsInstances", "hbr:DescribeFeatureTrialInfo", "hbr:DescribeFileDetections", "hbr:DescribeHanaBackupSetting", "hbr:DescribeHanaBackups", "hbr:DescribeHanaMetadata", "hbr:DescribeHanaRetentionSetting", "hbr:DescribeInstances", "hbr:DescribeInstancesInVault", "hbr:DescribeInstancesInfo", "hbr:DescribeJobs", "hbr:DescribeKmsKeys", "hbr:DescribeNasFileSystems", "hbr:DescribeOtsInstances", "hbr:DescribeOtsTableSnapshots", "hbr:DescribeOverview", "hbr:DescribePlans", "hbr:DescribePolicies", "hbr:DescribePoliciesV2", "hbr:DescribePolicyBindingAlertConfig", "hbr:DescribePolicyBindings", "hbr:DescribeRecoverableOtsInstances", "hbr:DescribeRestoreJobs", "hbr:DescribeRestoreJobs2", "hbr:DescribeRestores", "hbr:DescribeSecurityGroups", "hbr:DescribeServers", "hbr:DescribeSnapshotExistenceByTimeRange", "hbr:DescribeSnapshots", "hbr:DescribeSqlServerDatabases", "hbr:DescribeSqlServerInstances", "hbr:DescribeSqlServerLogs", "hbr:DescribeSqlServerRestores", "hbr:DescribeSqlServerSnapshots", "hbr:DescribeSubTask", "hbr:DescribeUdmDisks", "hbr:DescribeUdmEcsInstances", "hbr:DescribeUdmSnapshotLinks", "hbr:DescribeUdmSnapshots", "hbr:DescribeUniBackupClients", "hbr:DescribeUniBackupCluster", "hbr:DescribeUniBackupInstanceDetail", "hbr:DescribeUniBackupInstances", "hbr:DescribeUniBackupPlans", "hbr:DescribeUniBackupTrialInfo", "hbr:DescribeUniBackupVault", "hbr:DescribeUniHistories", "hbr:DescribeUniRestoreInfo", "hbr:DescribeUniRestorePlans", "hbr:DescribeUserBusinessStatus", "hbr:DescribeVSwitches", "hbr:DescribeVcenters", "hbr:DescribeVmBackupPlanExecution", "hbr:DescribeVmBackupPlanExecutions", "hbr:DescribeVmBackupPlans", "hbr:DescribeVmClientFlowControlPolicy", "hbr:DescribeVmIncrementalMigrationJob", "hbr:DescribeVmIncrementalMigrations", "hbr:DescribeVmMigrationPlans", "hbr:DescribeVmMigrations", "hbr:DescribeVpcs", "hbr:DisableAirBackupPlan", "hbr:EnableAirBackupPlan", "hbr:ExecuteAirBackupPlan", "hbr:ExploreVcenter", "hbr:GenerateClientToken", "hbr:GenerateStsCredential", "hbr:GetAirStatistics", "hbr:GetBasicStatistics", "hbr:GetBucket", "hbr:GetClientDownloadLink", "hbr:GetClientsToRestore", "hbr:GetDirectorySize", "hbr:GetDiscoveredDatabase", "hbr:GetFileDetectionStatistics", "hbr:GetGlobalStatistics", "hbr:GetMetrics", "hbr:GetNasToRestore", "hbr:GetOssBucketsToRestore", "hbr:GetProtectedResource", "hbr:GetReactivateUserToken", "hbr:GetRunningAgents", "hbr:GetSnapshotErrorFileDownloadLink", "hbr:GetSnapshotRiskFileDownloadLink", "hbr:GetSqlServerDatabasesToRestore", "hbr:GetSqlServersToRestore", "hbr:GetTempFileDownloadLink", "hbr:GetTrialInfo", "hbr:GetUniBackupInstallerToken", "hbr:GetUserToken", "hbr:GetVaultBuckets", "hbr:GetVaultList", "hbr:GetVaults", "hbr:ListBucketInventory", "hbr:ListOssBuckets", "hbr:ListOtsInstances", "hbr:ListOtsTables", "hbr:ListPolicyTagDataSources", "hbr:ListProtectedResources", "hbr:ListReportFiles", "hbr:ListTagKeys", "hbr:ListTagResources", "hbr:ListTagValues", "hbr:PreCheckSourceGroup", "hbr:PrecheckSqlServerInstance", "hbr:QueryAvailableInstances", "hbr:SearchBackupFiles", "hbr:SearchHistoricalSnapshots", "hbr:SearchObject", "hbr:TestRestoreVmMigration" ], "Resource": "*" } ] } -
允許不支援資源群組層級授權的全部操作:
Action中列舉不支援資源群組層級授權的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "hbr:ActivateClient", "hbr:ActivateEcsClient", "hbr:AddContainerCluster", "hbr:AddCrossAccount", "hbr:AddDataSource", "hbr:AddHanaMetadata", "hbr:AddIndexCluster", "hbr:AddParameter", "hbr:AddServer", "hbr:AddSqlServerLog", "hbr:AddVcenter", "hbr:BatchCountTables", "hbr:BrowseAirFiles", "hbr:BrowseFileDetectionRiskFiles", "hbr:BrowseFiles", "hbr:CallMaintenanceApi", "hbr:CallUniGatewayApi", "hbr:CancelBackupJob", "hbr:CancelDiscoveringDatabase", "hbr:CancelFileDetection", "hbr:CancelHanaBackup", "hbr:CancelHanaRestore", "hbr:CancelJob", "hbr:CancelRestore", "hbr:CancelRestoreJob", "hbr:CancelSqlServerRestore", "hbr:CancelStreamFileSyncTask", "hbr:CancelVmBackup", "hbr:CancelVmLocalRestore", "hbr:CancelVmMigration", "hbr:CheckRole", "hbr:CheckSlrRole", "hbr:ClientReceiveMessage", "hbr:ClientSendMessage", "hbr:CommitTestRestore", "hbr:CompleteVmIncrementalMigration", "hbr:ControlReplicationVault", "hbr:ControlUniBackupJob", "hbr:ControlUniBackupPlan", "hbr:ConvertToPostPaidInstance", "hbr:CreateAirEcsInstance", "hbr:CreateAirRestoreJob", "hbr:CreateBackupEssentialEdition", "hbr:CreateBackupJob", "hbr:CreateBackupPlan", "hbr:CreateBackupSourceGroup", "hbr:CreateChildBackupJobs", "hbr:CreateClient", "hbr:CreateCluster", "hbr:CreateContact", "hbr:CreateContactGroup", "hbr:CreateEcsAirBackup", "hbr:CreateHanaRestore", "hbr:CreateJob", "hbr:CreateJobs", "hbr:CreatePolicy", "hbr:CreatePolicyBindings", "hbr:CreatePolicyV2", "hbr:CreateReportFileGenerateTask", "hbr:CreateRestore", "hbr:CreateRestoreJob", "hbr:CreateSlr", "hbr:CreateSnapshot", "hbr:CreateSnapshot2", "hbr:CreateSqlServerInstance", "hbr:CreateSqlServerRestore", "hbr:CreateSqlServerSnapshot", "hbr:CreateSubTask", "hbr:CreateTempFileUploadUrl", "hbr:CreateUniBackupPlan", "hbr:CreateUniBackupVault", "hbr:CreateUniRestorePlan", "hbr:CreateUploadLogTask", "hbr:CreateVmBackupPlan", "hbr:CreateVmMigrationPlan", "hbr:DeleteAirEcsInstance", "hbr:DeleteBackupClient", "hbr:DeleteBackupClientResource", "hbr:DeleteBackupEssentialEdition", "hbr:DeleteBackupPlan", "hbr:DeleteBackupSourceGroup", "hbr:DeleteClients", "hbr:DeleteCluster", "hbr:DeleteContact", "hbr:DeleteContactGroup", "hbr:DeleteContainerCluster", "hbr:DeleteCrossAccount", "hbr:DeleteEcsAirBackup", "hbr:DeleteHanaMetadata", "hbr:DeleteJob", "hbr:DeletePolicy", "hbr:DeletePolicyBinding", "hbr:DeletePolicyV2", "hbr:DeleteServer", "hbr:DeleteSnapshot", "hbr:DeleteSqlServerBackupJob", "hbr:DeleteSqlServerInstance", "hbr:DeleteSqlServerLog", "hbr:DeleteSqlServerSnapshot", "hbr:DeleteUdmDisk", "hbr:DeleteUdmEcsInstance", "hbr:DeleteUniBackupClient", "hbr:DeleteUniBackupPlan", "hbr:DeleteUniBackupVault", "hbr:DeleteUniRestorePlan", "hbr:DeleteVcenter", "hbr:DeleteVmBackupPlanExecution", "hbr:DeleteVmMigrationPlan", "hbr:DescribeAirEcsInstancesInfo", "hbr:DescribeAirInstances", "hbr:DescribeAirSnapshots", "hbr:DescribeAlertConfig", "hbr:DescribeBackupClients", "hbr:DescribeBackupJobStatistics", "hbr:DescribeBackupJobs", "hbr:DescribeBackupJobs2", "hbr:DescribeBackupPlans", "hbr:DescribeBackupSourceGroups", "hbr:DescribeBackupSources", "hbr:DescribeClientAlertConfig", "hbr:DescribeClientVersion", "hbr:DescribeClusters", "hbr:DescribeContainerCluster", "hbr:DescribeContainerResource", "hbr:DescribeCrossAccounts", "hbr:DescribeDataSourceProtectionDetails", "hbr:DescribeDataSourceProtectionStatistics", "hbr:DescribeDataSources", "hbr:DescribeDisks", "hbr:DescribeEcsInstances", "hbr:DescribeFeatureTrialInfo", "hbr:DescribeFeatureUser", "hbr:DescribeFileDetections", "hbr:DescribeGatewayWaterLevel", "hbr:DescribeHanaBackupSetting", "hbr:DescribeHanaBackups", "hbr:DescribeHanaMetadata", "hbr:DescribeHanaRetentionSetting", "hbr:DescribeIndexClusters", "hbr:DescribeInstances", "hbr:DescribeInstancesInVault", "hbr:DescribeInstancesInfo", "hbr:DescribeJobs", "hbr:DescribeKmsKeys", "hbr:DescribeNasFileSystems", "hbr:DescribeOtsInstances", "hbr:DescribeOtsTableSnapshots", "hbr:DescribeOverview", "hbr:DescribeParameterSchemas", "hbr:DescribeParameters", "hbr:DescribePlans", "hbr:DescribePolicies", "hbr:DescribePoliciesV2", "hbr:DescribePolicyBindingAlertConfig", "hbr:DescribePolicyBindings", "hbr:DescribeProtectedEcsInstances", "hbr:DescribeRecoverableOtsInstances", "hbr:DescribeRestoreJobs", "hbr:DescribeRestoreJobs2", "hbr:DescribeRestores", "hbr:DescribeSecurityGroups", "hbr:DescribeServers", "hbr:DescribeSnapshotExistenceByTimeRange", "hbr:DescribeSnapshots", "hbr:DescribeSqlServerDatabases", "hbr:DescribeSqlServerInstances", "hbr:DescribeSqlServerLogs", "hbr:DescribeSqlServerRestores", "hbr:DescribeSqlServerSnapshots", "hbr:DescribeStreamFileSyncTasks", "hbr:DescribeSubTask", "hbr:DescribeUdmDisks", "hbr:DescribeUdmEcsInstances", "hbr:DescribeUdmSnapshotLinks", "hbr:DescribeUdmSnapshots", "hbr:DescribeUniBackupClients", "hbr:DescribeUniBackupCluster", "hbr:DescribeUniBackupInstanceDetail", "hbr:DescribeUniBackupInstances", "hbr:DescribeUniBackupPlans", "hbr:DescribeUniBackupTrialInfo", "hbr:DescribeUniBackupTrialUser", "hbr:DescribeUniBackupVault", "hbr:DescribeUniHistories", "hbr:DescribeUniRestoreInfo", "hbr:DescribeUniRestorePlans", "hbr:DescribeUserBusinessStatus", "hbr:DescribeVSwitches", "hbr:DescribeVcenters", "hbr:DescribeVmBackupPlanExecution", "hbr:DescribeVmBackupPlanExecutions", "hbr:DescribeVmBackupPlans", "hbr:DescribeVmClientFlowControlPolicy", "hbr:DescribeVmIncrementalMigrationJob", "hbr:DescribeVmIncrementalMigrations", "hbr:DescribeVmMigrationPlans", "hbr:DescribeVmMigrations", "hbr:DescribeVpcs", "hbr:DetachNasFileSystem", "hbr:DisableAirBackupPlan", "hbr:DisableBackupPlan", "hbr:DisableEcsAirBackup", "hbr:DisableJob", "hbr:DisableVmBackupPlan", "hbr:DiscoverDatabase", "hbr:EnableAirBackupPlan", "hbr:EnableBackupPlan", "hbr:EnableEcsAirBackup", "hbr:EnableJob", "hbr:EnableVmBackupPlan", "hbr:ExecuteAirBackupPlan", "hbr:ExecuteBackupPlan", "hbr:ExecuteHanaBackup", "hbr:ExecuteJob", "hbr:ExecutePlan", "hbr:ExecutePolicyV2", "hbr:ExploreVcenter", "hbr:GenerateClientToken", "hbr:GenerateStsCredential", "hbr:GetAirStatistics", "hbr:GetBasicStatistics", "hbr:GetBucket", "hbr:GetClientDownloadLink", "hbr:GetClientsToRestore", "hbr:GetDirectorySize", "hbr:GetDiscoveredDatabase", "hbr:GetFileDetectionStatistics", "hbr:GetGlobalStatistics", "hbr:GetMetrics", "hbr:GetNasToRestore", "hbr:GetOssBucketsToRestore", "hbr:GetProtectedResource", "hbr:GetReactivateUserToken", "hbr:GetRunningAgents", "hbr:GetSnapshotErrorFileDownloadLink", "hbr:GetSnapshotRiskFileDownloadLink", "hbr:GetSqlServerDatabasesToRestore", "hbr:GetSqlServersToRestore", "hbr:GetSyncActualSize", "hbr:GetSystemSettings", "hbr:GetTempFileDownloadLink", "hbr:GetTrialInfo", "hbr:GetUniBackupInstallerToken", "hbr:GetUserToken", "hbr:GetValidParameter", "hbr:GetVaultBuckets", "hbr:GetVaultList", "hbr:GetVaultTransition", "hbr:GetVaults", "hbr:InitClusterForCpfs", "hbr:InstallBackupClients", "hbr:InstallLocalBackupClients", "hbr:InstallUniBackupAgent", "hbr:KeepAfterTrialExpiration", "hbr:ListBucketInventory", "hbr:ListGrayReleaseObjectTypes", "hbr:ListOssBuckets", "hbr:ListOtsInstances", "hbr:ListOtsTables", "hbr:ListPolicyTagDataSources", "hbr:ListProtectedResources", "hbr:ListReportFiles", "hbr:ListTagKeys", "hbr:ListTagResources", "hbr:ListTagValues", "hbr:ListVaultTransitions", "hbr:LocalRestoreVms", "hbr:OfflineAgent", "hbr:OpenHbrService", "hbr:OpsDescribeClientConnectionStatistics", "hbr:OpsDescribeClientConnections", "hbr:OpsDescribeMessageStatistics", "hbr:OpsDescribeMessages", "hbr:OpsDescribePolicies", "hbr:OpsDescribePolicyBindings", "hbr:OpsExecutePlans", "hbr:PreCheckDatabase", "hbr:PreCheckSourceGroup", "hbr:PrecheckSqlServerInstance", "hbr:QueryAvailableInstances", "hbr:RecordSubTaskLaunch", "hbr:RemoveDataSource", "hbr:RemoveParameter", "hbr:RemoveVmBackupPlan", "hbr:RenewClientToken", "hbr:ReportFileDetectionRiskFiles", "hbr:ReportStatistics", "hbr:ResumeVmMigration", "hbr:RunVmBackupPlan", "hbr:SearchBackupFiles", "hbr:SearchHistoricalSnapshots", "hbr:SearchObject", "hbr:SendEmailVerifyCode", "hbr:SendMessage", "hbr:SendMobileVerifyCode", "hbr:SendSlaRecord", "hbr:SetNasLimiterForFileSystem", "hbr:SetSystemSetting", "hbr:StartHanaDatabaseAsync", "hbr:StopHanaDatabaseAsync", "hbr:SubmitStreamFileSyncTask", "hbr:TagResources", "hbr:TestRestoreVmMigration", "hbr:UninstallBackupClients", "hbr:UninstallLocalBackupClients", "hbr:UninstallUniBackupAgent", "hbr:UntagResources", "hbr:UpdateAirAlertConfig", "hbr:UpdateAirInstance", "hbr:UpdateAlertConfig", "hbr:UpdateBackupJob", "hbr:UpdateBackupJobToConfirmed", "hbr:UpdateBackupJobs", "hbr:UpdateBackupPlan", "hbr:UpdateBackupSourceGroup", "hbr:UpdateClientAlertConfig", "hbr:UpdateClientClusterForCpfs", "hbr:UpdateCluster", "hbr:UpdateContact", "hbr:UpdateContactGroup", "hbr:UpdateContainerCluster", "hbr:UpdateDataSource", "hbr:UpdateFeatureUserTrialInfo", "hbr:UpdateHanaBackupSetting", "hbr:UpdateHanaRestore", "hbr:UpdateHanaRetentionSetting", "hbr:UpdateIndexCluster", "hbr:UpdateJob", "hbr:UpdateParameter", "hbr:UpdatePlan", "hbr:UpdatePolicy", "hbr:UpdatePolicyBinding", "hbr:UpdatePolicyBindingAlertConfig", "hbr:UpdatePolicyV2", "hbr:UpdateRestore", "hbr:UpdateRestoreJob", "hbr:UpdateServer", "hbr:UpdateSnapshot", "hbr:UpdateSnapshotInner", "hbr:UpdateSqlServerInstance", "hbr:UpdateSqlServerRestore", "hbr:UpdateSubTask", "hbr:UpdateUniBackupInstance", "hbr:UpdateUniBackupPlan", "hbr:UpdateUniBackupTrialUser", "hbr:UpdateUniBackupVault", "hbr:UpdateVcenter", "hbr:UpdateVmBackupPlan", "hbr:UpdateVmBackupPlanExecution", "hbr:UpdateVmClientFlowControlPolicy", "hbr:UpdateVmIncrementalMigration", "hbr:UpdateVmMigration", "hbr:UpgradeBackupClients" ], "Resource": "*" } ] }
獲得帳號層級許可權的RAM使用者或RAM角色,能夠操作整個帳號範圍內的相關資源。請務必確認所授與權限是否符合預期,遵從最小授權原則謹慎分配許可權。
常見問題
如何查看當前資源屬於哪個資源群組?
-
方式一:單擊資源名稱,進入資源的詳情頁面,即可查看到當前資源的資源群組。
-
方式二:登入資源管理主控台,單擊,在左側選擇目標資源所屬帳號(預設為當前帳號),通過篩選條件定位目標資源,即可查看其所屬資源群組。
如何查看當前產品在某個資源群組下的所有資源?
如何批量修改多個資源的資源群組?
登入資源管理主控台,單擊,在目標資源群組所在行的操作列下,單擊資源管理以進入資源管理頁面。通過篩選條件定位多個目標資源,批量勾選第一列的複選框後單擊下方轉移資源群組,並按頁面提示完成資源群組修改。