首次使用獨享資源群組時,您需要先授權DataWorks訪問其他阿里雲產品的相關許可權。授權完成後,系統將自動建立名為AliyunServiceRoleForDataWorks的服務關聯角色。該角色用於DataWorks訪問您在其他阿里雲產品中的資源。本文為您介紹如何查看該角色詳情。
背景資訊
更多服務關聯角色的介紹,詳情請參見服務關聯角色。
AliyunServiceRoleForDataWorks介紹
角色名稱:AliyunServiceRoleForDataWorks
角色用途:用於DataWorks(DataWorks)的服務關聯角色,DataWorks使用此角色來訪問您在其他雲產品(如Elastic Compute Service、Virtual Private Cloud、Apsara File Storage NAS、Container RegistryACR、雲原生MaxCompute、Object Storage Service)中的資源。
綁定的角色策略:AliyunServiceRolePolicyForDataWorks
權限原則詳情:
您可單擊RAM控制台中的,查看服務關聯角色資訊。
單擊服務關聯角色名稱,可在許可權管理頁簽查看關聯的系統策略資訊。以下是當前策略中涉及的各產品許可權內容:
Elastic Compute Service的存取權限
{ "Version": "1", "Statement": [ { "Action": [ "ecs:AttachNetworkInterface", "ecs:AuthorizeSecurityGroup", "ecs:AuthorizeSecurityGroupEgress", "ecs:CreateNetworkInterface", "ecs:CreateNetworkInterfacePermission", "ecs:CreateSecurityGroup", "ecs:DeleteNetworkInterface", "ecs:DeleteNetworkInterfacePermission", "ecs:DeleteSecurityGroup", "ecs:DescribeNetworkInterfacePermissions", "ecs:DescribeNetworkInterfaces", "ecs:DescribeSecurityGroupAttribute", "ecs:DescribeSecurityGroupReferences", "ecs:DescribeSecurityGroups", "ecs:DetachNetworkInterface", "ecs:JoinSecurityGroup", "ecs:LeaveSecurityGroup", "ecs:ModifyNetworkInterfaceAttribute", "ecs:ModifySecurityGroupAttribute", "ecs:ModifySecurityGroupPolicy", "ecs:ModifySecurityGroupRule", "ecs:RevokeSecurityGroup", "ecs:RevokeSecurityGroupEgress", "ecs:AssignIpv6Addresses", "ecs:UnassignIpv6Addresses" ], "Resource": "*", "Effect": "Allow" } ] }Virtual Private Cloud存取權限
{ "Version": "1", "Statement": [ { "Action": [ "vpc:DescribeVpcs", "vpc:DescribeVpcAttribute", "vpc:DescribeVSwitches", "vpc:DescribeVSwitchAttributes", "vpc:CreateVpc", "vpc:CreateVSwitch" ], "Resource": "*", "Effect": "Allow" } ] }Apsara File Storage NAS存取權限
{ "Version": "1", "Statement": [ { "Action": [ "nas:DescribeFileSystems", "nas:DescribeMountTargets", "nas:CreateMountTarget", "nas:ModifyMountTarget", "nas:DescribeProtocolMountTarget" ], "Effect": "Allow", "Resource": "*" } ] }Container RegistryACR存取權限
{ "Version": "1", "Statement": [ { "Action": [ "cr:ListNamespace", "cr:ListRepository", "cr:GetAuthorizationToken", "cr:ListInstanceEndpoint", "cr:PullRepository", "cr:PushRepository", "cr:GetInstance", "cr:GetInstanceVpcEndpoint", "cr:ListInstance", "cr:ListInstanceDomain", "cr:GetRepository", "cr:GetRepositoryLayers", "cr:ListRepositoryTag", "cr:GetNamespace", "cr:GetRepoTag", "cr:CreateInstanceVpcEndpointLinkedVpc", "cr:GetInstanceEndpoint" ], "Resource": "*", "Effect": "Allow" } ] }雲原生MaxCompute存取權限
{ "Version": "1", "Statement": [ { "Action": [ "odps:GetImage", "odps:AddImage", "odps:RemoveImage" ], "Resource": "*", "Effect": "Allow" } ] }Object Storage Service存取權限
{ "Version": "1", "Statement": [ { "Action": [ "oss:GetObject", "oss:PutObject", "oss:DeleteObject", "oss:ListParts", "oss:AbortMultipartUpload", "oss:ListObjects", "oss:ListBuckets", "oss:PutBucketCors", "oss:GetBucketCors", "oss:DeleteBucketCors", "oss:GetBucketInfo", "oss:ListBuckets" ], "Resource": "*", "Effect": "Allow" } ] }DataWorks資源控制許可權
{ "Version": "1", "Statement": [ { "Action": [ "dataworks:ListTagResources", "dataworks:TagResources", "dataworks:UntagResources", "dataworks:ChangeResourceManagerResourceGroup" ], "Resource": "*", "Effect": "Allow" } ] }