本文介紹Data Management和資料災備(DBS)服務關聯角色(AliyunServiceRoleForDMS、AliyunServiceRoleForDBS)的應用情境以及如何刪除服務關聯角色。
背景資訊
服務關聯角色是一種RAM角色(RAM role)。在某些情境下,該角色可以協助Data Management擷取到其他雲端服務的存取權限,來實現自身的某個功能。更多關於服務關聯角色的資訊,請參見服務關聯角色。
應用情境
Data Management
當DMS部分功能需要訪問ECS、VPC、RDS以及各類型資料庫或工具相關的資源時,您可以通過DMS服務關聯角色擷取訪問資源的許可權。
資料災備(DBS)
DBS服務關聯角色(AliyunServiceRoleForDBS)是具備其他雲端服務存取權限的RAM角色,DBS接入您在阿里雲購買的雲資料庫(如RDS、MongoDB、 Redis、PolarDB)或阿里雲ECS上自建的資料庫時,需通過AliyunServiceRoleForDBS擷取存取權限。更多資訊,請參見服務關聯角色。
角色介紹
AliyunServiceRoleForDMS
角色名稱:AliyunServiceRoleForDMS
策略名稱稱:AliyunServiceRolePolicyForDMS
許可權說明:建立該關聯角色後,DMS即可訪問ECS、VPC、RDS以及各類型資料庫或工具相關的資源。
許可權的作用
查詢RDS、PolarDB、Lindorm等各類型資料庫的資源詳情,以便管理雲資料庫。
查詢ECS、VPC的資源詳情,以便管理ECS、公網自建資料庫。
使用DTS、DBS等雲生態工具,進行一站式的資料管理。
策略內容
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:DescribeInstances",
"ecs:JoinSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:DescribeImages",
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:RevokeSecurityGroup",
"ecs:DescribeRegions",
"ecs:DescribeInstances",
"ecs:DescribeInstanceAttribute",
"ecs:CreateCommand",
"ecs:DeleteCommand",
"ecs:DescribeInvocationResults"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:InvokeCommand",
"ecs:StopInvocation"
],
"Resource": "acs:ecs:*:*:instance/*",
"Condition": {
"StringEquals": {
"acs:ResourceTag/dms": "script-for-dms"
}
},
"Effect": "Allow"
},
{
"Action": [
"ecs:InvokeCommand",
"ecs:StopInvocation"
],
"Resource": "acs:ecs:*:*:command/*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeDBInstanceHAConfig",
"rds:DescribeBinlogFiles",
"rds:DescribeDBInstancePerformance",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeSlowLogs",
"rds:DescribeSlowLogRecords",
"rds:DescribeSQLCollectorPolicy",
"rds:ModifySQLCollectorPolicy",
"rds:DescribeSQLLogRecords",
"rds:DescribeSQLLogFiles",
"rds:DescribeResourceUsage",
"rds:DescribeRegions",
"rds:DescribeDBInstances",
"rds:DescribeDBInstanceAttribute",
"rds:ModifyBackupPolicy",
"rds:DescribeSecurityGroupConfiguration",
"rds:DescribeDBInstanceEncryptionKey",
"rds:DescribeDBInstanceTDE",
"rds:DescribeDBInstanceSSL",
"rds:DescribeCrossRegionBackupDBInstance",
"rds:DescribeSQLCollectorRetention",
"rds:TagResources",
"rds:UntagResources",
"rds:ListTagResources",
"rds:DescribeDBInstanceByTags",
"rds:DescribeDatabases"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeSecurityIps",
"dds:ModifySecurityIps",
"dds:DescribeDBInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeSecurityIps",
"kvstore:ModifySecurityIps",
"kvstore:DescribeRegions",
"kvstore:DescribeInstances",
"kvstore:DescribeInstanceAttribute",
"kvstore:DescribeInstanceConfig"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"drds:DescribeDrdsInstances",
"drds:QueryInstanceInfoByConn",
"drds:DescribeDrdsInstanceList",
"drds:DescribeDrdsDBIpWhiteList",
"drds:ModifyDrdsIpWhiteList",
"drds:DescribeDrdsInstanceVersion"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeRegions",
"polardb:DescribeDBClusters",
"polardb:DescribeDBClusterAttribute",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeMaskingRules",
"polardb:ModifyMaskingRules",
"polardb:DeleteMaskingRules",
"polardb:DescribeDBClusterVersion",
"polardb:DescribeDBClusterAuditLogCollector"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardbx:DescribeDBInstances",
"polardbx:DescribeSecurityIps",
"polardbx:ModifySecurityIps",
"polardbx:DescribeDBInstanceAttribute",
"polardbx:DescribeBinaryLogList",
"polardbx:DescribeDBInstanceViaEndpoint"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"petadata:DescribeInstances",
"petadata:DescribeInstanceInfoByConnection",
"petadata:DescribeSecurityIPs",
"petadata:ModifySecurityIPs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"hdm:AccessHDMInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dts:CreateMigrationJob",
"dts:ConfigureMigrationJob",
"dts:StartMigrationJob",
"dts:StopMigrationJob",
"dts:DescribeMigrationJobStatus",
"dts:DescribeMigrationJobDetail",
"dts:CreateSynchronizationJob",
"dts:ConfigureSynchronizationJob",
"dts:StartSynchronizationJob",
"dts:SuspendSynchronizationJob",
"dts:DescribeSynchronizationJobStatus",
"dts:ShieldPrecheck",
"dts:CreateDtsInstance",
"dts:ConfigureDtsJob",
"dts:StartDtsJob",
"dts:ModifyDtsJob",
"dts:StopDtsJob",
"dts:DescribeDtsJobDetail",
"dts:DescribeDtsJobs",
"dts:ConfigureEtlJob",
"dts:SaveEtlJob",
"dts:SuspendDtsJob",
"dts:DeleteDtsJob",
"dts:ModifyDtsJobName",
"dts:SkipPreCheck",
"dts:DescribeDtsEtlJobVersionInfo",
"dts:DescribeEtlJobLogs",
"dts:PreviewSql",
"dts:DescribePreCheckStatus",
"dts:DescribeDtsJobLogs",
"dts:DescribeJobMonitorRule",
"dts:CreateJobMonitorRule",
"dts:DescribeConfigRelations",
"dts:DescribeFormInfo",
"dts:DescribeDmsInstanceDetail",
"dts:DescribeSchemaList",
"dts:DescribeColumns",
"dts:DescribeStruct",
"dts:DescribeDtsInstancePrice",
"dts:DescribeRegions",
"dts:DescribeInstanceInventory",
"dts:CreateCheckJob",
"dts:DescribeCheckJobDiffDetails",
"dts:EtlMockData",
"dts:EtlMockResult",
"dts:DescribeCheckJobStatus",
"dts:DescribeDtsJobStatistics",
"dts:Ping",
"dts:DescribeUploadPolicy"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"apigateway:CreateApiGroup",
"apigateway:ModifyApiGroup",
"apigateway:DeleteApiGroup",
"apigateway:DescribeApiGroups",
"apigateway:CreateApi",
"apigateway:ModifyApi",
"apigateway:DeployApi",
"apigateway:AbolishApi",
"apigateway:DeleteApi",
"apigateway:DescribeApi",
"apigateway:DescribeApis",
"apigateway:CreateApp",
"apigateway:ModifyApp",
"apigateway:DeleteApp",
"apigateway:DescribeAppSecurity",
"apigateway:ResetAppCode",
"apigateway:ResetAppSecret",
"apigateway:DescribeAppAttributes",
"apigateway:SetApisAuthorities",
"apigateway:DescribeAuthorizedApps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dg:GetUserGateways",
"dg:GetUserDatabases",
"dg:GetUserGatewayInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"openanalytics:QueryBucketList",
"openanalytics:QueryDirectoryList",
"openanalytics:ListVirtualClusters",
"openanalytics:SubmitSparkJob",
"openanalytics:KillSparkJob",
"openanalytics:GetJobLog",
"openanalytics:GetJobDetail",
"openanalytics:GetJobStatus",
"openanalytics:ExecuteService",
"openanalytics:QueryService",
"openanalytics:ExecuteOnVirtualCluster"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dbs:DescribeBackupPlanList",
"dbs:DescribeFullBackupList",
"dbs:CreateBackupPlan",
"dbs:ConfigureBackupPlan",
"dbs:ModifyBackupObjects",
"dbs:StartBackupPlan",
"dbs:ModifyBackupSourceEndpoint",
"dbs:StartTask",
"dbs:StopBackupPlan",
"dbs:CreateRestoreTask",
"dbs:StartRestoreTask",
"dbs:DescribeRestoreTaskList",
"dbs:DescribeRestoreRangeInfo",
"dbs:CreateDLAService",
"dbs:DescribeDLAService",
"dbs:CloseDLAService",
"dbs:CreateAndStartBackupPlan",
"dbs:DescribeFullBackupSet",
"dbs:DescribeDataSourceQueryableAttribute",
"dbs:DescribeDataSourceQueryableAttributeDetail",
"dbs:GetTimeTravelInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oceanbase:DescribeAllTenantsConnectionInfo",
"oceanbase:DescribeInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "dms.aliyuncs.com"
}
}
},
{
"Action": [
"hbase:DescribeInstances",
"hbase:DescribeInstance",
"hbase:DescribeEndpoints",
"hbase:DescribeIpWhitelist",
"hbase:ModifyIpWhitelist"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cassandra:DescribeClusters",
"cassandra:DescribeCluster",
"cassandra:DescribeDataCenters",
"cassandra:DescribeIpWhitelistGroups",
"cassandra:ModifyIpWhitelistGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"lindorm:GetLindormInstanceList",
"lindorm:GetLindormInstance",
"lindorm:GetLindormInstanceEngineList",
"lindorm:GetLindormInstanceListForDMS",
"lindorm:GetLindormInstanceForDMS",
"lindorm:GetLindormInstanceForDMSByConnStr",
"lindorm:GetInstanceIpWhiteList",
"lindorm:UpdateInstanceIpWhiteList",
"lindorm:CreateComputeEngineJob",
"lindorm:GetComputeEngineJobDetail",
"lindorm:GetComputeEngineJobLog",
"lindorm:ReleaseLindormComputeJob"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"adb:CreateDBCluster",
"adb:CreateAccount",
"adb:DescribeDBClusters",
"adb:DescribeDBClusterNetInfo",
"adb:SubmitSparkApp",
"adb:KillSparkApp",
"adb:ListSparkApps",
"adb:GetSparkAppLog",
"adb:GetSparkAppInfo",
"adb:GetSparkAppState",
"adb:GetSparkAppAttemptLog",
"adb:GetSparkAppWebUiAddress",
"adb:ListSparkAppAttempts",
"adb:DescribeDBClusterAttribute",
"adb:DescribeDBResourceGroup",
"adb:ExecuteSparkWarehouseBatchSQL",
"adb:CancelSparkWarehouseBatchSQL",
"adb:GetSparkWarehouseBatchSQL"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"gpdb:DescribeDBInstances",
"gpdb:ResumeInstance",
"gpdb:PauseInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"hologram:GetInstance",
"hologram:ListInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"gdb:DescribeDbInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:ListBuckets"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"selectdb:DescribeDBInstances",
"selectdb:DescribeDBInstanceAttribute",
"selectdb:DescribeDBInstanceNetInfo",
"selectdb:DescribeSecurityIPList",
"selectdb:ModifySecurityIPList"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"clickhouse:DescribeDBClusters",
"clickhouse:DescribeDBInstances",
"clickhouse:DescribeDBInstanceAttribute",
"clickhouse:DescribeEndpoints",
"clickhouse:DescribeSecurityIPList",
"clickhouse:ModifySecurityIPList"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"sr:ListInstances",
"sr:GetInstanceDetail",
"sr:DescribeRegions",
"sr:GetDmsConnectionInfo",
"sr:GetNetworkMappingIp"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dbs-inner:DescribeDataSourceQueryableAttribute",
"dbs-inner:DescribeDataSourceQueryableAttributeDetail",
"dbs-inner:GetTimeTravelInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:ListSecrets",
"kms:GetSecretValue",
"kms:Decrypt",
"kms:ListKmsInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:CreateAccount",
"rds:DeleteAccount",
"rds:ResetAccountPassword",
"rds:GrantAccountPrivilege",
"rds:RevokeAccountPrivilege",
"rds:CheckAccountNameAvailable"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"rds:tag/dms": "account-management"
}
},
"Effect": "Allow"
},
{
"Action": [
"ots:ListInstance"
],
"Resource": "*",
"Effect": "Allow"
}
]
}AliyunServiceRoleForDBS
角色名稱:AliyunServiceRoleForDBS
策略名稱稱:AliyunServiceRolePolicyForDBS
許可權說明:建立該關聯角色後,資料災備(DBS)即可接入您在阿里雲購買的雲資料庫(如RDS、MongoDB、 Redis、PolarDB)或阿里雲ECS上自建的資料庫。
策略內容
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceNetInfoForChannel",
"rds:DescribeTasks",
"rds:DescribeDBInstances",
"rds:DescribeFilesForSQLServer",
"rds:DescribeImportsForSQLServer",
"rds:DescribeSlowLogRecords",
"rds:DescribeBinlogFiles",
"rds:DescribeSQLLogRecords",
"rds:DescribeParameters",
"rds:DescribeParameterTemplates",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDatabases",
"rds:DescribeAccounts",
"rds:DescribeSecurityIPList",
"rds:DescribeSecurityIps",
"rds:DescribeDBInstanceIPArray",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstanceSSL",
"rds:DescribeDBInstanceTDE",
"rds:CreateDBInstance",
"rds:CreateAccount",
"rds:CreateDatabase",
"rds:ModifySecurityIps",
"rds:GrantAccountPrivilege",
"rds:CreateMigrateTask",
"rds:CreateOnlineDatabaseTask",
"rds:DescribeMigrateTasks",
"rds:DescribeOssDownloads",
"rds:CreateBackup",
"rds:DescribeBackups",
"rds:DescribeBackupPolicy",
"rds:ModifyBackupPolicy",
"rds:DescribeBackupTasks",
"rds:DescribeBinlogFiles",
"rds:DescribeResourceUsage",
"rds:DescribeAvailableZones",
"rds:DescribeAvailableClasses",
"rds:ListClasses",
"rds:CreateDdrInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeInstance",
"ecs:DescribeInstances",
"ecs:DescribeVpcs",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:JoinSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DescribeSnapshotLinks",
"ecs:DescribeSnapshots",
"ecs:ModifySnapshotAttribute",
"ecs:ResizeDisk",
"ecs:CreateSecurityGroup",
"ecs:ModifySecurityGroupPolicy"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:ListKeys"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:PutEventRule",
"cms:PutEventTargets",
"cms:ListEventRules",
"cms:ListEventTargetsByRule",
"cms:DeleteEventRule",
"cms:DeleteEventTargets"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusterAttribute",
"polardb:DescribeDBClusterIPArrayList",
"polardb:DescribeDBClusterNetInfo",
"polardb:DescribeDBClusters",
"polardb:ModifySecurityIps",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeDBClusterAccessWhitelist",
"polardb:ModifyDBClusterAccessWhitelist"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstanceAttribute",
"dds:DescribeReplicaSetRole",
"dds:DescribeShardingNetworkAddress",
"dds:DescribeSecurityIps",
"dds:DescribeDBInstances",
"dds:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstances",
"kvstore:DescribeAccounts",
"kvstore:DescribeDBInstanceNetInfo",
"kvstore:CreateAccount",
"kvstore:ModifySecurityIps",
"kvstore:DescribeInstanceAttribute",
"kvstore:AllocateInstancePrivateConnection",
"kvstore:DescribeLogicInstanceTopology"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"drds:DescribeDrdsDB",
"drds:DescribeDrdsDBs",
"drds:DescribeDrdsDbInstance",
"drds:DescribeDrdsDbInstances",
"drds:DescribeDrdsDBIpWhiteList",
"drds:DescribeDrdsInstances",
"drds:ModifyDrdsIpWhiteList",
"drds:CreateDrdsDB",
"drds:DescribeTable",
"drds:DescribeTables",
"drds:ModifyRdsReadWeight",
"drds:ChangeAccountPassword",
"drds:CreateDrdsInstance",
"drds:CreateInstanceInternetAddress",
"drds:DescribeInstanceAccounts",
"drds:DescribeBackupSets",
"drds:DescribeDbInstances",
"drds:DescribeDrdsCrossRegionBackups",
"drds:DescribeCrossBackupMetadata",
"drds:RegisterCrossRegionBackupSet",
"drds:DeleteCrossRegionBackupSet",
"drds:DescribeDrdsRdsInstances",
"drds:CreateDrdsCrossInstance",
"drds:DescribeDrdsInstanceLevelTasks"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"privatelink:CreateVpcEndpoint",
"privatelink:ListVpcEndpoints",
"privatelink:AddZoneToVpcEndpoint",
"privatelink:ListVpcEndpointZones",
"privatelink:RemoveZoneFromVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"privatelink:DeleteVpcEndpoint"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"bssapi:QueryResourcePackageInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "hdm:AddHDMInstance",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "dbs.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "privatelink.aliyuncs.com"
}
}
},
{
"Action": [
"dg:GetUserGateways",
"dg:GetUserDatabases",
"dg:AddDatabase",
"dg:DescribeRegions"
],
"Resource": "*",
"Effect": "Allow"
}
]
}建立服務關聯角色所需的許可權
Data Management
您需要擁有指定的許可權,才能建立DMS服務關聯角色。
若您的RAM使用者權限不足,則需要添加如下許可權後再執行為RAM使用者授權操作。添加許可權和授權的具體操作,請參見建立自訂權限原則和為RAM使用者授權。
權限原則樣本:允許為DMS建立服務關聯角色。
{
"Action":"ram:CreateServiceLinkedRole",
"Resource":"*",
"Effect":"Allow",
"Condition":{
"StringEquals":{
"ram:ServiceName": "dms.aliyuncs.com"
}
}
}資料災備(DBS)
您需要擁有指定的許可權,才能建立資料災備(DBS)服務關聯角色。
若您的RAM使用者權限不足,則需要添加如下許可權後再執行為RAM使用者授權操作。添加許可權和授權的具體操作,請參見建立自訂權限原則和為RAM使用者授權。
權限原則樣本:允許為資料災備(DBS)建立服務關聯角色。
{
"Action":"ram:CreateServiceLinkedRole",
"Resource":"*",
"Effect":"Allow",
"Condition":{
"StringEquals":{
"ram:ServiceName": "dms.aliyuncs.com"
}
}
}建立服務關聯角色
Data Management
若您的RAM使用者已添加DMS建立服務關聯角色許可權,則需要登入DMS控制台,並且在彈出的DMS服務關聯角色對話方塊中,單擊確認,系統將自動為您建立DMS服務關聯角色。更多建立服務關聯角色資訊,請參見建立服務關聯角色。
資料災備(DBS)
當您初次使用資料災備(DBS)時,系統會自動建立該服務關聯角色。在使用資料災備(DBS)之前,您需要將服務關聯角色(AliyunServiceRoleForDBS)授權給資料災備(DBS),以確保資料災備(DBS)具備訪問您的資料庫的許可權。
查看服務關聯角色
Data Management
當Data Management服務關聯角色(AliyunServiceRoleForDMS)建立成功後,您可以在RAM控制台查看該角色。包括角色基本資料、角色的信任策略和角色的權限原則(AliyunServiceRolePolicyForDMS)。
登入RAM控制台。
在左側導覽列,選擇身份管理 > 角色。
在角色頁面,搜尋並單擊AliyunServiceRoleForDMS。
查看角色的基本資料。
在角色詳情頁面的基本資料地區,查看RAM角色名稱、建立時間和ARN等資訊。
查看角色的信任策略。
在角色詳情頁面,單擊信任策略頁簽,通過
Service欄位查看可以使用該角色的雲端服務。例如:"Service": ["dms.aliyuncs.com"]。查看角色的權限原則(AliyunServiceRolePolicyForDMS)。
在角色詳情頁面,單擊許可權管理頁簽。
單擊權限原則名稱AliyunServiceRolePolicyForDMS。
在策略內容頁簽中,查看權限原則具體內容。
說明不支援在RAM的權限原則列表中直接查看服務關聯角色的權限原則。
資料災備(DBS)
當資料災備(DBS)服務關聯角色(AliyunServiceRoleForDBS)建立成功後,您可以在RAM控制台查看該角色。包括角色基本資料、角色的信任策略和角色的權限原則(AliyunServiceRolePolicyForDBS)。
登入RAM控制台。
在左側導覽列,選擇身份管理 > 角色。
在角色頁面,搜尋並單擊AliyunServiceRoleForDBS。
查看角色的基本資料。
在角色詳情頁面的基本資料地區,查看RAM角色名稱、建立時間和ARN等資訊。
查看角色的信任策略。
在角色詳情頁面,單擊信任策略頁簽,通過
Service欄位查看可以使用該角色的雲端服務。例如:"Service": ["dbs.aliyuncs.com"]。查看角色的權限原則(AliyunServiceRolePolicyForDBS)。
在角色詳情頁面,單擊許可權管理頁簽。
單擊權限原則名稱AliyunServiceRolePolicyForDBS。
在策略內容頁簽中,查看權限原則具體內容。
說明不支援在RAM的權限原則列表中直接查看服務關聯角色的權限原則。
刪除服務關聯角色
Data Management
若您需要刪除服務關聯角色(AliyunServiceRoleForDMS),需要在DMS控制台上移除執行個體列表中的所有執行個體,移除後再嘗試刪除該服務關聯角色。移除執行個體和服務關聯角色的具體操作,請參見刪除執行個體和刪除服務關聯角色。
資料災備(DBS)
您可以在RAM控制台手動刪除服務關聯角色(AliyunServiceRoleForDBS)。具體操作,請參見刪除RAM角色。