當您使用資源群組對資源進行分組管理時,可以結合存取控制(RAM),在單個阿里雲帳號內實現資源的隔離和精微調權限管理。本文總結了E-MapReduce對資源群組的支援情況,以及資源群組層級的授權操作步驟。
-
只有支援資源群組的資源類型和支援資源群組層級授權的操作,資源群組層級授權才會生效。
-
對於不支援資源群組的資源類型,授予資源群組範圍的許可權將無效。在選擇資源範圍時,請選擇帳號層級,進行帳號層級授權。具體操作,請參見不支援資源群組層級授權的操作。
資源群組授權的工作原理
您可以使用資源群組(Resource Group)對阿里雲帳號內的資源進行分組管理。例如,為不同的專案建立對應的資源群組,並將資源轉移到對應的組中,以便集中管理各專案的資源。更多資訊,請參見什麼是資源群組。
在完成資源分組後,您可以為不同的RAM授權主體(RAM使用者、RAM使用者組或RAM角色)授予指定資源群組範圍的許可權,從而限定這個授權主體只能管理該資源群組內的資源。更多資訊,請參見資源分組和授權。
這種授權方式的優點有:
-
許可權精細化:確保每個身份能獲得最準確的資源存取權限,避免帳號下的多重專案的資源混合管理。
-
良好的擴充性:後續新增資源時,只需將其加入該資源群組,RAM身份便會自動獲得新資源的相應許可權,無需再次授權。
為RAM使用者授予資源群組層級的許可權
下面以RAM使用者為例,介紹授予指定資源群組內E-MapReduce資源許可權的操作步驟。
1. 前置步驟
2. 進行資源群組層級授權
您可以通過以下任一方式進行資源群組層級授權。
方式一:在資源管理主控台中授權
通過資源群組的許可權管理功能為指定 RAM 使用者授權。詳情操作可參見為RAM身份授予資源群組範圍的許可權。
方式二:在 RAM 控制台中授權
通過RAM控制台為指定 RAM 使用者進行資源群組層級授權。詳細操作可參見為RAM使用者授權。
支援資源群組的資源類型
E-MapReduce支援資源群組的資源類型如下表所示:
|
雲端服務 |
雲端服務代碼 |
資源類型 |
|
E-MapReduce |
emr |
cluster : 叢集 |
|
E-MapReduce |
emr |
flowproject : 專案 |
對於暫不支援資源群組的資源類型,如有需要,您可以在資源群組控制台提交反饋。
不支援資源群組層級授權的操作
E-MapReduce中不支援資源群組層級授權的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
emr:AttachCluster |
- |
|
emr:AttachClusterForNote |
- |
|
emr:AuthRealName |
- |
|
emr:BindPrivateZoneVpc |
- |
|
emr:CheckAssumeRole |
- |
|
emr:CheckDLFCatalogAuth |
- |
|
emr:CheckProductActiveStatus |
- |
|
emr:CheckRenewClusterForAdmin |
- |
|
emr:CheckUserBalance |
- |
|
emr:CheckUserRole |
- |
|
emr:CleanupFlowEntitySnapshot |
- |
|
emr:CommitFlowEntitySnapshot |
- |
|
emr:CommonApiWhiteList |
- |
|
emr:CreateAlertContact |
- |
|
emr:CreateAlertDingDingGroup |
- |
|
emr:CreateAlertUserGroup |
- |
|
emr:CreateBackup |
- |
|
emr:CreateBackupPlan |
- |
|
emr:CreateBackupRule |
- |
|
emr:CreateCloudNativeCluster |
- |
|
emr:CreateClusterCost |
- |
|
emr:CreateClusterEni |
- |
|
emr:CreateClusterTemplate |
- |
|
emr:CreateClusterV2 |
- |
|
emr:CreateClusterV3 |
- |
|
emr:CreateClusterWithTemplate |
- |
|
emr:CreateClusterWithTemplateForInternal |
- |
|
emr:CreateDisasterRecoveryPlan |
- |
|
emr:CreateExternalUsers |
- |
|
emr:CreateFlowProject |
- |
|
emr:CreateFlowProjectClusterSetting |
- |
|
emr:CreateJob |
- |
|
emr:CreateJobExecutionPlanFolder |
- |
|
emr:CreateLdapUser |
- |
|
emr:CreateLibrary |
- |
|
emr:CreateMetaTablePreviewTask |
- |
|
emr:CreateMetaTablePreviewTaskForOuter |
- |
|
emr:CreateNote |
- |
|
emr:CreateOnKubeCluster |
- |
|
emr:CreateParagraph |
- |
|
emr:CreateScalingGroupV2 |
- |
|
emr:CreateScalingRule |
- |
|
emr:CreateUserPassword |
- |
|
emr:CreateUserStatistics |
- |
|
emr:CreateVerificationCode |
- |
|
emr:DeleteAlertContacts |
- |
|
emr:DeleteAlertDingDingGroups |
- |
|
emr:DeleteAlertUserGroups |
- |
|
emr:DeleteApiTemplate |
- |
|
emr:DeleteApplication |
- |
|
emr:DeleteClusterScript |
- |
|
emr:DeleteClusterTemplate |
- |
|
emr:DeleteDiagnoseReport |
- |
|
emr:DeleteDisasterRecoveryPlan |
- |
|
emr:DeleteExecutionPlan |
- |
|
emr:DeleteFlowEditLock |
- |
|
emr:DeleteFlowProject |
- |
|
emr:DeleteFlowProjectById |
- |
|
emr:DeleteFlowProjectClusterSetting |
- |
|
emr:DeleteFlowProjectUser |
- |
|
emr:DeleteJob |
- |
|
emr:DeleteJobExecutionPlanFolder |
- |
|
emr:DeleteJobExecutionPlanParam |
- |
|
emr:DeleteLibraries |
- |
|
emr:DeleteNote |
- |
|
emr:DeleteParagraph |
- |
|
emr:DeleteScalingRule |
- |
|
emr:DeleteScalingTaskGroup |
- |
|
emr:DeleteUsers |
- |
|
emr:DescribeAvailableInstanceType |
- |
|
emr:DescribeClusterForInternal |
- |
|
emr:DescribeClusterForOuter |
- |
|
emr:DescribeClusterHealth |
- |
|
emr:DescribeClusterOperationHostTaskLog |
- |
|
emr:DescribeClusterResourcePoolSchedulerTypeForAdmin |
- |
|
emr:DescribeClusterServiceConfigForAdmin |
- |
|
emr:DescribeClusterServiceConfigTagForAdmin |
- |
|
emr:DescribeClusterTemplate |
- |
|
emr:DescribeDiskOpsActivity |
- |
|
emr:DescribeEmrMainVersion |
- |
|
emr:DescribeExecutionPlan |
- |
|
emr:DescribeFlowAgentToken |
- |
|
emr:DescribeFlowAgentUser |
- |
|
emr:DescribeFlowEntitySnapshot |
- |
|
emr:DescribeFlowNodeInstanceContainerLog |
- |
|
emr:DescribeFlowProjectClusterSetting |
- |
|
emr:DescribeJob |
- |
|
emr:DescribeKafkaReassign |
- |
|
emr:DescribeLibraryDetail |
- |
|
emr:DescribeLibraryInstallTaskDetail |
- |
|
emr:DescribeMetaDataSourceForOuter |
- |
|
emr:DescribeMetaDatabaseForOuter |
- |
|
emr:DescribeMetaTableColumnForOuter |
- |
|
emr:DescribeMetaTablePartitionForOuter |
- |
|
emr:DescribeMetaTablePreviewTask |
- |
|
emr:DescribeMetaTablePreviewTaskForOuter |
- |
|
emr:DescribeNote |
- |
|
emr:DescribeOperationTask |
- |
|
emr:DescribeParagraph |
- |
|
emr:DescribeRdsInstance |
- |
|
emr:DescribeScalingActivity |
- |
|
emr:DescribeScalingCommonConfig |
- |
|
emr:DescribeScalingGroupInstanceV2 |
- |
|
emr:DescribeScalingGroupV2 |
- |
|
emr:DescribeScalingMetrics |
- |
|
emr:DescribeScalingRule |
- |
|
emr:DescribeScalingTaskGroup |
- |
|
emr:DescribeServiceConfigDefinition |
- |
|
emr:DescribeServiceHealth |
- |
|
emr:DescribeUserStatistics |
- |
|
emr:DetachAndReleaseClusterEni |
- |
|
emr:DetachCluster |
- |
|
emr:DetachClusterForNote |
- |
|
emr:DiffFlowEntitySnapshot |
- |
|
emr:DumpMetaDataSourceForOuter |
- |
|
emr:EnableApplication |
- |
|
emr:ExecuteFsAction |
- |
|
emr:ExecuteHiveSql |
- |
|
emr:ExistsUser |
- |
|
emr:GetApiTemplate |
- |
|
emr:GetApplicationActions |
- |
|
emr:GetAuditLogs |
- |
|
emr:GetBackPlanInfo |
- |
|
emr:GetBackupInfo |
- |
|
emr:GetBackupRuleInfo |
- |
|
emr:GetClusterCost |
- |
|
emr:GetCostUploadSignature |
- |
|
emr:GetDisasterRecoveryPlan |
- |
|
emr:GetDoctorApplication |
- |
|
emr:GetDoctorComputeSummary |
- |
|
emr:GetDoctorHBaseCluster |
- |
|
emr:GetDoctorHBaseRegion |
- |
|
emr:GetDoctorHBaseRegionServer |
- |
|
emr:GetDoctorHBaseTable |
- |
|
emr:GetDoctorHDFSCluster |
- |
|
emr:GetDoctorHDFSDirectory |
- |
|
emr:GetDoctorJob |
- |
|
emr:GetFlowAgentTrackStatus |
- |
|
emr:GetFlowAuditLogs |
- |
|
emr:GetFlowEntityRelationGraph |
- |
|
emr:GetMetadataTypeList |
- |
|
emr:GetOverview |
- |
|
emr:GetPriceForCreate |
- |
|
emr:GetPriceForCreateOnKubeCluster |
- |
|
emr:GetReleaseVersion |
- |
|
emr:GetSlsTempToken |
- |
|
emr:GetSupportApplications |
- |
|
emr:HasRamOauthPolicy |
- |
|
emr:IncreaseNodesDiskSize |
- |
|
emr:InnerCheckAckInstance |
- |
|
emr:InnerDescribeUserAccountStatus |
- |
|
emr:InstallLibraries |
- |
|
emr:KillExecutionJobInstance |
- |
|
emr:KillExecutionPlanInstance |
- |
|
emr:ListAdviceAction |
- |
|
emr:ListAlertContacts |
- |
|
emr:ListApmMetadata |
- |
|
emr:ListApplicationConfigVersions |
- |
|
emr:ListBackupPlans |
- |
|
emr:ListBackupRules |
- |
|
emr:ListBackups |
- |
|
emr:ListClusterAttach |
- |
|
emr:ListClusterBootstrapActions |
- |
|
emr:ListClusterCosts |
- |
|
emr:ListClusterForOuter |
- |
|
emr:ListClusterHostComponentForAdmin |
- |
|
emr:ListClusterOperationHostTask |
- |
|
emr:ListClusterServiceConfigHistoryForAdmin |
- |
|
emr:ListClusterTag |
- |
|
emr:ListClusterTagForAdmin |
- |
|
emr:ListClusterTemplates |
- |
|
emr:ListClusterTypes |
- |
|
emr:ListComponentDefaultTopologies |
- |
|
emr:ListDependApplications |
- |
|
emr:ListDisasterRecoveryPlans |
- |
|
emr:ListDisasterRecoveryRecords |
- |
|
emr:ListDiskOpsEvents |
- |
|
emr:ListDoctorComputeSummary |
- |
|
emr:ListDoctorHBaseRegionServers |
- |
|
emr:ListDoctorHBaseTables |
- |
|
emr:ListDoctorJobs |
- |
|
emr:ListDoctorJobsStats |
- |
|
emr:ListEmrAvailableConfig |
- |
|
emr:ListEmrAvailableMetaType |
- |
|
emr:ListEmrAvailableResource |
- |
|
emr:ListEmrMainVersion |
- |
|
emr:ListEmrMainVersionServiceGroup |
- |
|
emr:ListEmrMainVersions |
- |
|
emr:ListExecutePlanMigrateInfo |
- |
|
emr:ListExecutionPlanInstanceTrend |
- |
|
emr:ListFailureJobExecutionInstances |
- |
|
emr:ListFeatures |
- |
|
emr:ListFlowClusterAllHosts |
- |
|
emr:ListFlowClusterK8sNamespace |
- |
|
emr:ListFlowEntitySnapshot |
- |
|
emr:ListFlowProjectClusterSetting |
- |
|
emr:ListFlowProjectUser |
- |
|
emr:ListGlobalConfigs |
- |
|
emr:ListHealthRule |
- |
|
emr:ListJobExecutionInstanceTrend |
- |
|
emr:ListJobExecutionInstances |
- |
|
emr:ListJobExecutionPlanHierarchy |
- |
|
emr:ListJobInstanceWorkers |
- |
|
emr:ListJobMigrateInfo |
- |
|
emr:ListKMSKeys |
- |
|
emr:ListKafkaReassign |
- |
|
emr:ListKafkaReassignForAdmin |
- |
|
emr:ListKafkaReassignTopic |
- |
|
emr:ListKafkaTopicStatistics |
- |
|
emr:ListKafkaTopicStatisticsForAdmin |
- |
|
emr:ListKeyPairNames |
- |
|
emr:ListLdapUsers |
- |
|
emr:ListLibraries |
- |
|
emr:ListLibraryInstallTasks |
- |
|
emr:ListLibraryStatus |
- |
|
emr:ListLocalDiskComponentInfo |
- |
|
emr:ListMetaCluster |
- |
|
emr:ListMetaDataSourceForOuter |
- |
|
emr:ListMetaDatabaseForOuter |
- |
|
emr:ListMetaTableColumnForOuter |
- |
|
emr:ListMetaTableForOuter |
- |
|
emr:ListMetaTablePartitionForOuter |
- |
|
emr:ListMetastoreTypes |
- |
|
emr:ListMetricsToDisplay |
- |
|
emr:ListNodeGroupSpecs |
- |
|
emr:ListNotes |
- |
|
emr:ListOperation |
- |
|
emr:ListOperationActivity |
- |
|
emr:ListOperationStageInstanceRelation |
- |
|
emr:ListOperationTask |
- |
|
emr:ListPrivateZones |
- |
|
emr:ListRamRole |
- |
|
emr:ListRamUsers |
- |
|
emr:ListRdsDatabase |
- |
|
emr:ListRdsInstance |
- |
|
emr:ListRegions |
- |
|
emr:ListReleaseVersions |
- |
|
emr:ListResourcePoolForAdmin |
- |
|
emr:ListScalingActivity |
- |
|
emr:ListScalingActivityV2 |
- |
|
emr:ListScalingConfigItemV2 |
- |
|
emr:ListScalingGroupV2 |
- |
|
emr:ListScalingRule |
- |
|
emr:ListScalingTaskGroup |
- |
|
emr:ListSecurityGroups |
- |
|
emr:ListServiceComponentTopology |
- |
|
emr:ListSlsProject |
- |
|
emr:ListStack |
- |
|
emr:ListStackService |
- |
|
emr:ListStreamingSqlQuery |
- |
|
emr:ListSupportedServiceName |
- |
|
emr:ListTagKeys |
- |
|
emr:ListTagValues |
- |
|
emr:ListUserStatistics |
- |
|
emr:ListVpcInfo |
- |
|
emr:ListVswitch |
- |
|
emr:MetastoreCreateDatabase |
- |
|
emr:MetastoreCreateKafkaTopic |
- |
|
emr:MetastoreCreateTable |
- |
|
emr:MetastoreDataPreview |
- |
|
emr:MetastoreDeleteKafkaTopic |
- |
|
emr:MetastoreDescribeDataSource |
- |
|
emr:MetastoreDescribeDatabase |
- |
|
emr:MetastoreDescribeKafkaConsumerGroup |
- |
|
emr:MetastoreDescribeKafkaTopic |
- |
|
emr:MetastoreDescribeTable |
- |
|
emr:MetastoreDescribeTask |
- |
|
emr:MetastoreDropDatabase |
- |
|
emr:MetastoreDropTable |
- |
|
emr:MetastoreListDataSource |
- |
|
emr:MetastoreListDataSourceForAdmin |
- |
|
emr:MetastoreListDatabases |
- |
|
emr:MetastoreListKafkaConsumerGroup |
- |
|
emr:MetastoreListKafkaTopic |
- |
|
emr:MetastoreListKafkaTopicForAdmin |
- |
|
emr:MetastoreListTablePartition |
- |
|
emr:MetastoreListTables |
- |
|
emr:MetastoreListTask |
- |
|
emr:MetastoreRetryTask |
- |
|
emr:MetastoreSearchTables |
- |
|
emr:MetastoreSync |
- |
|
emr:MetastoreUpdateKafkaTopic |
- |
|
emr:MetastoreUpdateKafkaTopicBatch |
- |
|
emr:MetastoreUpdateTable |
- |
|
emr:MigrateJobs |
- |
|
emr:ModifyAlertContact |
- |
|
emr:ModifyAlertDingDingGroup |
- |
|
emr:ModifyAlertUserGroup |
- |
|
emr:ModifyClusterMetaCollect |
- |
|
emr:ModifyClusterServiceConfig |
- |
|
emr:ModifyClusterTemplate |
- |
|
emr:ModifyExecutionPlanBasicInfo |
- |
|
emr:ModifyFlow |
- |
|
emr:ModifyFlowProject |
- |
|
emr:ModifyFlowProjectClusterSetting |
- |
|
emr:ModifyFlowProjectGeneralSetting |
- |
|
emr:ModifyFlowVariableCollection |
- |
|
emr:ModifyHealthRuleConfig |
- |
|
emr:ModifyJob |
- |
|
emr:ModifyJobExecutionPlanFolder |
- |
|
emr:ModifyJobExecutionPlanParam |
- |
|
emr:ModifyScalingConfigItemV2 |
- |
|
emr:ModifyScalingGroupV2 |
- |
|
emr:ModifyScalingRule |
- |
|
emr:ModifyServiceLdapConfig |
- |
|
emr:ModifyUserChannelInfo |
- |
|
emr:ModifyUserNote |
- |
|
emr:ModifyUserStatistics |
- |
|
emr:PassRole |
- |
|
emr:PreCheckClusterBootstrapAction |
- |
|
emr:QueryAlarmHistory |
- |
|
emr:QueryAlarmRules |
- |
|
emr:QueryClusterOrders |
- |
|
emr:QueryGrafanaData |
- |
|
emr:QueryInfoByToken |
- |
|
emr:QueryLogKey |
- |
|
emr:QueryMetricData |
- |
|
emr:QueryPrice |
- |
|
emr:QueryPriceForRenewEcs |
- |
|
emr:QuerySlsMetricData |
- |
|
emr:QueryTableData |
- |
|
emr:QueryTrendData |
- |
|
emr:QueryUserById |
- |
|
emr:RefreshBackupList |
- |
|
emr:RemoveBackupPlan |
- |
|
emr:RemoveBackupRule |
- |
|
emr:ResetSoftwarePassword |
- |
|
emr:ResetUserPassword |
- |
|
emr:RestoreBackup |
- |
|
emr:RestoreFlowEntitySnapshot |
- |
|
emr:ResumeExecutionPlanInstance |
- |
|
emr:ResumeExecutionPlanScheduler |
- |
|
emr:ResumeFlow |
- |
|
emr:RetryCreateLdapUser |
- |
|
emr:RetryCreateUserPassword |
- |
|
emr:RetryExecutionPlan |
- |
|
emr:RetryExecutionPlanInstance |
- |
|
emr:RetryOperationActivity |
- |
|
emr:RunApiTemplate |
- |
|
emr:RunDisasterRecoveryPlan |
- |
|
emr:RunDiskOpsActivity |
- |
|
emr:RunExecutionPlan |
- |
|
emr:RunNoteParagraphs |
- |
|
emr:RunParagraph |
- |
|
emr:RunScalingActionV2 |
- |
|
emr:SaveParagraph |
- |
|
emr:SaveReport |
- |
|
emr:StartFlow |
- |
|
emr:StartKafkaPreferredReplicaElection |
- |
|
emr:StopParagraph |
- |
|
emr:SuspendExecutionPlanInstance |
- |
|
emr:SuspendExecutionPlanScheduler |
- |
|
emr:SyncLdapAccounts |
- |
|
emr:UninstallLibraries |
- |
|
emr:UpdateClusterCost |
- |
|
emr:UpdateClusterMetaCollect |
- |
|
emr:UpdateDisasterRecoveryPlan |
- |
|
emr:UpdateKafkaReassignParam |
- |
|
emr:UpdateLibraryInstallTaskStatus |
- |
|
emr:UpdateNodeMaintenanceStatus |
- |
|
emr:UpgradeHistory |
- |
|
emr:UploadCostBucket |
- |
|
emr:describeOperationTask |
- |
|
emr:queryTableData |
- |
|
emr:queryTrendData |
- |
對於不支援資源群組授權的操作,授權時資源範圍選取資源群組層級將無效。如果仍需要RAM使用者有上述操作許可權,您需要建立自訂權限原則,授權時資源範圍選取帳號層級。
以下是兩個自訂權限原則樣本,您可以根據實際需要調整策略內容。
-
允許不支援資源群組層級授權的全部唯讀操作:
Action中列舉不支援資源群組層級授權的所有隻讀操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "emr:CheckDLFCatalogAuth", "emr:CheckProductActiveStatus", "emr:CheckUserBalance", "emr:CheckUserRole", "emr:CreateClusterCost", "emr:DescribeAvailableInstanceType", "emr:DescribeClusterForInternal", "emr:DescribeClusterForOuter", "emr:DescribeClusterHealth", "emr:DescribeClusterOperationHostTaskLog", "emr:DescribeClusterTemplate", "emr:DescribeDiskOpsActivity", "emr:DescribeEmrMainVersion", "emr:DescribeExecutionPlan", "emr:DescribeFlowAgentToken", "emr:DescribeFlowAgentUser", "emr:DescribeFlowEntitySnapshot", "emr:DescribeFlowNodeInstanceContainerLog", "emr:DescribeFlowProjectClusterSetting", "emr:DescribeJob", "emr:DescribeKafkaReassign", "emr:DescribeLibraryDetail", "emr:DescribeLibraryInstallTaskDetail", "emr:DescribeMetaDataSourceForOuter", "emr:DescribeMetaDatabaseForOuter", "emr:DescribeMetaTableColumnForOuter", "emr:DescribeMetaTablePartitionForOuter", "emr:DescribeMetaTablePreviewTask", "emr:DescribeMetaTablePreviewTaskForOuter", "emr:DescribeNote", "emr:DescribeOperationTask", "emr:DescribeParagraph", "emr:DescribeRdsInstance", "emr:DescribeScalingActivity", "emr:DescribeScalingCommonConfig", "emr:DescribeScalingGroupInstanceV2", "emr:DescribeScalingGroupV2", "emr:DescribeScalingMetrics", "emr:DescribeScalingRule", "emr:DescribeScalingTaskGroup", "emr:DescribeServiceConfigDefinition", "emr:DescribeServiceHealth", "emr:DescribeUserStatistics", "emr:GetApiTemplate", "emr:GetApplicationActions", "emr:GetAuditLogs", "emr:GetBackPlanInfo", "emr:GetBackupInfo", "emr:GetBackupRuleInfo", "emr:GetClusterCost", "emr:GetCostUploadSignature", "emr:GetDisasterRecoveryPlan", "emr:GetDoctorApplication", "emr:GetDoctorComputeSummary", "emr:GetDoctorHBaseCluster", "emr:GetDoctorHBaseRegion", "emr:GetDoctorHBaseRegionServer", "emr:GetDoctorHBaseTable", "emr:GetDoctorHDFSCluster", "emr:GetDoctorHDFSDirectory", "emr:GetDoctorJob", "emr:GetFlowAgentTrackStatus", "emr:GetFlowAuditLogs", "emr:GetFlowEntityRelationGraph", "emr:GetMetadataTypeList", "emr:GetPriceForCreateOnKubeCluster", "emr:GetSlsTempToken", "emr:GetSupportApplications", "emr:InnerCheckAckInstance", "emr:InnerDescribeUserAccountStatus", "emr:ListAdviceAction", "emr:ListAlertContacts", "emr:ListApplicationConfigVersions", "emr:ListBackupPlans", "emr:ListBackupRules", "emr:ListBackups", "emr:ListClusterAttach", "emr:ListClusterBootstrapActions", "emr:ListClusterCosts", "emr:ListClusterForOuter", "emr:ListClusterOperationHostTask", "emr:ListClusterTag", "emr:ListClusterTemplates", "emr:ListComponentDefaultTopologies", "emr:ListDependApplications", "emr:ListDisasterRecoveryPlans", "emr:ListDisasterRecoveryRecords", "emr:ListDiskOpsEvents", "emr:ListDoctorComputeSummary", "emr:ListDoctorHBaseRegionServers", "emr:ListDoctorHBaseTables", "emr:ListDoctorJobs", "emr:ListDoctorJobsStats", "emr:ListEmrAvailableConfig", "emr:ListEmrAvailableMetaType", "emr:ListEmrAvailableResource", "emr:ListEmrMainVersion", "emr:ListEmrMainVersionServiceGroup", "emr:ListEmrMainVersions", "emr:ListExecutePlanMigrateInfo", "emr:ListExecutionPlanInstanceTrend", "emr:ListFailureJobExecutionInstances", "emr:ListFlowClusterAllHosts", "emr:ListFlowClusterK8sNamespace", "emr:ListFlowEntitySnapshot", "emr:ListFlowProjectClusterSetting", "emr:ListFlowProjectUser", "emr:ListHealthRule", "emr:ListJobExecutionInstanceTrend", "emr:ListJobExecutionInstances", "emr:ListJobExecutionPlanHierarchy", "emr:ListJobInstanceWorkers", "emr:ListJobMigrateInfo", "emr:ListKMSKeys", "emr:ListKafkaReassign", "emr:ListKafkaReassignTopic", "emr:ListKafkaTopicStatistics", "emr:ListKeyPairNames", "emr:ListLdapUsers", "emr:ListLibraries", "emr:ListLibraryInstallTasks", "emr:ListLibraryStatus", "emr:ListLocalDiskComponentInfo", "emr:ListMetaCluster", "emr:ListMetaDataSourceForOuter", "emr:ListMetaDatabaseForOuter", "emr:ListMetaTableColumnForOuter", "emr:ListMetaTableForOuter", "emr:ListMetaTablePartitionForOuter", "emr:ListMetastoreTypes", "emr:ListMetricsToDisplay", "emr:ListNotes", "emr:ListOperation", "emr:ListOperationActivity", "emr:ListOperationStageInstanceRelation", "emr:ListOperationTask", "emr:ListPrivateZones", "emr:ListRamRole", "emr:ListRamUsers", "emr:ListRdsDatabase", "emr:ListRdsInstance", "emr:ListScalingActivity", "emr:ListScalingActivityV2", "emr:ListScalingConfigItemV2", "emr:ListScalingGroupV2", "emr:ListScalingRule", "emr:ListScalingTaskGroup", "emr:ListSecurityGroups", "emr:ListServiceComponentTopology", "emr:ListSlsProject", "emr:ListStack", "emr:ListStackService", "emr:ListStreamingSqlQuery", "emr:ListSupportedServiceName", "emr:ListTagKeys", "emr:ListTagValues", "emr:ListUserStatistics", "emr:ListVpcInfo", "emr:ListVswitch", "emr:MetastoreDataPreview", "emr:MetastoreDescribeDataSource", "emr:MetastoreDescribeDatabase", "emr:MetastoreDescribeKafkaConsumerGroup", "emr:MetastoreDescribeKafkaTopic", "emr:MetastoreDescribeTable", "emr:MetastoreDescribeTask", "emr:MetastoreListDataSource", "emr:MetastoreListDatabases", "emr:MetastoreListKafkaConsumerGroup", "emr:MetastoreListKafkaTopic", "emr:MetastoreListTablePartition", "emr:MetastoreListTables", "emr:MetastoreListTask", "emr:MetastoreSearchTables", "emr:PassRole", "emr:PreCheckClusterBootstrapAction", "emr:QueryAlarmHistory", "emr:QueryAlarmRules", "emr:QueryClusterOrders", "emr:QueryGrafanaData", "emr:QueryInfoByToken", "emr:QueryLogKey", "emr:QueryMetricData", "emr:QueryPrice", "emr:QueryPriceForRenewEcs", "emr:QuerySlsMetricData", "emr:QueryTableData", "emr:QueryTrendData", "emr:QueryUserById", "emr:UpdateClusterCost", "emr:UpgradeHistory", "emr:UploadCostBucket" ], "Resource": "*" } ] } -
允許不支援資源群組層級授權的全部操作:
Action中列舉不支援資源群組層級授權的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "emr:AttachCluster", "emr:AttachClusterForNote", "emr:AuthRealName", "emr:BindPrivateZoneVpc", "emr:CheckAssumeRole", "emr:CheckDLFCatalogAuth", "emr:CheckProductActiveStatus", "emr:CheckRenewClusterForAdmin", "emr:CheckUserBalance", "emr:CheckUserRole", "emr:CleanupFlowEntitySnapshot", "emr:CommitFlowEntitySnapshot", "emr:CommonApiWhiteList", "emr:CreateAlertContact", "emr:CreateAlertDingDingGroup", "emr:CreateAlertUserGroup", "emr:CreateBackup", "emr:CreateBackupPlan", "emr:CreateBackupRule", "emr:CreateCloudNativeCluster", "emr:CreateClusterCost", "emr:CreateClusterEni", "emr:CreateClusterTemplate", "emr:CreateClusterV2", "emr:CreateClusterV3", "emr:CreateClusterWithTemplate", "emr:CreateClusterWithTemplateForInternal", "emr:CreateDisasterRecoveryPlan", "emr:CreateExternalUsers", "emr:CreateFlowProject", "emr:CreateFlowProjectClusterSetting", "emr:CreateJob", "emr:CreateJobExecutionPlanFolder", "emr:CreateLdapUser", "emr:CreateLibrary", "emr:CreateMetaTablePreviewTask", "emr:CreateMetaTablePreviewTaskForOuter", "emr:CreateNote", "emr:CreateOnKubeCluster", "emr:CreateParagraph", "emr:CreateScalingGroupV2", "emr:CreateScalingRule", "emr:CreateUserPassword", "emr:CreateUserStatistics", "emr:CreateVerificationCode", "emr:DeleteAlertContacts", "emr:DeleteAlertDingDingGroups", "emr:DeleteAlertUserGroups", "emr:DeleteApiTemplate", "emr:DeleteApplication", "emr:DeleteClusterScript", "emr:DeleteClusterTemplate", "emr:DeleteDiagnoseReport", "emr:DeleteDisasterRecoveryPlan", "emr:DeleteExecutionPlan", "emr:DeleteFlowEditLock", "emr:DeleteFlowProject", "emr:DeleteFlowProjectById", "emr:DeleteFlowProjectClusterSetting", "emr:DeleteFlowProjectUser", "emr:DeleteJob", "emr:DeleteJobExecutionPlanFolder", "emr:DeleteJobExecutionPlanParam", "emr:DeleteLibraries", "emr:DeleteNote", "emr:DeleteParagraph", "emr:DeleteScalingRule", "emr:DeleteScalingTaskGroup", "emr:DeleteUsers", "emr:DescribeAvailableInstanceType", "emr:DescribeClusterForInternal", "emr:DescribeClusterForOuter", "emr:DescribeClusterHealth", "emr:DescribeClusterOperationHostTaskLog", "emr:DescribeClusterResourcePoolSchedulerTypeForAdmin", "emr:DescribeClusterServiceConfigForAdmin", "emr:DescribeClusterServiceConfigTagForAdmin", "emr:DescribeClusterTemplate", "emr:DescribeDiskOpsActivity", "emr:DescribeEmrMainVersion", "emr:DescribeExecutionPlan", "emr:DescribeFlowAgentToken", "emr:DescribeFlowAgentUser", "emr:DescribeFlowEntitySnapshot", "emr:DescribeFlowNodeInstanceContainerLog", "emr:DescribeFlowProjectClusterSetting", "emr:DescribeJob", "emr:DescribeKafkaReassign", "emr:DescribeLibraryDetail", "emr:DescribeLibraryInstallTaskDetail", "emr:DescribeMetaDataSourceForOuter", "emr:DescribeMetaDatabaseForOuter", "emr:DescribeMetaTableColumnForOuter", "emr:DescribeMetaTablePartitionForOuter", "emr:DescribeMetaTablePreviewTask", "emr:DescribeMetaTablePreviewTaskForOuter", "emr:DescribeNote", "emr:DescribeOperationTask", "emr:DescribeParagraph", "emr:DescribeRdsInstance", "emr:DescribeScalingActivity", "emr:DescribeScalingCommonConfig", "emr:DescribeScalingGroupInstanceV2", "emr:DescribeScalingGroupV2", "emr:DescribeScalingMetrics", "emr:DescribeScalingRule", "emr:DescribeScalingTaskGroup", "emr:DescribeServiceConfigDefinition", "emr:DescribeServiceHealth", "emr:DescribeUserStatistics", "emr:DetachAndReleaseClusterEni", "emr:DetachCluster", "emr:DetachClusterForNote", "emr:DiffFlowEntitySnapshot", "emr:DumpMetaDataSourceForOuter", "emr:EnableApplication", "emr:ExecuteFsAction", "emr:ExecuteHiveSql", "emr:ExistsUser", "emr:GetApiTemplate", "emr:GetApplicationActions", "emr:GetAuditLogs", "emr:GetBackPlanInfo", "emr:GetBackupInfo", "emr:GetBackupRuleInfo", "emr:GetClusterCost", "emr:GetCostUploadSignature", "emr:GetDisasterRecoveryPlan", "emr:GetDoctorApplication", "emr:GetDoctorComputeSummary", "emr:GetDoctorHBaseCluster", "emr:GetDoctorHBaseRegion", "emr:GetDoctorHBaseRegionServer", "emr:GetDoctorHBaseTable", "emr:GetDoctorHDFSCluster", "emr:GetDoctorHDFSDirectory", "emr:GetDoctorJob", "emr:GetFlowAgentTrackStatus", "emr:GetFlowAuditLogs", "emr:GetFlowEntityRelationGraph", "emr:GetMetadataTypeList", "emr:GetOverview", "emr:GetPriceForCreate", "emr:GetPriceForCreateOnKubeCluster", "emr:GetReleaseVersion", "emr:GetSlsTempToken", "emr:GetSupportApplications", "emr:HasRamOauthPolicy", "emr:IncreaseNodesDiskSize", "emr:InnerCheckAckInstance", "emr:InnerDescribeUserAccountStatus", "emr:InstallLibraries", "emr:KillExecutionJobInstance", "emr:KillExecutionPlanInstance", "emr:ListAdviceAction", "emr:ListAlertContacts", "emr:ListApmMetadata", "emr:ListApplicationConfigVersions", "emr:ListBackupPlans", "emr:ListBackupRules", "emr:ListBackups", "emr:ListClusterAttach", "emr:ListClusterBootstrapActions", "emr:ListClusterCosts", "emr:ListClusterForOuter", "emr:ListClusterHostComponentForAdmin", "emr:ListClusterOperationHostTask", "emr:ListClusterServiceConfigHistoryForAdmin", "emr:ListClusterTag", "emr:ListClusterTagForAdmin", "emr:ListClusterTemplates", "emr:ListClusterTypes", "emr:ListComponentDefaultTopologies", "emr:ListDependApplications", "emr:ListDisasterRecoveryPlans", "emr:ListDisasterRecoveryRecords", "emr:ListDiskOpsEvents", "emr:ListDoctorComputeSummary", "emr:ListDoctorHBaseRegionServers", "emr:ListDoctorHBaseTables", "emr:ListDoctorJobs", "emr:ListDoctorJobsStats", "emr:ListEmrAvailableConfig", "emr:ListEmrAvailableMetaType", "emr:ListEmrAvailableResource", "emr:ListEmrMainVersion", "emr:ListEmrMainVersionServiceGroup", "emr:ListEmrMainVersions", "emr:ListExecutePlanMigrateInfo", "emr:ListExecutionPlanInstanceTrend", "emr:ListFailureJobExecutionInstances", "emr:ListFeatures", "emr:ListFlowClusterAllHosts", "emr:ListFlowClusterK8sNamespace", "emr:ListFlowEntitySnapshot", "emr:ListFlowProjectClusterSetting", "emr:ListFlowProjectUser", "emr:ListGlobalConfigs", "emr:ListHealthRule", "emr:ListJobExecutionInstanceTrend", "emr:ListJobExecutionInstances", "emr:ListJobExecutionPlanHierarchy", "emr:ListJobInstanceWorkers", "emr:ListJobMigrateInfo", "emr:ListKMSKeys", "emr:ListKafkaReassign", "emr:ListKafkaReassignForAdmin", "emr:ListKafkaReassignTopic", "emr:ListKafkaTopicStatistics", "emr:ListKafkaTopicStatisticsForAdmin", "emr:ListKeyPairNames", "emr:ListLdapUsers", "emr:ListLibraries", "emr:ListLibraryInstallTasks", "emr:ListLibraryStatus", "emr:ListLocalDiskComponentInfo", "emr:ListMetaCluster", "emr:ListMetaDataSourceForOuter", "emr:ListMetaDatabaseForOuter", "emr:ListMetaTableColumnForOuter", "emr:ListMetaTableForOuter", "emr:ListMetaTablePartitionForOuter", "emr:ListMetastoreTypes", "emr:ListMetricsToDisplay", "emr:ListNodeGroupSpecs", "emr:ListNotes", "emr:ListOperation", "emr:ListOperationActivity", "emr:ListOperationStageInstanceRelation", "emr:ListOperationTask", "emr:ListPrivateZones", "emr:ListRamRole", "emr:ListRamUsers", "emr:ListRdsDatabase", "emr:ListRdsInstance", "emr:ListRegions", "emr:ListReleaseVersions", "emr:ListResourcePoolForAdmin", "emr:ListScalingActivity", "emr:ListScalingActivityV2", "emr:ListScalingConfigItemV2", "emr:ListScalingGroupV2", "emr:ListScalingRule", "emr:ListScalingTaskGroup", "emr:ListSecurityGroups", "emr:ListServiceComponentTopology", "emr:ListSlsProject", "emr:ListStack", "emr:ListStackService", "emr:ListStreamingSqlQuery", "emr:ListSupportedServiceName", "emr:ListTagKeys", "emr:ListTagValues", "emr:ListUserStatistics", "emr:ListVpcInfo", "emr:ListVswitch", "emr:MetastoreCreateDatabase", "emr:MetastoreCreateKafkaTopic", "emr:MetastoreCreateTable", "emr:MetastoreDataPreview", "emr:MetastoreDeleteKafkaTopic", "emr:MetastoreDescribeDataSource", "emr:MetastoreDescribeDatabase", "emr:MetastoreDescribeKafkaConsumerGroup", "emr:MetastoreDescribeKafkaTopic", "emr:MetastoreDescribeTable", "emr:MetastoreDescribeTask", "emr:MetastoreDropDatabase", "emr:MetastoreDropTable", "emr:MetastoreListDataSource", "emr:MetastoreListDataSourceForAdmin", "emr:MetastoreListDatabases", "emr:MetastoreListKafkaConsumerGroup", "emr:MetastoreListKafkaTopic", "emr:MetastoreListKafkaTopicForAdmin", "emr:MetastoreListTablePartition", "emr:MetastoreListTables", "emr:MetastoreListTask", "emr:MetastoreRetryTask", "emr:MetastoreSearchTables", "emr:MetastoreSync", "emr:MetastoreUpdateKafkaTopic", "emr:MetastoreUpdateKafkaTopicBatch", "emr:MetastoreUpdateTable", "emr:MigrateJobs", "emr:ModifyAlertContact", "emr:ModifyAlertDingDingGroup", "emr:ModifyAlertUserGroup", "emr:ModifyClusterMetaCollect", "emr:ModifyClusterServiceConfig", "emr:ModifyClusterTemplate", "emr:ModifyExecutionPlanBasicInfo", "emr:ModifyFlow", "emr:ModifyFlowProject", "emr:ModifyFlowProjectClusterSetting", "emr:ModifyFlowProjectGeneralSetting", "emr:ModifyFlowVariableCollection", "emr:ModifyHealthRuleConfig", "emr:ModifyJob", "emr:ModifyJobExecutionPlanFolder", "emr:ModifyJobExecutionPlanParam", "emr:ModifyScalingConfigItemV2", "emr:ModifyScalingGroupV2", "emr:ModifyScalingRule", "emr:ModifyServiceLdapConfig", "emr:ModifyUserChannelInfo", "emr:ModifyUserNote", "emr:ModifyUserStatistics", "emr:PassRole", "emr:PreCheckClusterBootstrapAction", "emr:QueryAlarmHistory", "emr:QueryAlarmRules", "emr:QueryClusterOrders", "emr:QueryGrafanaData", "emr:QueryInfoByToken", "emr:QueryLogKey", "emr:QueryMetricData", "emr:QueryPrice", "emr:QueryPriceForRenewEcs", "emr:QuerySlsMetricData", "emr:QueryTableData", "emr:QueryTrendData", "emr:QueryUserById", "emr:RefreshBackupList", "emr:RemoveBackupPlan", "emr:RemoveBackupRule", "emr:ResetSoftwarePassword", "emr:ResetUserPassword", "emr:RestoreBackup", "emr:RestoreFlowEntitySnapshot", "emr:ResumeExecutionPlanInstance", "emr:ResumeExecutionPlanScheduler", "emr:ResumeFlow", "emr:RetryCreateLdapUser", "emr:RetryCreateUserPassword", "emr:RetryExecutionPlan", "emr:RetryExecutionPlanInstance", "emr:RetryOperationActivity", "emr:RunApiTemplate", "emr:RunDisasterRecoveryPlan", "emr:RunDiskOpsActivity", "emr:RunExecutionPlan", "emr:RunNoteParagraphs", "emr:RunParagraph", "emr:RunScalingActionV2", "emr:SaveParagraph", "emr:SaveReport", "emr:StartFlow", "emr:StartKafkaPreferredReplicaElection", "emr:StopParagraph", "emr:SuspendExecutionPlanInstance", "emr:SuspendExecutionPlanScheduler", "emr:SyncLdapAccounts", "emr:UninstallLibraries", "emr:UpdateClusterCost", "emr:UpdateClusterMetaCollect", "emr:UpdateDisasterRecoveryPlan", "emr:UpdateKafkaReassignParam", "emr:UpdateLibraryInstallTaskStatus", "emr:UpdateNodeMaintenanceStatus", "emr:UpgradeHistory", "emr:UploadCostBucket", "emr:describeOperationTask", "emr:queryTableData", "emr:queryTrendData" ], "Resource": "*" } ] }
獲得帳號層級許可權的RAM使用者或RAM角色,能夠操作整個帳號範圍內的相關資源。請務必確認所授與權限是否符合預期,遵從最小授權原則謹慎分配許可權。
常見問題
如何查看當前資源屬於哪個資源群組?
-
方式一:單擊資源名稱,進入資源的詳情頁面,即可查看到當前資源的資源群組。
-
方式二:登入資源管理主控台,單擊,在左側選擇目標資源所屬帳號(預設為當前帳號),通過篩選條件定位目標資源,即可查看其所屬資源群組。
如何查看當前產品在某個資源群組下的所有資源?
如何批量修改多個資源的資源群組?
登入資源管理主控台,單擊,在目標資源群組所在行的操作列下,單擊資源管理以進入資源管理頁面。通過篩選條件定位多個目標資源,批量勾選第一列的複選框後單擊下方轉移資源群組,並按頁面提示完成資源群組修改。