全部產品
Search
文件中心

Microservices Engine:授權信息

更新時間:Jul 04, 2026

存取控制(RAM)是阿里雲提供的系統管理使用者身份與資源存取權限的服務。使用 RAM 可以讓您避免與其他使用者共用阿里雲帳號密鑰,並可按需為使用者授予最小許可權。RAM 中使用權限原則描述授權的具體內容。

本文為您介紹 為 RAM 權限原則定義的操作(Action)、資源(Resource)和條件(Condition)。 的 RAM 代碼(RamCode)為 mse,microgw ,支援的授權粒度為 RESOURCE

權限原則通用結構

權限原則支援 JSON 格式,其通用結構如下:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}        

各欄位含義如下:

  • Effect:權限原則效果。取值:Allow(允許)、Deny(拒絕)。

  • Action:授予允許或拒絕許可權的具體操作。具體資訊,請參見操作(Action)

  • Resource:受操作影響的具體對象,您可以使用資源 ARN 來描述指定資源。具體資訊,請參見資源(Resource)

  • Condition:指授權生效的條件。可選欄位。具體資訊,請參見條件(Condition)

    • Condition_operator:條件運算子,不同類型的條件對應不同的條件運算子。具體資訊,請參見權限原則基本元素

    • Condition_key:條件關鍵字。

    • Condition_value:條件關鍵字對應的值。

操作(Action)

下表是定義的操作,這些操作可以在 RAM 權限原則語句的Action元素中使用,用來授予執行該操作的許可權。下面對錶中的具體項提供說明:

  • 操作:是指具體的許可權點。

  • API:是指操作對應的 API 介面。

  • 存取層級:是指每個操作的存取層級,取值為寫入(Write)、讀取(Read)或列出(List)。

  • 資源類型:是指操作中支援授權的資源類型。具體說明如下:

    • 對於必選的資源類型,用前面加 * 表示。

    • 對於不支援資源級授權的操作,用全部資源表示。

  • 條件關鍵字:是指雲產品自身定義的條件關鍵字。該列不體現適用於任何操作的通用條件關鍵字

  • 關聯操作:是指成功執行操作所需要的其他許可權。操作者必須同時具備關聯操作的許可權,操作才能成功。

操作

API

存取層級

資源類型

條件關鍵字

關聯操作

mse:QueryZnodeDetail QueryZnodeDetail get

*All Resource

*

mse:QueryGatewayType QueryGatewayType get

*All Resource

*

mse:GetServiceList GetServiceList get

*All Resource

*

mse:GetNacosConfig GetNacosConfig get

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:FetchLosslessRuleList FetchLosslessRuleList get

*All Resource

*

mse:DeleteBlackWhiteList DeleteBlackWhiteList delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetTagsBySwimmingLaneGroupId GetTagsBySwimmingLaneGroupId get

*All Resource

*

mse:GetMseSource GetMseSource get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateSSLCert UpdateSSLCert update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListInstanceCount ListInstanceCount get

*All Resource

*

mse:ListAppBySwimmingLaneGroupTag ListAppBySwimmingLaneGroupTag get

*All Resource

*

mse:UpdateGatewayDomain UpdateGatewayDomain update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewayRouteAuth UpdateGatewayRouteAuth

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteSwimmingLane DeleteSwimmingLane delete

*All Resource

*

mse:CloneSentinelRuleFromAhas CloneSentinelRuleFromAhas create

*All Resource

*

mse:DeleteNacosConfig DeleteNacosConfig delete

*All Resource

*

mse:GetOverview GetOverview

*All Resource

*

mse:ListSSLCert ListSSLCert get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteGatewayRoute DeleteGatewayRoute delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListGatewayFlowRule ListGatewayFlowRule list

*All Resource

*

mse:UpdateConfig UpdateConfig update

*All Resource

*

mse:ImportServices ImportServices create

*All Resource

*

mse:UpdateGatewayAuthConsumerResource UpdateGatewayAuthConsumerResource update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetGatewayRouteDetail GetGatewayRouteDetail get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:QuerySwimmingLaneById QuerySwimmingLaneById get

*GovernanceNamespace

acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}

mse:UpdateIsolationRule UpdateIsolationRule update

*All Resource

*

mse:UpdateNacosInstance UpdateNacosInstance update

*All Resource

*

mse:ListGatewayAuthConsumerResource ListGatewayAuthConsumerResource

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListGatewayIsolationRule ListGatewayIsolationRule list

*All Resource

*

mse:DeleteIsolationRules DeleteIsolationRules delete

*All Resource

*

mse:DeleteCluster DeleteCluster delete

*All Resource

*

mse:DeleteSecurityGroupRule DeleteSecurityGroupRule delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewayRouteTimeout UpdateGatewayRouteTimeout update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetImportFileUrl GetImportFileUrl get

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:AddGateway AddGateway create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/*

mse:ListClusterTypes ListClusterTypes

*All Resource

*

mse:ListZkTrack ListZkTrack list

*All Resource

*

mse:UpdateMigrationTask UpdateMigrationTask update

*All Resource

*

mse:UpdateCluster UpdateCluster update

*All Resource

*

mse:DeleteGatewayAuthConsumerResource DeleteGatewayAuthConsumerResource

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewayName UpdateGatewayName update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListClusterHealthCheckTask ListClusterHealthCheckTask get

*All Resource

*

mse:TagResources TagResources update

*All Resource

*

mse:GetLocalityRule GetLocalityRule get

*All Resource

*

mse:QueryClusterInfo QueryClusterInfo get

*All Resource

*

mse:ListIsolationRules ListIsolationRules list

*All Resource

*

mse:DeleteGatewayDomain DeleteGatewayDomain delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:QueryMonitor QueryMonitor get

*All Resource

*

mse:AddAuthPolicy AddAuthPolicy update

*All Resource

*

mse:AddGatewaySlb AddGatewaySlb create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteEngineNamespace DeleteEngineNamespace delete

*All Resource

*

mse:UpdateGatewayRoute UpdateGatewayRoute update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListNacosMcpServers ListNacosMcpServers list

*All Resource

*

mse:ListEurekaServices ListEurekaServices get

*All Resource

*

mse:QueryInstancesInfo QueryInstancesInfo get

*All Resource

*

mse:GetAppMessageQueueRoute GetAppMessageQueueRoute get

*All Resource

*

mse:CreateGatewayIsolationRule CreateGatewayIsolationRule create

*All Resource

*

mse:ListZnodeChildren ListZnodeChildren list

*All Resource

*

mse:AddMigrationTask AddMigrationTask create

*All Resource

*

mse:AddAuthResource AddAuthResource create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListConfigTrack ListConfigTrack list

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:DeleteGateway DeleteGateway delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:AddGatewayRoute AddGatewayRoute create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListGateway ListGateway get

*All Resource

*

mse:CloneNacosConfig CloneNacosConfig create

*All Resource

*

mse:QueryAllSwimmingLaneGroup QueryAllSwimmingLaneGroup get

*All Resource

*

mse:UpdateNacosConfig UpdateNacosConfig update

*All Resource

*

mse:GetNacosMcpServer GetNacosMcpServer get

*All Resource

*

mse:CreateOrUpdateSwimmingLaneGroup CreateOrUpdateSwimmingLaneGroup update

*GovernanceNamespace

acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}

mse:ApplyGatewayRoute ApplyGatewayRoute update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListGatewayDomain ListGatewayDomain list

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListClusters ListClusters get

*All Resource

*

mse:CreateEngineNamespace CreateEngineNamespace create

*All Resource

*

mse:DeleteGatewayCircuitBreakerRule DeleteGatewayCircuitBreakerRule delete

*All Resource

*

mse:CreateMseServiceApplication CreateMseServiceApplication get

*All Resource

*

mse:ExportZookeeperData ExportZookeeperData get

*All Resource

*

mse:AddSSLCert AddSSLCert create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateMessageQueueRoute UpdateMessageQueueRoute update

*All Resource

*

mse:DeleteGatewayService DeleteGatewayService delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewayRouteWafStatus UpdateGatewayRouteWafStatus update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetGovernanceKubernetesCluster GetGovernanceKubernetesCluster get

*All Resource

*

mse:RestartCluster RestartCluster update

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

mse:GetApplicationInstanceList GetApplicationInstanceList get

*All Resource

*

mse:ListGatewayAuth ListGatewayAuth get

*All Resource

*

mse:ListGatewayRouteOnAuth ListGatewayRouteOnAuth list

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteNacosService DeleteNacosService update

*All Resource

*

mse:UpdateZooKeeperSaslUser UpdateZooKeeperSaslUser update

*All Resource

*

mse:AddZooKeeperSaslUser AddZooKeeperSaslUser create

*All Resource

*

mse:DeleteMigrationTask DeleteMigrationTask delete

*All Resource

*

mse:DeleteWebFlowRules DeleteWebFlowRules delete

*All Resource

*

mse:GetServiceListeners GetServiceListeners get

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:CreateNacosInstance CreateNacosInstance create

*All Resource

*

mse:GetNacosHistoryConfig GetNacosHistoryConfig get

*All Resource

*

mse:ListWebFlowRules ListWebFlowRules list

*All Resource

*

mse:CreateCircuitBreakerRule CreateCircuitBreakerRule create

*All Resource

*

mse:CreateNacosMcpServer CreateNacosMcpServer create

*All Resource

*

mse:UpdateNacosConfig UpdateNacosGrayConfig update

*All Resource

*

mse:ListNacosConfigs ListNacosConfigs get

*All Resource

*

mse:CreateIsolationRule CreateIsolationRule create

*All Resource

*

mse:PutClusterHealthCheckTask PutClusterHealthCheckTask

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

mse:GatewayBlackWhiteList GatewayBlackWhiteList get

*All Resource

*

mse:ListTagResources ListTagResources get

*All Resource

*

mse:QueryAllSwimmingLane QueryAllSwimmingLane get

*GovernanceNamespace

acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}

mse:CreateNacosConfig CreateNacosConfig get

*All Resource

*

mse:ListApplicationsWithTagRules ListApplicationsWithTagRules get

*All Resource

*

mse:UpdateZnode UpdateZnode update

*All Resource

*

mse:UpdateBlackWhiteList UpdateBlackWhiteList update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewayServiceCheck UpdateGatewayServiceCheck update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:QueryGovernanceKubernetesCluster QueryGovernanceKubernetesCluster get

*All Resource

*

mse:GetMseFeatureSwitch GetMseFeatureSwitch get

*All Resource

*

mse:DeletePluginConfig DeletePluginConfig delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateAcl UpdateAcl update

*All Resource

*

mse:GetNacosConfig QueryNacosGrayConfig get

*All Resource

*

mse:DeleteNacosConfigs DeleteNacosConfigs delete

*All Resource

*

mse:AddGatewayAuth AddGatewayAuth create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListGatewaySlb ListGatewaySlb get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListAnsInstances ListAnsInstances list

*All Resource

*

mse:UpdateGatewayServiceVersion UpdateGatewayServiceVersion update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListNamespaces ListNamespaces list

*All Resource

*

mse:RemoveZooKeeperSaslUser RemoveZooKeeperSaslUser delete

*All Resource

*

mse:ListGatewayCircuitBreakerRule ListGatewayCircuitBreakerRule list

*All Resource

*

mse:ListAnsServiceClusters ListAnsServiceClusters list

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:UntagResources UntagResources delete

*All Resource

*

mse:QueryClusterSpecification QueryClusterSpecification

*All Resource

*

mse:GetGatewayAuthDetail GetGatewayAuthDetail get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListExportZookeeperData ListExportZookeeperData list

*All Resource

*

mse:CreateGatewayFlowRule CreateGatewayFlowRule create

*All Resource

*

mse:CreateZnode CreateZnode create

*All Resource

*

mse:OfflineGatewayRoute OfflineGatewayRoute

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetEngineNamepace GetEngineNamepace get

*All Resource

*

mse:ListAppBySwimmingLaneGroupTags ListAppBySwimmingLaneGroupTags list

*All Resource

*

mse:ListGatewayAuthConsumer ListGatewayAuthConsumer list

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetBlackWhiteList GetBlackWhiteList get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListEngineNamespaces ListEngineNamespaces list

*All Resource

*

mse:UpdateImage UpdateImage update

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

mse:CreatePluginConfig CreatePluginConfig create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListSecurityGroupRule ListSecurityGroupRule list

*All Resource

*

mse:UpdateGatewayAuthConsumer UpdateGatewayAuthConsumer

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteAuthResource DeleteAuthResource delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:QuerySlbSpec QuerySlbSpec list

*All Resource

*

mse:QueryNamespace QueryNamespace get

*All Resource

*

mse:ListMigrationTask ListMigrationTask list

*All Resource

*

mse:ImportZookeeperData ImportZookeeperData update

*All Resource

*

mse:ModifyGovernanceKubernetesCluster ModifyGovernanceKubernetesCluster update

*All Resource

*

mse:GetPluginConfig GetPluginConfig get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListNamingTrack ListNamingTrack get

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

mse:ListGatewayZone ListGatewayZone list

*All Resource

*

mse:BindSentinelBlockFallbackDefinition BindSentinelBlockFallbackDefinition update

*GovernanceApplication

acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}/application/{#AppName}

mse:GetGatewayConfig GetGatewayConfig get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListServiceSource ListServiceSource get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:QueryConfig QueryConfig get

*All Resource

*

mse:GetGatewayDomainDetail GetGatewayDomainDetail get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListGatewayService ListGatewayService get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetZookeeperDataImportUrl GetZookeeperDataImportUrl get

*All Resource

*

mse:OrderClusterHealthCheckRiskNotice OrderClusterHealthCheckRiskNotice get

*All Resource

*

mse:ListAnsServices ListAnsServices list

*All Resource

*

mse:DeleteGatewaySlb DeleteGatewaySlb delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteGatewayAuth DeleteGatewayAuth delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListSecurityGroup ListSecurityGroup list

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateNacosService UpdateNacosService update

*All Resource

*

mse:DeleteNacosInstance DeleteNacosInstance delete

*All Resource

*

mse:GetServiceListPage GetServiceListPage get

*All Resource

*

mse:ListAuthPolicy ListAuthPolicy get

*All Resource

*

mse:RetryCluster RetryCluster update

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

mse:CreateApplication CreateApplication create

*All Resource

*

mse:UpdateGatewayRouteRetry UpdateGatewayRouteRetry update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:QueryGatewayRegion QueryGatewayRegion get

*All Resource

*

mse:ApplyTagPolicies ApplyTagPolicies update

*All Resource

*

mse:GetGatewayOption GetGatewayOption get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:CreateGatewayCircuitBreakerRule CreateGatewayCircuitBreakerRule create

*All Resource

*

mse:UpdateGatewayRouteHeaderOp UpdateGatewayRouteHeaderOp update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ImportNacosConfig ImportNacosConfig create

*All Resource

*

mse:UpdateGatewayRouteCORS UpdateGatewayRouteCORS update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewayConfig UpdateGatewayConfig update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewaySpec UpdateGatewaySpec update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetImage GetImage get

*All Resource

*

mse:DeleteGatewayServiceVersion DeleteGatewayServiceVersion delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:AddBlackWhiteList AddBlackWhiteList create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:PullServices PullServices get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:CreateCluster CreateCluster create

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/*

mse:GetGateway GetGateway get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteFlowRules DeleteFlowRules delete

*All Resource

*

mse:QueryClusterDetail QueryClusterDetail get

*All Resource

*

mse:UpdateGatewayFlowRule UpdateGatewayFlowRule update

*All Resource

*

mse:UpdateLocalityRule UpdateLocalityRule get

*All Resource

*

mse:CreateNamespace CreateNamespace get

*All Resource

*

mse:QueryClusterDiskSpecification QueryClusterDiskSpecification get

*All Resource

*

mse:UpdateGatewayRouteHTTPRewrite UpdateGatewayRouteHTTPRewrite update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:RemoveAuthPolicy RemoveAuthPolicy get

*All Resource

*

mse:UpdateGatewayCircuitBreakerRule UpdateGatewayCircuitBreakerRule update

*All Resource

*

mse:AddGatewayServiceVersion AddGatewayServiceVersion create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewayService UpdateGatewayService update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteNamespace DeleteNamespace delete

*All Resource

*

mse:DeleteNacosMcpServer DeleteNacosMcpServer delete

*All Resource

*

mse:SelectGatewaySlb SelectGatewaySlb get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:AddServiceSource AddServiceSource create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:AddGatewayAuthConsumer AddGatewayAuthConsumer create

*All Resource

*

mse:UpgradeCluster UpgradeCluster

*All Resource

*

mse:ExportNacosConfig ExportNacosConfig get

*Cluster

acs:mse:{#regionId}:{#AccountId}:instance/{#InstanceId}

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:UpdateGatewayOption UpdateGatewayOption update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListSentinelBlockFallbackDefinitions ListSentinelBlockFallbackDefinitions list

*All Resource

*

mse:DeleteGatewayFlowRule DeleteGatewayFlowRule delete

*All Resource

*

mse:CreateNacosService CreateNacosService get

*All Resource

*

mse:UpdateGatewayAuth UpdateGatewayAuth update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:EnableProxyProtocol EnableProxyProtocol update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteCircuitBreakerRules DeleteCircuitBreakerRules delete

*All Resource

*

mse:UpdatePluginConfig UpdatePluginConfig update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListListenersByIp ListListenersByIp get

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:ListEurekaInstances ListEurekaInstances get

*All Resource

*

mse:UpdateEngineNamespace UpdateEngineNamespace update

*All Resource

*

mse:UpdateFlowRule UpdateFlowRule update

*All Resource

*

mse:ListFlowRules ListFlowRules list

*All Resource

*

mse:ListListenersByConfig ListListenersByConfig get

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:AddMockRule AddMockRule

*All Resource

*

mse:DeleteGatewayAuthConsumer DeleteGatewayAuthConsumer

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateGatewayIsolationRule UpdateGatewayIsolationRule update

*All Resource

*

mse:CreateWebFlowRule CreateWebFlowRule update

*All Resource

*

mse:ListCircuitBreakerRules ListCircuitBreakerRules list

*All Resource

*

mse:DeleteSwimmingLaneGroup DeleteSwimmingLaneGroup get

*All Resource

*

mse:GetApplicationList GetApplicationList get

*All Resource

*

mse:ListNacosHistoryConfigs ListNacosHistoryConfigs get

*All Resource

*

mse:CreateSentinelBlockFallbackDefinition CreateSentinelBlockFallbackDefinition update

*All Resource

*

mse:UpdateGatewayAuthConsumerStatus UpdateGatewayAuthConsumerStatus

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateServiceSource UpdateServiceSource update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteServiceSource DeleteServiceSource delete

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListClusterVersions ListClusterVersions

*All Resource

*

mse:ListGatewayRoute ListGatewayRoute get

*All Resource

*

mse:GetLosslessRuleByApp GetLosslessRuleByApp get

*All Resource

*

mse:DeleteGatewayIsolationRule DeleteGatewayIsolationRule delete

*All Resource

*

mse:GetServiceMethodPage GetServiceMethodPage get

*All Resource

*

mse:GetGatewayAuthConsumerDetail GetGatewayAuthConsumerDetail get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateWebFlowRule UpdateWebFlowRule update

*All Resource

*

mse:UpdateGatewayServiceTrafficPolicy UpdateGatewayServiceTrafficPolicy update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:AddSecurityGroupRule AddSecurityGroupRule create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:UpdateNacosCluster UpdateNacosCluster update

*Cluster

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}

*EngineNamespace

acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}

mse:UpdateClusterSpec UpdateClusterSpec update

*All Resource

*

mse:AddGatewayDomain AddGatewayDomain create

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ModifyLosslessRule ModifyLosslessRule get

*All Resource

*

mse:ChangeResourceGroup ChangeResourceGroup update

*All Resource

*

mse:GetGatewayServiceDetail GetGatewayServiceDetail get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:EnableHttp2 EnableHttp2 update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:ListZooKeeperSaslUser ListZooKeeperSaslUser list

*All Resource

*

mse:InitializeServiceLinkRole InitializeServiceLinkRole get

*All Resource

*

mse:PreserveHeaderFormat PreserveHeaderFormat update

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:RemoveApplication RemoveApplication delete

*All Resource

*

mse:UpdateGatewayAuthConsumerResourceStatus UpdateGatewayAuthConsumerResourceStatus

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:GetPlugins GetPlugins get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:CreateOrUpdateSwimmingLane CreateOrUpdateSwimmingLane create

*GovernanceNamespace

acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}

mse:GetKubernetesSource GetKubernetesSource get

*Gateway

acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}

mse:DeleteZnode DeleteZnode delete

*All Resource

*

mse:CreateFlowRule CreateFlowRule create

*All Resource

*

mse:ListClusterConnectionTypes ListClusterConnectionTypes get

*All Resource

*

mse:UpdateCircuitBreakerRule UpdateCircuitBreakerRule update

*All Resource

*

mse:UpdateAuthPolicy UpdateAuthPolicy get

*All Resource

*

資源(Resource)

下表是定義的資源,這些資源可以在 RAM 權限原則語句的Resource元素中使用,用來授予對該資源執行具體操作的許可權。 其中,資源 ARN 是資源在阿里雲上的唯一標識。具體說明如下:

  • {#}為變數標識,需要您替換為實際值。例如:{#ramcode}需要您替換為實際的雲端服務RAM代碼。

  • *表示全部。例如:

    • {#resourceType}*時:表示全部資源。

    • {#regionId}*時:表示全部地區。

    • {#accountId}*時:表示全部阿里雲帳號。

資源類型

資源 ARN

EngineNamespace
  • acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
  • acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/*
Gateway
  • acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
  • acs:mse:{#Region}:{#AccountId}:instance/{#GatewayUniqueId}
  • acs:mse:{#regionId}:{#accountId}:instance/*
NacosConfig
  • acs:mse:*:{#accountId}:nacosconfig/{#DataId}
  • acs:mse::{#accountId}:nacosconfig/{#DataId}
GovernanceNamespace
  • acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}
  • acs:mse:{#Region}:{#AccountId}:namespace/{#Namespace}
NacosService
  • acs:mse:*:{#accountId}:nacosservice/{#ServiceName}
NacosInstance
  • acs:mse:{#regionId}:{#accountId}:nacosinstance/*
Cluster
  • acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
  • acs:mse:{#regionId}:{#accountId}:cluster/{#InstanceId}
  • acs:mse:{#regionId}:{#accountId}:instance/*
GovernanceApplication
  • acs:mse:{#Region}:{#AccountId}:namespace/{#Namespace}/application/{#AppName}
  • acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}/application/{#AppName}

條件(Condition)

未定義產品層級的條件關鍵字。如需查看適用於所有雲產品的通用條件關鍵字,請參見通用條件關鍵字

相關操作

您可以建立自訂權限原則,並將權限原則授予 RAM 使用者、RAM 使用者組或 RAM 角色。具體操作如下: