全部产品
Search
文档中心

容器服务 Kubernetes 版 ACK:ACK One服务角色策略内容

更新时间:Jan 15, 2025

服务角色是某个云服务在某些情况下,为了完成自身的某个功能,需要获取其他云服务的访问权限而提供的RAM角色。您需要为ACK One服务账号授予对应的服务角色才能正常使用ACK One功能。本文为您介绍ACK One支持的服务角色以及角色的策略内容。

授权操作

首次使用ACK One服务时需要授权,使用阿里云账号(主账号)或者RAM管理员账号(子账号)授权一次即可。

服务角色无需手动创建,首次使用ACK One控制台,界面会自动弹出授权提示,您只需按提示操作即可完成授权。

重要

仅阿里云账号(主账号)或RAM管理员账号可以完成自动授权,普通RAM用户没有授权操作的权限。如果系统提示权限不足,请将账号切换到阿里云(主账号)或RAM管理员账号完成授权。

服务关联角色

角色名称

角色权限说明

AliyunCSDefaultRole

  • ACK One在集群管控操作中使用该角色访问您在ECS、VPC、SLB、ROS、ESS等服务中的资源。

  • 必须授予该角色的权限,授权后才能正常使用ACK One功能。

AliyunServiceRoleForAdcp

  • ACK One在集群管控操作中使用该角色访问您在ECS、VPC、SLB等相关云服务中的资源。

  • 必须授予该角色的权限,授权后才能正常使用ACK One功能。

AliyunAdcpServerlessKubernetesRole

  • ACK One多集群舰队和分布式工作流Argo集群需要使用该角色,访问VPC、ECS、PrivateZone、ECI、SLS等服务中的资源。

  • 必须授予该角色的权限,授权后才能正常使用ACK One功能。

AliyunAdcpManagedMseRole

  • ACK One多集群舰队需要使用该角色访问MSE等服务中的资源。

  • 该角色权限仅在使用多集群网关功能时需要授权,未授权不影响其他功能使用。

AliyunCSManagedKubernetesRole

ACK One多集群舰队需要使用该角色访问ACK服务的资源。

AliyunCSManagedLogRole

ACK One中日志组件使用此角色来访问您在其他云产品中的资源。

AliyunCSManagedCmsRole

ACK One 中的CMS组件使用此角色来访问您在其他云产品中的资源。

AliyunCSManagedArmsRole

ACK One中的Arms插件使用此角色来访问您在其他云产品中的资源。

角色策略内容

AliyunServiceRoleForAdcp

ECS相关权限

  • ecs:CreateSecurityGroup

  • ecs:CreateSecurityGroupPermissions

  • ecs:DeleteSecurityGroup

  • ecs:DescribeAccountAttributes

  • ecs:DescribeSecurityGroups

  • ecs:AuthorizeSecurityGroup

  • ecs:RevokeSecurityGroup

  • ecs:AuthorizeSecurityGroupEgress

  • ecs:RevokeSecurityGroupEgress

  • ecs:DescribeNetworkInterfaces

  • ecs:DescribeZones

VPC相关权限

  • vpc:DescribeVpcAttribute

  • vpc:DescribeVSwitchAttributes

  • vpc:AllocateEipAddress

  • vpc:AssociateEipAddress

  • vpc:UnassociateEipAddress

  • vpc:ReleaseEipAddress

  • vpc:DescribeEipAddresses

  • vpc:TagResources

  • vpc:DeletionProtection

  • vpc:DescribeRouteTableList

  • vpc:CreateRouteEntry

  • vpc:DeleteeRouteEntry

  • vpc:AcceptVpcPeerConnection

  • vpc:GetVpcPeerConnectionAttribute

  • vpc:DescribeVSwitches

  • vpc:DescribeVpcs

CEN相关权限

  • cen:DescribeCenAttachedChildInstances

  • cen:DescribeCens

SLB相关权限

  • slb:DescribeLoadBalancerAttribute

  • slb:CreateLoadBalancer

  • slb:DeleteLoadBalancer

  • slb:StartLoadBalancerListener

  • slb:StopLoadBalancerListener

  • slb:CreateLoadBalancerTCPListener

  • slb:CreateLoadBalancerHTTPListener

  • slb:DeleteLoadBalancerListener

  • slb:AddTags

  • slb:RemoveTags

  • slb:SetLoadBalancerDeleteProtection

  • slb:SetLoadBalancerModificationProtection

  • slb:DescribeZones

  • slb:CreateAccessControlList

  • slb:DescribeAccessControlLists

  • slb:AddAccessControlListEntry

  • slb:RemoveAccessControlListEntry

  • slb:SetLoadBalancerTCPListenerAttribute

服务网格相关权限

  • servicemesh:CreateServiceMesh

  • servicemesh:DeleteServiceMesh

  • servicemesh:DescribeServiceMeshDetail

  • servicemesh:DescribeServiceMeshes

  • servicemesh:DescribeServiceMeshKubeconfig

  • servicemesh:DescribeServiceMeshLogs

  • servicemesh:ModifyServiceMesh

  • servicemesh:ModifyServiceMeshName

  • servicemesh:DescribeClustersInServiceMesh

  • servicemesh:AddClusterIntoServiceMesh

  • servicemesh:RemoveClusterFromServiceMesh

  • servicemesh:UpdateMeshFeature

  • servicemesh:DescribeRegions

  • servicemesh:DescribeServiceMeshUpgradeStatus

  • servicemesh:DescribeVersions

  • servicemesh:RevokeKubeconfig

  • servicemesh:UpdateServiceMeshOwner

RAM相关权限

  • ram:CreateApplication

  • ram:ListApplications

  • ram:ListAppSecretIds

  • ram:GetApplication

  • ram:UpdateApplication

  • ram:CreateAppSecret

  • ram:GetAppSecret

  • ram:DeleteApplication

  • ram:DeleteAppSecret

  • ram:CreateApplication

  • ram:ListApplications

  • ram:ListAppSecretIds

  • ram:CreateServiceLinkedRole

ARMS相关权限

  • arms:InstallManagedPrometheus

  • arms:UninstallManagedPrometheus

AliyunAdcpServerlessKubernetesRole

VPC相关权限

  • vpc:DescribeVSwitches

  • vpc:DescribeVpcs

  • vpc:AssociateEipAddress

  • vpc:DescribeEipAddresses

  • vpc:AllocateEipAddress

  • vpc:ReleaseEipAddress

  • vpc:AddCommonBandwidthPackageIp

  • vpc:RemoveCommonBandwidthPackageIp

ECS 相关权限

  • ecs:DescribeSecurityGroups

  • ecs:CreateNetworkInterface

  • ecs:CreateNetworkInterfacePermission

  • ecs:DescribeNetworkInterfaces

  • ecs:AttachNetworkInterface

  • ecs:DetachNetworkInterface

  • ecs:DeleteNetworkInterface

  • ecs:DeleteNetworkInterfacePermission

ARMS相关权限

  • arms:GetManagedPrometheusStatus

  • arms:InstallManagedPrometheus

  • arms:UninstallManagedPrometheus

云解析相关权限

  • pvtz:AddZone

  • pvtz:DeleteZone

  • pvtz:DescribeZones

  • pvtz:DescribeZoneInfo

  • pvtz:BindZoneVpc

  • pvtz:AddZoneRecord

  • pvtz:DeleteZoneRecord

  • pvtz:DeleteZoneRecordsByRR

  • pvtz:DescribeZoneRecordsByRR

  • pvtz:DescribeZoneRecords

ECI相关权限

  • eci:CreateContainerGroup

  • eci:DeleteContainerGroup

  • eci:DescribeContainerGroups

  • eci:DescribeContainerGroupStatus

  • eci:DescribeContainerGroupEvents

  • eci:DescribeContainerLog

  • eci:UpdateContainerGroup

  • eci:UpdateContainerGroupByTemplate

  • eci:CreateContainerGroupFromTemplate

  • eci:RestartContainerGroup

  • eci:ExportContainerGroupTemplate

  • eci:DescribeContainerGroupMetric

  • eci:DescribeMultiContainerGroupMetric

  • eci:ResizeContainerGroupVolume

  • eci:ExecContainerCommand

  • eci:CreateImageCache

  • eci:DescribeImageCaches

  • eci:DeleteImageCache

日志服务相关权限

  • log:CreateProject

  • log:GetProject

  • log:DeleteProject

  • log:CreateLogStore

  • log:GetLogStore

  • log:UpdateLogStore

  • log:DeleteLogStore

  • log:CreateConfig

  • log:UpdateConfig

  • log:GetConfig

  • log:DeleteConfig

  • log:CreateMachineGroup

  • log:UpdateMachineGroup

  • log:GetMachineGroup

  • log:DeleteMachineGroup

  • log:ApplyConfigToGroup

  • log:GetAppliedMachineGroups

  • log:GetAppliedConfigs

  • log:RemoveConfigFromMachineGroup

  • log:CreateIndex

  • log:GetIndex

  • log:UpdateIndex

  • log:DeleteIndex

  • log:CreateSavedSearch

  • log:GetSavedSearch

  • log:UpdateSavedSearch

  • log:DeleteSavedSearch

  • log:CreateDashboard

  • log:GetDashboard

  • log:UpdateDashboard

  • log:DeleteDashboard

  • log:CreateJob

  • log:GetJob

  • log:DeleteJob

  • log:PostLogStoreLogs

  • log:UpdateJob

RAM相关权限

ram:CreateServiceLinkedRole

AliyunAdcpManagedMseRole

MSE相关权限

  • mse:AddBlackWhiteList

  • mse:AddGateway

  • mse:AddServiceSource

  • mse:CreateApplication

  • mse:DeleteGateway

  • mse:DeleteServiceSource

  • mse:GetBlackWhiteList

  • mse:GetGateway

  • mse:GetGatewayDetail

  • mse:GetGatewayOption

  • mse:ListServiceSource

  • mse:ListTagResources

  • mse:ModifyLosslessRule

  • mse:TagResources

  • mse:UntagResources

  • mse:UpdateBlackWhiteList

  • mse:UpdateGatewayOption

  • mse:UpdateServiceSource

日志服务相关权限

  • log:CloseProductDataCollection

  • log:OpenProductDataCollection

  • log:GetProductDataCollection

RAM相关权限

ram:CreateServiceLinkedRole

AliyunCSManagedKubernetesRole

ECS相关权限

  • ecs:Describe*

  • ecs:CreateRouteEntry

  • ecs:DeleteRouteEntry

  • ecs:CreateNetworkInterface

  • ecs:DeleteNetworkInterface

  • ecs:CreateNetworkInterfacePermission

  • ecs:DeleteNetworkInterfacePermission

  • ecs:ModifyInstanceAttribute

  • ecs:AttachKeyPair

  • ecs:StopInstance

  • ecs:StartInstance

  • ecs:ReplaceSystemDisk

SLB相关权限

  • slb:Describe*

  • slb:CreateLoadBalancer

  • slb:DeleteLoadBalancer

  • slb:ModifyLoadBalancerInternetSpec

  • slb:RemoveBackendServers

  • slb:AddBackendServers

  • slb:RemoveTags

  • slb:AddTags

  • slb:TagResources

  • slb:UnTagResources

  • slb:ListTagResources

  • slb:StopLoadBalancerListener

  • slb:StartLoadBalancerListener

  • slb:SetLoadBalancerHTTPListenerAttribute

  • slb:SetLoadBalancerHTTPSListenerAttribute

  • slb:SetLoadBalancerTCPListenerAttribute

  • slb:SetLoadBalancerUDPListenerAttribute

  • slb:CreateLoadBalancerHTTPSListener

  • slb:CreateLoadBalancerHTTPListener

  • slb:CreateLoadBalancerTCPListener

  • slb:CreateLoadBalancerUDPListener

  • slb:DeleteLoadBalancerListener

  • slb:CreateVServerGroup

  • slb:DescribeVServerGroups

  • slb:DeleteVServerGroup

  • slb:SetVServerGroupAttribute

  • slb:DescribeVServerGroupAttribute

  • slb:ModifyVServerGroupBackendServers

  • slb:AddVServerGroupBackendServers

  • slb:ModifyLoadBalancerInstanceSpec

  • slb:ModifyLoadBalancerInternetSpec

  • slb:SetLoadBalancerModificationProtection

  • slb:SetLoadBalancerDeleteProtection

  • slb:SetLoadBalancerName

  • slb:ModifyLoadBalancerInstanceChargeType

  • slb:RemoveVServerGroupBackendServers

VPC相关权限

  • vpc:Describe*

  • vpc:DeleteRouteEntry

  • vpc:CreateRouteEntry

日志服务相关权限

  • log:CreateProject

  • log:GetProject

  • log:GetProductDataCollection

  • log:OpenProductDataCollection

  • log:CloseProductDataCollection

  • log:GetLogStoreHistogram

  • log:AnalyzeProductLog

  • log:CreateIndex

  • log:UpdateIndex

  • log:DeleteIndex

  • log:CreateLogStore

  • log:UpdateLogStore

  • log:DeleteLogStore

  • log:CreateDashboard

  • log:UpdateDashboard

  • log:DeleteDashboard

  • log:SetGeneralDataAccessConfig

ALB相关权限

  • alb:EnableLoadBalancerIpv6Internet

  • alb:DisableLoadBalancerIpv6Internet

  • alb:CreateAcl

  • alb:DeleteAcl

  • alb:ListAcls

  • alb:ListAclRelations

  • alb:AddEntriesToAcl

  • alb:AssociateAclsWithListener

  • alb:ListAclEntries

  • alb:RemoveEntriesFromAcl

  • alb:DissociateAclsFromListener

  • alb:TagResources

  • alb:UnTagResources

  • alb:ListServerGroups

  • alb:ListServerGroupServers

  • alb:AddServersToServerGroup

  • alb:RemoveServersFromServerGroup

  • alb:ReplaceServersInServerGroup

  • alb:CreateLoadBalancer

  • alb:DeleteLoadBalancer

  • alb:UpdateLoadBalancerAttribute

  • alb:UpdateLoadBalancerEdition

  • alb:EnableLoadBalancerAccessLog

  • alb:DisableLoadBalancerAccessLog

  • alb:EnableDeletionProtection

  • alb:DisableDeletionProtection

  • alb:ListLoadBalancers

  • alb:GetLoadBalancerAttribute

  • alb:ListListeners

  • alb:CreateListener

  • alb:GetListenerAttribute

  • alb:UpdateListenerAttribute

  • alb:ListListenerCertificates

  • alb:AssociateAdditionalCertificatesWithListener

  • alb:DissociateAdditionalCertificatesFromListener

  • alb:DeleteListener

  • alb:CreateRule

  • alb:DeleteRule

  • alb:UpdateRuleAttribute

  • alb:CreateRules

  • alb:UpdateRulesAttribute

  • alb:DeleteRules

  • alb:ListRules

  • alb:UpdateListenerLogConfig

  • alb:CreateServerGroup

  • alb:DeleteServerGroup

  • alb:UpdateServerGroupAttribute

  • alb:UpdateLoadBalancerAddressTypeConfig

  • alb:AttachCommonBandwidthPackageToLoadBalancer

  • alb:DetachCommonBandwidthPackageFromLoadBalancer

  • alb:UpdateServerGroupServersAttribute

  • alb:MoveResourceGroup

  • alb:ListAScripts

  • alb:CreateAScripts

  • alb:UpdateAScripts

  • alb:DeleteAScripts

  • alb:LoadBalancerJoinSecurityGroup

  • alb:LoadBalancerLeaveSecurityGroup

  • alb:DescribeZones

NLB相关权限

  • nlb:TagResources

  • nlb:UnTagResources

  • nlb:ListTagResources

  • nlb:CreateLoadBalancer

  • nlb:DeleteLoadBalancer

  • nlb:GetLoadBalancerAttribute

  • nlb:ListLoadBalancers

  • nlb:UpdateLoadBalancerAttribute

  • nlb:UpdateLoadBalancerAddressTypeConfig

  • nlb:UpdateLoadBalancerZones

  • nlb:CreateListener

  • nlb:DeleteListener

  • nlb:ListListeners

  • nlb:UpdateListenerAttribute

  • nlb:StopListener

  • nlb:StartListener

  • nlb:GetListenerAttribute

  • nlb:GetListenerHealthStatus

  • nlb:CreateServerGroup

  • nlb:DeleteServerGroup

  • nlb:UpdateServerGroupAttribute

  • nlb:AddServersToServerGroup

  • nlb:RemoveServersFromServerGroup

  • nlb:UpdateServerGroupServersAttribute

  • nlb:ListServerGroups

  • nlb:ListServerGroupServers

  • nlb:LoadBalancerLeaveSecurityGroup

  • nlb:LoadBalancerJoinSecurityGroup

  • nlb:DisableLoadBalancerIpv6Internet

  • nlb:EnableLoadBalancerIpv6Internet

  • nlb:UpdateLoadBalancerProtection

  • nlb:AttachCommonBandwidthPackageToLoadBalancer

  • nlb:DetachCommonBandwidthPackageFromLoadBalancer

  • nlb:GetJobStatus

CMS相关权限

  • cms:DescribeMetricData

  • cms:DescribeMetricLast

  • cms:DescribeMetricMetaList

  • cms:DescribeMetricTop

  • cms:QueryMetricData

  • cms:QueryMetricLast

  • cms:DescribeMetricList

  • cms:QueryMetricList

  • cms:MetricMeta

ACR相关权限

  • cr:Get*

  • cr:List*

  • cr:PullRepository

AliyunCSManagedLogRole

日志服务相关权限

  • log:CreateProject

  • log:GetProject

  • log:DeleteProject

  • log:CreateLogStore

  • log:GetLogStore

  • log:UpdateLogStore

  • log:DeleteLogStore

  • log:CreateConfig

  • log:UpdateConfig

  • log:GetConfig

  • log:DeleteConfig

  • log:CreateMachineGroup

  • log:UpdateMachineGroup

  • log:GetMachineGroup

  • log:DeleteMachineGroup

  • log:ApplyConfigToGroup

  • log:GetAppliedMachineGroups

  • log:GetAppliedConfigs

  • log:RemoveConfigFromMachineGroup

  • log:RemoveConfigFromGroup

  • log:CreateIndex

  • log:GetIndex

  • log:UpdateIndex

  • log:DeleteIndex

  • log:CreateSavedSearch

  • log:GetSavedSearch

  • log:UpdateSavedSearch

  • log:DeleteSavedSearch

  • log:CreateDashboard

  • log:GetDashboard

  • log:UpdateDashboard

  • log:DeleteDashboard

  • log:CreateJob

  • log:GetJob

  • log:DeleteJob

  • log:UpdateJob

  • log:PostLogStoreLogs

  • log:CreateSortedSubStore

  • log:GetSortedSubStore

  • log:ListSortedSubStore

  • log:UpdateSortedSubStore

  • log:DeleteSortedSubStore

  • log:CreateApp

  • log:UpdateApp

  • log:GetApp

  • log:DeleteApp

  • log:GetLogStoreLogs

  • log:TagResources

  • log:ListJobs

  • log:ListTagResources

  • log:UntagResources

  • log:CreateResourceRecord

  • log:UpdateResourceRecord

  • log:UpsertResourceRecord

  • log:GetResourceRecord

  • log:DeleteResourceRecord

  • log:ListResourceRecords

  • log:ListResources

  • log:GetResource

  • log:PutLogs

  • log:UpdateLogStoreMeteringMode

  • log:GetLogStoreMeteringMode

  • log:CreateLogtailPipelineConfig

  • log:DeleteLogtailPipelineConfig

  • log:GetLogtailPipelineConfig

  • log:UpdateLogtailPipelineConfig

  • log:ListLogtailPipelineConfig

  • log:CreateSubStore

  • cs:UpdateContactGroup

  • cs:DescribeTemplates

  • cs:DescribeTemplateAttribute

  • eventbridge:PutEvents

AliyunCSManagedCmsRole

CMS相关权限

  • cms:DescribeMonitorGroups

  • cms:DescribeMonitorGroupInstances

  • cms:CreateMonitorGroup

  • cms:DeleteMonitorGroup

  • cms:ModifyMonitorGroupInstances

  • cms:CreateMonitorGroupInstances

  • cms:DeleteMonitorGroupInstances

  • cms:TaskConfigCreate

  • cms:TaskConfigList

  • cms:DescribeMetricList

  • cms:QueryMetricList

  • cms:CreateDynamicTagGroup

  • cms:PutGroupMetricRule

  • cms:DescribeMetricRuleList

  • cms:DeleteMetricRules

  • cs:DescribeMonitorToken

  • ahas:GetSentinelAppSumMetric

  • log:GetLogStoreLogs

  • slb:DescribeMetricList

  • sls:GetLogs

  • sls:PutLogs

AliyunCSManagedArmsRole

ARMS相关权限

  • arms:CMonitorCloudInstances

  • arms:CMonitorRegister

  • arms:ConfigAgentLabel

  • arms:CreateAlertRules

  • arms:CreateAlertTemplate

  • arms:CreateApp

  • arms:CreateContact

  • arms:CreateContactGroup

  • arms:CreateDispatchRule

  • arms:CreateOrUpdateIMRobot

  • arms:CreateOrUpdateWebhookContact

  • arms:CreateProm

  • arms:CreatePrometheusAlertRule

  • arms:DeleteAlert

  • arms:DeleteAlertContact

  • arms:DeleteAlertContactGroup

  • arms:DeleteAlertRules

  • arms:DeleteAlertTemplate

  • arms:DeleteApp

  • arms:DeleteContact

  • arms:DeleteContactGroup

  • arms:DeleteContactLink

  • arms:DeleteContactMember

  • arms:DeleteDispatchRule

  • arms:DeleteIMRobot

  • arms:DeletePrometheusAlertRule

  • arms:DeleteWebhookContact

  • arms:DescribeDispatchRule

  • arms:DescribeIMRobots

  • arms:DescribePrometheusAlertRule

  • arms:DescribeWebhookContacts

  • arms:DisableAlertTemplate

  • arms:EnableAlertTemplate

  • arms:GetAlarmHistories

  • arms:GetAlert

  • arms:GetAlertEvents

  • arms:GetAlertRules

  • arms:GetAlertRulesByPage

  • arms:GetAssumeRoleCredentials

  • arms:GetCommercialStatus

  • arms:InstallEventer

  • arms:InstallManagedPrometheus

  • arms:ListActivatedAlerts

  • arms:ListAlertTemplates

  • arms:ListDashboards

  • arms:ListDispatchRule

  • arms:ListEscalationPolicies

  • arms:ListOnCallSchedules

  • arms:ListPrometheusAlertRules

  • arms:ListPrometheusAlertTemplates

  • arms:QueryAlarmHistory

  • arms:QueryAlarmName

  • arms:SaveAlert

  • arms:SaveContactGroup

  • arms:SaveContactMember

  • arms:SaveTraceAppConfig

  • arms:SearchAlarmHistories

  • arms:SearchAlertRules

  • arms:SearchContact

  • arms:SearchContactGroup

  • arms:SearchEvents

  • arms:SendTTSVerifyLink

  • arms:StartAlert

  • arms:StartAlertRule

  • arms:StopAlert

  • arms:StopAlertRule

  • arms:UninstallManagedPrometheus

  • arms:UpdateAlertRules

  • arms:UpdateAlertTemplate

  • arms:UpdateContact

  • arms:UpdateContactGroup

  • arms:UpdateContactMember

  • arms:UpdateDispatchRule

  • arms:UpdatePrometheusAlertRule

  • arms:UpgradeAddonRelease

  • arms:CheckServiceStatus

  • arms:GetClusterAllUrl

  • arms:GetClusterInfoForArms

  • arms:GetExploreUrl

  • arms:GetIntegrationState

  • arms:GetManagedPrometheusStatus

  • arms:ListAlertEvents

  • arms:QueryMetric

  • arms:QueryPromInstallStatus

  • arms:SearchAlertContactGroup

  • arms:SearchAlertHistories

  • arms:CreateAlertContact

  • arms:CreateAlertContactGroup

  • arms:ImportCustomAlertRules

  • arms:SearchAlertContact

  • arms:UpdateAlertContact

  • arms:UpdateAlertContactGroup

  • arms:UpdateAlertRule

  • arms:UpdateWebhook

  • arms:InnerFetchContactGroupByArmsContactGroupId

  • xtrace:GetToken

  • arms:ListEnvironments

  • arms:DescribeAddonRelease

  • arms:InstallAddon

  • arms:DeleteAddonRelease

  • arms:ListEnvironmentDashboards

  • arms:ListAddonReleases

  • arms:CreateEnvironment

  • arms:InitEnvironment

  • arms:DescribeEnvironment

  • arms:InstallEnvironmentFeature

  • arms:ListEnvironmentFeatures

  • arms:UpdateEnvironment

  • arms:GetPrometheusInstance

  • arms:GetPrometheusApiToken

MSE相关权限

  • mse:AddBlackWhiteList

  • mse:AddGateway

  • mse:AddServiceSource

  • mse:CreateApplication

  • mse:DeleteGateway

  • mse:GetBlackWhiteList

  • mse:GetGateway

  • mse:GetGatewayDetail

  • mse:GetGatewayOption

  • mse:ListServiceSource

  • mse:ListTagResources

  • mse:ModifyLosslessRule

  • mse:TagResources

  • mse:UntagResources

  • mse:UpdateBlackWhiteList

  • mse:UpdateGatewayOption

  • mse:UpdateServiceSource

  • mse:GetLicenseKey

  • mse:CreateGovernanceKubernetesCluster

  • mse:ReportOnePilotInfo

  • mse:GenerateAgentLogSts

  • mse:GetOpenSergoInfoByClusterId

  • mse:ListNamespaces

  • mse:ReportAppProfile

日志服务相关权限

  • log:PostLogStoreLogs

  • log:RemoteWritePrometheus

  • log:RemoteWrite

相关文档