当您使用资源组对资源进行分组管理时,可以结合访问控制(RAM),在单个阿里云账号内实现资源的隔离和精细化权限管理。本文总结了云原生数据仓库 AnalyticDB MySQL 版(AnalyticDB for MySQL)对资源组的支持情况,以及资源组级别的授权操作步骤。
-
只有支持资源组的资源类型和支持资源组级别授权的操作,资源组级别授权才能生效。
-
对于不支持资源组的资源类型,授予资源组范围的权限将无效。在选择资源范围时,请选择账号级别,进行账号级别授权。具体操作,请参见不支持资源组级别授权的操作。
资源组授权的工作原理
您可以使用资源组(Resource Group)对阿里云账号内的资源进行分组管理。例如,为不同的项目创建对应的资源组,并将资源转移到对应的组中,以便集中管理各项目的资源。更多信息,请参见什么是资源组。
在完成资源分组后,您可以为不同的RAM授权主体(RAM用户、RAM用户组或RAM角色)授予指定资源组范围的权限,从而限定这个授权主体只能管理该资源组内的资源。更多信息,请参见资源分组和授权。
这种授权方式的优点有:
-
权限精细化:确保每个身份能获得最准确的资源访问权限,避免账号下的多个项目的资源混合管理。
-
良好的扩展性:后续新增资源时,只需将其加入该资源组,RAM身份便会自动获得新资源的相应权限,无需再次授权。
为RAM用户授予资源组级别的权限
下面以RAM用户为例,介绍授予指定资源组内云原生数据仓库 AnalyticDB MySQL 版(AnalyticDB for MySQL)资源权限的操作步骤。
1. 前置步骤
2. 进行资源组级别授权
您可以通过以下任一方式进行资源组级别授权。
方式一:在资源管理控制台中授权
通过资源组的权限管理功能为指定 RAM 用户授权。详情操作可参见为RAM身份授予资源组范围的权限。
方式二:在 RAM 控制台中授权
通过RAM控制台为指定 RAM 用户进行资源组级别授权。详细操作可参见为RAM用户授权。
支持资源组的资源类型
云原生数据仓库 AnalyticDB MySQL 版(AnalyticDB for MySQL)支持资源组的资源类型如下表所示:
|
云服务 |
云服务代码 |
资源类型 |
|
云原生数据仓库 AnalyticDB MySQL 版(AnalyticDB for MySQL) |
adb |
cluster : 集群 |
|
云原生数据仓库 AnalyticDB MySQL 版(AnalyticDB for MySQL) |
adb |
dbclusterlakeversion : 湖仓版集群 |
对于暂不支持资源组的资源类型,如有需要,您可以在资源组控制台提交反馈。
不支持资源组级别授权的操作
云原生数据仓库 AnalyticDB MySQL 版(AnalyticDB for MySQL)中不支持资源组级别授权的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
adb:BindPolarDBAiEngine |
- |
|
adb:CancelActiveOperationTasks |
- |
|
adb:CancelRunningBackup |
- |
|
adb:CancelSparkWarehouseBatchSQL |
取消Spark SQL执行。 |
|
adb:CheckApsTableAvailable |
- |
|
adb:CheckFormationSchemaExists |
- |
|
adb:CheckServiceLinkedRole |
- |
|
adb:ConfigureResultExport |
配置导出的SLS 或者OSS 信息,实例级别唯一,遵循一次配置多次使用的原则。 |
|
adb:CreateAPSJob |
创建APS任务。 |
|
adb:CreateAfsAccessKey |
- |
|
adb:CreateAfsBucket |
- |
|
adb:CreateAfsCluster |
- |
|
adb:CreateAiMultimodalJob |
- |
|
adb:CreateApsCopyWorkload |
创建APS复制链路。 |
|
adb:CreateApsDatasoure |
创建APS数据源。 |
|
adb:CreateApsHiveJob |
创建APS Hive任务。 |
|
adb:CreateApsKafkaADBJob |
- |
|
adb:CreateApsKafkaHudiJob |
创建APS Kafka入湖任务。 |
|
adb:CreateApsLakehouse |
- |
|
adb:CreateApsSlsADBJob |
创建一个SLS到ADB数仓的APS链路。 |
|
adb:CreateApsSlsHudiJob |
- |
|
adb:CreateApsWebhook |
用于为指定数据库集群和任务类型创建新的Webhook。 |
|
adb:CreateBackup |
立即创建一个备份集。 |
|
adb:CreateFormationCrawler |
- |
|
adb:CreateLakeStorage |
- |
|
adb:CreateLakeStorageAuthorizations |
- |
|
adb:CreateLakeStorageBucket |
- |
|
adb:CreateMaterializedViewRecommend |
创建物化视图自动推荐任务。 |
|
adb:CreateOssSubDirectory |
OSS创建子目录。 |
|
adb:CreatePipelineJob |
- |
|
adb:CreateServiceLinkedRole |
- |
|
adb:DeleteAfsAccessKey |
- |
|
adb:DeleteAfsBucket |
- |
|
adb:DeleteAiMultimodalJob |
- |
|
adb:DeleteApsDatasoure |
删除APS数据源。 |
|
adb:DeleteApsWebhook |
用于删除指定数据库集群中的特定Webhook。 |
|
adb:DeleteApsWorkload |
- |
|
adb:DeleteBackups |
手动删除备份集。 |
|
adb:DeleteFormationCrawler |
- |
|
adb:DeleteLakeStorage |
删除湖存储。 |
|
adb:DeleteLakeStorageAuthorizations |
- |
|
adb:DeleteMaterializedView |
- |
|
adb:DeleteMaterializedViewRecommend |
删除物化视图自动推荐任务。 |
|
adb:DeletePipelineJob |
- |
|
adb:DescribeAPSADBInstances |
获取APS联邦分析ADB实例列表。 |
|
adb:DescribeApsBuckets |
- |
|
adb:DescribeApsDatasource |
查询过APS数据源详情。 |
|
adb:DescribeApsDatasources |
查询APS数据源列表。 |
|
adb:DescribeApsDirectories |
- |
|
adb:DescribeApsHiveWorkload |
查询APS Hive工作负载详情。 |
|
adb:DescribeApsJobDetail |
- |
|
adb:DescribeApsJobs |
查询APS任务列表。 |
|
adb:DescribeApsKafkaJsonLevels |
- |
|
adb:DescribeApsKafkaSchemas |
- |
|
adb:DescribeApsLakehouses |
- |
|
adb:DescribeApsMigrationWorkloads |
查询APS迁移任务工作负载列表。 |
|
adb:DescribeApsOptimizationStrategy |
- |
|
adb:DescribeApsPartitionFormatters |
- |
|
adb:DescribeApsPolarDBInstances |
- |
|
adb:DescribeApsProgress |
查询APS进度。 |
|
adb:DescribeApsResourceGroups |
获取数据同步时所用资源组的详细信息。 |
|
adb:DescribeApsSLSLatestLogs |
- |
|
adb:DescribeApsSLSPartitionFormatters |
- |
|
adb:DescribeApsSLSSchemas |
- |
|
adb:DescribeApsScaleResourceGroups |
- |
|
adb:DescribeApsSlsADBWorkload |
- |
|
adb:DescribeApsWorkload |
- |
|
adb:DescribeApsWorkloads |
- |
|
adb:DescribeAutoRenewalAttribute |
- |
|
adb:DescribeAvailableADBInstances |
- |
|
adb:DescribeAvailableResource |
调用DescribeAvailableResource接口查询指定可用区资源。 |
|
adb:DescribeChatSessionMessages |
- |
|
adb:DescribeChatSessions |
- |
|
adb:DescribeClusterAccessWhiteList |
查看指定集群的IP白名单。 |
|
adb:DescribeComputeResource |
调用DescribeComputeResource接口查询数仓版集群指定地域下的计算资源规格。 |
|
adb:DescribeDBClusterShardNumber |
- |
|
adb:DescribeEIURange |
调用DescribeEIURange接口查询数仓版集群可选择的弹性IO资源数量范围。 |
|
adb:DescribeFormationDatabricksMigrationObjects |
- |
|
adb:DescribeFormationDatabricksMigrationProgress |
- |
|
adb:DescribeHistoryEvents |
- |
|
adb:DescribeHistoryTasks |
获取历史任务记录。 |
|
adb:DescribeHistoryTasksStat |
任务中心任务统计。 |
|
adb:DescribeKmsKeys |
- |
|
adb:DescribeLLMAnswer |
- |
|
adb:DescribeLLMSimilarQuestions |
- |
|
adb:DescribeLogStoreKeys |
- |
|
adb:DescribeLoghubDetail |
- |
|
adb:DescribeMaintenanceAction |
调用DescribeMaintenanceAction接口查询运维事件的详细信息。 |
|
adb:DescribeMsgClusterIds |
- |
|
adb:DescribeMsgTopics |
- |
|
adb:DescribePolarDBAiEngines |
- |
|
adb:DescribePolarDBXToADBInstances |
- |
|
adb:DescribeResourceGroupSpec |
查询资源组规格相关信息。 |
|
adb:DescribeResultExportConfig |
获取用户配置的结果集导出信息 |
|
adb:DescribeResultExportJob |
- |
|
adb:DescribeRunningBackupJob |
- |
|
adb:DescribeSLSLogStores |
- |
|
adb:DescribeSLSProjects |
- |
|
adb:DescribeSLSRegions |
- |
|
adb:ExecuteService |
- |
|
adb:GetAiMultimodalJob |
- |
|
adb:GetApsCommonConfig |
- |
|
adb:GetApsManagedDatabases |
- |
|
adb:GetDmsDefaultWorkspace |
- |
|
adb:GetFormationCrawler |
- |
|
adb:GetLakeStorage |
获取湖存储。 |
|
adb:GetPipelineJob |
- |
|
adb:GetSparkAppAttemptLog |
查询Spark应用的重试日志。 |
|
adb:GetSparkLogAnalyzeTask |
获取Spark日志分析任务结果。 |
|
adb:GetSparkWarehouseBatchSQL |
获取Spark SQL执行结果。 |
|
adb:GrantAfsPermission |
- |
|
adb:GrantLakeStoragePermission |
- |
|
adb:KillSparkEngine |
关闭Spark SQL引擎。 |
|
adb:KillSparkLogAnalyzeTask |
终止一个Spark分析任务,返回尝试终止后的任务详情。 |
|
adb:ListAfsAccessKeys |
- |
|
adb:ListAfsBuckets |
- |
|
adb:ListAfsClusters |
- |
|
adb:ListAfsPermissions |
- |
|
adb:ListAiMultimodalJobs |
- |
|
adb:ListApsLifecycleStrategy |
- |
|
adb:ListApsOptimizationStrategy |
- |
|
adb:ListApsOptimizationTasks |
- |
|
adb:ListApsWebhook |
用于查询指定数据库集群下的Webhook配置信息。 |
|
adb:ListBackupJobs |
- |
|
adb:ListLakeStorageBuckets |
- |
|
adb:ListLakeStorages |
列取湖存储。 |
|
adb:ListPipelineJobs |
- |
|
adb:ListResultExportJobHistory |
调用ListResultExportJobHistory接口查询当前RAM用户结果集导出执行历史记录列表。 |
|
adb:ModifyActiveOperationMaintainConf |
- |
|
adb:ModifyActiveOperationTasks |
- |
|
adb:ModifyAfsCluster |
- |
|
adb:ModifyApsDatasoure |
修改APS数据源。 |
|
adb:ModifyApsHiveWorkload |
- |
|
adb:ModifyApsJob |
修改aps任务。 |
|
adb:ModifyApsKafkaADBJob |
- |
|
adb:ModifyApsSlsADBJob |
修改sls投递adb数仓任务 |
|
adb:ModifyApsWorkload |
- |
|
adb:ModifyApsWorkloadName |
修改APS工作负载名称。 |
|
adb:ModifyAutoRenewalAttribute |
- |
|
adb:ModifyDBClusterShardNumber |
- |
|
adb:ModifyDmsDefaultWorkspace |
- |
|
adb:ModifyMaintenanceAction |
调用ModifyMaintenanceAction接口修改运维事件的执行时间。 |
|
adb:ModifyMaterializedView |
修改物化视图。 |
|
adb:ModifyMaterializedViewRecommend |
修改物化视图自动推荐任务。 |
|
adb:ModifyPolarDBAiEngine |
- |
|
adb:PauseApsWorkload |
- |
|
adb:QueryFormationInstsByTaskID |
- |
|
adb:QueryFormationTaskByID |
- |
|
adb:QueryFormationTasksByType |
- |
|
adb:QueryService |
- |
|
adb:QueryTaskInfoByID |
- |
|
adb:RevokeAfsPermission |
- |
|
adb:RevokeLakeStoragePermission |
- |
|
adb:RunMaterializedViewRecommend |
- |
|
adb:StartApsJob |
启动APS任务。 |
|
adb:StartApsWorkload |
- |
|
adb:StartFormationCrawler |
- |
|
adb:StartPipelineJob |
- |
|
adb:StopAiMultimodalJob |
- |
|
adb:StopFormationCrawler |
- |
|
adb:StopPipelineJob |
- |
|
adb:SubmitResultExportJob |
调用SubmitResultExportJob接口提交SQL查询并导出结果集。 |
|
adb:SuspendApsJob |
暂停APS任务。 |
|
adb:UnbindPolarDBAiEngine |
- |
|
adb:UpdateAfsAccessKey |
- |
|
adb:UpdateApsWebhook |
用于更新指定数据库集群的Webhook配置信息。 |
|
adb:UpdateFormationCrawler |
- |
|
adb:UpdateFormationCrawlerScheduleState |
- |
|
adb:UpdateLakeStorage |
更新湖存储。 |
|
adb:UpdatePipelineJob |
- |
|
adb:createCatalog |
- |
|
adb:dropCatalog |
- |
|
adb:getCatalogObjects |
- |
对于不支持资源组授权的操作,授权时资源范围选择资源组级别将无效。如果仍需要RAM用户有上述操作权限,您需要创建自定义权限策略,授权时资源范围选择账号级别。
以下是两个自定义权限策略示例,您可以根据实际需要调整策略内容。
-
允许不支持资源组级别授权的全部只读操作:
Action中列举不支持资源组级别授权的所有只读操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "adb:CheckApsTableAvailable", "adb:CheckFormationSchemaExists", "adb:CheckServiceLinkedRole", "adb:DescribeAPSADBInstances", "adb:DescribeApsBuckets", "adb:DescribeApsDatasource", "adb:DescribeApsDatasources", "adb:DescribeApsDirectories", "adb:DescribeApsHiveWorkload", "adb:DescribeApsJobDetail", "adb:DescribeApsJobs", "adb:DescribeApsKafkaJsonLevels", "adb:DescribeApsKafkaSchemas", "adb:DescribeApsLakehouses", "adb:DescribeApsMigrationWorkloads", "adb:DescribeApsOptimizationStrategy", "adb:DescribeApsPartitionFormatters", "adb:DescribeApsPolarDBInstances", "adb:DescribeApsProgress", "adb:DescribeApsResourceGroups", "adb:DescribeApsSLSLatestLogs", "adb:DescribeApsSLSPartitionFormatters", "adb:DescribeApsSLSSchemas", "adb:DescribeApsScaleResourceGroups", "adb:DescribeApsSlsADBWorkload", "adb:DescribeApsWorkload", "adb:DescribeApsWorkloads", "adb:DescribeAutoRenewalAttribute", "adb:DescribeAvailableADBInstances", "adb:DescribeAvailableResource", "adb:DescribeChatSessionMessages", "adb:DescribeChatSessions", "adb:DescribeClusterAccessWhiteList", "adb:DescribeComputeResource", "adb:DescribeDBClusterShardNumber", "adb:DescribeEIURange", "adb:DescribeFormationDatabricksMigrationObjects", "adb:DescribeFormationDatabricksMigrationProgress", "adb:DescribeHistoryEvents", "adb:DescribeHistoryTasks", "adb:DescribeHistoryTasksStat", "adb:DescribeKmsKeys", "adb:DescribeLLMAnswer", "adb:DescribeLLMSimilarQuestions", "adb:DescribeLogStoreKeys", "adb:DescribeLoghubDetail", "adb:DescribeMaintenanceAction", "adb:DescribeMsgClusterIds", "adb:DescribeMsgTopics", "adb:DescribePolarDBAiEngines", "adb:DescribePolarDBXToADBInstances", "adb:DescribeResourceGroupSpec", "adb:DescribeResultExportConfig", "adb:DescribeResultExportJob", "adb:DescribeRunningBackupJob", "adb:DescribeSLSLogStores", "adb:DescribeSLSProjects", "adb:DescribeSLSRegions", "adb:GetAiMultimodalJob", "adb:GetApsCommonConfig", "adb:GetApsManagedDatabases", "adb:GetDmsDefaultWorkspace", "adb:GetFormationCrawler", "adb:GetLakeStorage", "adb:GetPipelineJob", "adb:GetSparkAppAttemptLog", "adb:GetSparkLogAnalyzeTask", "adb:GetSparkWarehouseBatchSQL", "adb:ListAfsAccessKeys", "adb:ListAfsBuckets", "adb:ListAfsClusters", "adb:ListAfsPermissions", "adb:ListAiMultimodalJobs", "adb:ListApsLifecycleStrategy", "adb:ListApsOptimizationStrategy", "adb:ListApsOptimizationTasks", "adb:ListApsWebhook", "adb:ListBackupJobs", "adb:ListLakeStorageBuckets", "adb:ListLakeStorages", "adb:ListPipelineJobs", "adb:ListResultExportJobHistory", "adb:SubmitResultExportJob" ], "Resource": "*" } ] } -
允许不支持资源组级别授权的全部操作:
Action中列举不支持资源组级别授权的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "adb:BindPolarDBAiEngine", "adb:CancelActiveOperationTasks", "adb:CancelRunningBackup", "adb:CancelSparkWarehouseBatchSQL", "adb:CheckApsTableAvailable", "adb:CheckFormationSchemaExists", "adb:CheckServiceLinkedRole", "adb:ConfigureResultExport", "adb:CreateAPSJob", "adb:CreateAfsAccessKey", "adb:CreateAfsBucket", "adb:CreateAfsCluster", "adb:CreateAiMultimodalJob", "adb:CreateApsCopyWorkload", "adb:CreateApsDatasoure", "adb:CreateApsHiveJob", "adb:CreateApsKafkaADBJob", "adb:CreateApsKafkaHudiJob", "adb:CreateApsLakehouse", "adb:CreateApsSlsADBJob", "adb:CreateApsSlsHudiJob", "adb:CreateApsWebhook", "adb:CreateBackup", "adb:CreateFormationCrawler", "adb:CreateLakeStorage", "adb:CreateLakeStorageAuthorizations", "adb:CreateLakeStorageBucket", "adb:CreateMaterializedViewRecommend", "adb:CreateOssSubDirectory", "adb:CreatePipelineJob", "adb:CreateServiceLinkedRole", "adb:DeleteAfsAccessKey", "adb:DeleteAfsBucket", "adb:DeleteAiMultimodalJob", "adb:DeleteApsDatasoure", "adb:DeleteApsWebhook", "adb:DeleteApsWorkload", "adb:DeleteBackups", "adb:DeleteFormationCrawler", "adb:DeleteLakeStorage", "adb:DeleteLakeStorageAuthorizations", "adb:DeleteMaterializedView", "adb:DeleteMaterializedViewRecommend", "adb:DeletePipelineJob", "adb:DescribeAPSADBInstances", "adb:DescribeApsBuckets", "adb:DescribeApsDatasource", "adb:DescribeApsDatasources", "adb:DescribeApsDirectories", "adb:DescribeApsHiveWorkload", "adb:DescribeApsJobDetail", "adb:DescribeApsJobs", "adb:DescribeApsKafkaJsonLevels", "adb:DescribeApsKafkaSchemas", "adb:DescribeApsLakehouses", "adb:DescribeApsMigrationWorkloads", "adb:DescribeApsOptimizationStrategy", "adb:DescribeApsPartitionFormatters", "adb:DescribeApsPolarDBInstances", "adb:DescribeApsProgress", "adb:DescribeApsResourceGroups", "adb:DescribeApsSLSLatestLogs", "adb:DescribeApsSLSPartitionFormatters", "adb:DescribeApsSLSSchemas", "adb:DescribeApsScaleResourceGroups", "adb:DescribeApsSlsADBWorkload", "adb:DescribeApsWorkload", "adb:DescribeApsWorkloads", "adb:DescribeAutoRenewalAttribute", "adb:DescribeAvailableADBInstances", "adb:DescribeAvailableResource", "adb:DescribeChatSessionMessages", "adb:DescribeChatSessions", "adb:DescribeClusterAccessWhiteList", "adb:DescribeComputeResource", "adb:DescribeDBClusterShardNumber", "adb:DescribeEIURange", "adb:DescribeFormationDatabricksMigrationObjects", "adb:DescribeFormationDatabricksMigrationProgress", "adb:DescribeHistoryEvents", "adb:DescribeHistoryTasks", "adb:DescribeHistoryTasksStat", "adb:DescribeKmsKeys", "adb:DescribeLLMAnswer", "adb:DescribeLLMSimilarQuestions", "adb:DescribeLogStoreKeys", "adb:DescribeLoghubDetail", "adb:DescribeMaintenanceAction", "adb:DescribeMsgClusterIds", "adb:DescribeMsgTopics", "adb:DescribePolarDBAiEngines", "adb:DescribePolarDBXToADBInstances", "adb:DescribeResourceGroupSpec", "adb:DescribeResultExportConfig", "adb:DescribeResultExportJob", "adb:DescribeRunningBackupJob", "adb:DescribeSLSLogStores", "adb:DescribeSLSProjects", "adb:DescribeSLSRegions", "adb:ExecuteService", "adb:GetAiMultimodalJob", "adb:GetApsCommonConfig", "adb:GetApsManagedDatabases", "adb:GetDmsDefaultWorkspace", "adb:GetFormationCrawler", "adb:GetLakeStorage", "adb:GetPipelineJob", "adb:GetSparkAppAttemptLog", "adb:GetSparkLogAnalyzeTask", "adb:GetSparkWarehouseBatchSQL", "adb:GrantAfsPermission", "adb:GrantLakeStoragePermission", "adb:KillSparkEngine", "adb:KillSparkLogAnalyzeTask", "adb:ListAfsAccessKeys", "adb:ListAfsBuckets", "adb:ListAfsClusters", "adb:ListAfsPermissions", "adb:ListAiMultimodalJobs", "adb:ListApsLifecycleStrategy", "adb:ListApsOptimizationStrategy", "adb:ListApsOptimizationTasks", "adb:ListApsWebhook", "adb:ListBackupJobs", "adb:ListLakeStorageBuckets", "adb:ListLakeStorages", "adb:ListPipelineJobs", "adb:ListResultExportJobHistory", "adb:ModifyActiveOperationMaintainConf", "adb:ModifyActiveOperationTasks", "adb:ModifyAfsCluster", "adb:ModifyApsDatasoure", "adb:ModifyApsHiveWorkload", "adb:ModifyApsJob", "adb:ModifyApsKafkaADBJob", "adb:ModifyApsSlsADBJob", "adb:ModifyApsWorkload", "adb:ModifyApsWorkloadName", "adb:ModifyAutoRenewalAttribute", "adb:ModifyDBClusterShardNumber", "adb:ModifyDmsDefaultWorkspace", "adb:ModifyMaintenanceAction", "adb:ModifyMaterializedView", "adb:ModifyMaterializedViewRecommend", "adb:ModifyPolarDBAiEngine", "adb:PauseApsWorkload", "adb:QueryFormationInstsByTaskID", "adb:QueryFormationTaskByID", "adb:QueryFormationTasksByType", "adb:QueryService", "adb:QueryTaskInfoByID", "adb:RevokeAfsPermission", "adb:RevokeLakeStoragePermission", "adb:RunMaterializedViewRecommend", "adb:StartApsJob", "adb:StartApsWorkload", "adb:StartFormationCrawler", "adb:StartPipelineJob", "adb:StopAiMultimodalJob", "adb:StopFormationCrawler", "adb:StopPipelineJob", "adb:SubmitResultExportJob", "adb:SuspendApsJob", "adb:UnbindPolarDBAiEngine", "adb:UpdateAfsAccessKey", "adb:UpdateApsWebhook", "adb:UpdateFormationCrawler", "adb:UpdateFormationCrawlerScheduleState", "adb:UpdateLakeStorage", "adb:UpdatePipelineJob", "adb:createCatalog", "adb:dropCatalog", "adb:getCatalogObjects" ], "Resource": "*" } ] }
获得账号级别权限的RAM用户或RAM角色,能够操作整个账号范围内的相关资源。请务必确认所授予的权限是否符合预期,遵从最小授权原则谨慎分配权限。
常见问题
如何查看当前资源属于哪个资源组?
-
方式一:单击资源名称,进入资源的详情页面,即可查看到当前资源的资源组。
-
方式二:登录资源管理控制台,单击,在左侧选择目标资源所属账号(默认为当前账号),通过筛选条件定位目标资源,即可查看其所属资源组。
如何查看当前产品在某个资源组下的所有资源?
如何批量修改多个资源的资源组?
登录资源管理控制台,单击,在目标资源组所在行的操作列下,单击资源管理以进入资源管理页面。通过筛选条件定位多个目标资源,批量勾选第一列的复选框后单击下方转移资源组,并按页面提示完成资源组修改。