本文为您介绍DAS服务关联角色(AliyunServiceRoleForDAS)的应用场景以及如何删除服务关联角色。

背景信息

DAS服务关联角色(AliyunServiceRoleForDAS)是在某些情况下,为了很好地支持DAS自身的功能,需要获取用户其他云服务的访问权限而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色

应用场景

DAS接入用户在阿里云购买的云数据库,比如RDS、MongoDB、Redis、PolarDB等或者在阿里云ECS上自建的数据库时,通过服务关联角色功能获取访问权限。

AliyunServiceRoleForDAS介绍

角色名称:AliyunServiceRoleForDAS

角色权限策略:AliyunServiceRolePolicyForDAS

权限说明:
{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "rds:DescribeRegions",
                "rds:DescribeDBInstances",
                "rds:DescribeDatabases",
                "rds:DescribeDBInstanceNetInfo",
                "rds:DescribeDBInstanceAttribute",
                "rds:DescribeAccounts",
                "rds:DescribeDBInstanceIPArrayList",
                "rds:DescribeDBInstancePerformance",
                "rds:ModifySecurityIps",
                "rds:CreateAccount",
                "rds:GrantAccountPrivilege",
                "rds:RevokeAccountPrivilege",
                "rds:CreateDatabase",
                "rds:ModifyDBInstanceDescription",
                "rds:DescribeSlowLogRecords",
                "rds:DescribeSlowLogs",
                "rds:DescribeResourceUsage",
                "rds:DescribeSQLCollectorPolicy",
                "rds:ModifyDBInstanceSpec",
                "rds:DescribeTasks",
                "rds:DescribeTaskIdByRequestID",
                "rds:ModifyDBNodeClass",
                "rds:DescribeParameters",
                "rds:ModifyParameter",
                "rds:DescribeBackups",
                "rds:CloneDBInstance",
                "rds:DescribeLocalAvailableRecoveryTime"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "vpc:DescribeVpcs",
                "vpc:DescribePhysicalConnections",
                "vpc:DescribeVpnGateways",
                "vpc:DescribeRouterInterfaces",
                "vpc:DescribeVirtualBorderRouters",
                "vpc:DescribeVSwitches",
                "vpc:DescribeVSwitchAttributes",
                "vpc:ModifyVSwitchAttribute"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ecs:DescribeInstances",
                "ecs:DescribeInstanceAttribute",
                "ecs:DescribeInstanceStatus",
                "ecs:DescribeInstanceMonitorData",
                "ecs:DescribeSecurityGroups",
                "ecs:JoinSecurityGroup",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:AuthorizeSecurityGroup",
                "ecs:RevokeSecurityGroup",
                "ecs:DescribeDisks",
                "ecs:RunInstances",
                "ecs:CreateSecurityGroup",
                "ecs:DescribeAvailableResource",
                "ecs:DescribeImages"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "kvstore:DescribeCacheAnalysisReport",
                "kvstore:DescribeCacheAnalysisReportList",
                "kvstore:CreateCacheAnalysisTask",
                "kvstore:DescribeAccounts",
                "kvstore:CreateAccount",
                "kvstore:DescribeRegions",
                "kvstore:DescribeInstances",
                "kvstore:DescribeInstanceAttribute",
                "kvstore:DescribeHistoryMonitorValues",
                "kvstore:DescribeMonitorItems",
                "kvstore:VerifyPassword",
                "kvstore:DescribeSecurityIps",
                "kvstore:ModifySecurityIps",
                "kvstore:ModifyInstanceAttribute",
                "kvstore:ModifyInstanceSpec",
                "kvstore:AddShardingNode",
                "kvstore:DeleteShardingNode",
                "kvstore:DescribeRoleZoneInfo",
                "kvstore:EnableAdditionalBandwidth",
                "kvstore:RenewAdditionalBandwidth",
                "kvstore:DescribeIntranetAttribute",
                "kvstore:DescribeClusterMemberInfo",
                "kvstore:DescribeAuditLogConfig",
                "kvstore:DescribeAuditRecords",
                "kvstore:DescribeRunningLogRecords",
                "kvstore:DescribeSlowLogRecords"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "dts:DescribeMigrationJobs",
                "dts:DescribeMigrationJobDetail",
                "dts:DescribeMigrationJobStatus",
                "dts:CreateMigrationJob",
                "dts:ConfigureMigrationJob",
                "dts:SuspendMigrationJob",
                "dts:StartMigrationJob",
                "dts:StopMigrationJob",
                "dts:DeleteMigrationJob",
                "dts:DescribeSynchronizationJobs",
                "dts:DescribeSynchronizationJobStatus",
                "dts:CreateSynchronizationJob",
                "dts:ConfigureSynchronizationJob",
                "dts:SuspendSynchronizationJob",
                "dts:StartSynchronizationJob",
                "dts:DeleteSynchronizationJob",
                "dts:DescribeObjectModifyStatus",
                "dts:ModifySynchronizationObject",
                "dts:ResetSynchronizationJob"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "pvtz:DescribeUserServiceStatus",
                "pvtz:DescribeZones",
                "pvtz:DescribeZoneRecords",
                "pvtz:UpdateZoneRecord"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "dds:DescribeDBInstances",
                "dds:DescribeReplicaSetRole",
                "dds:DescribeDBInstanceAttribute",
                "dds:DescribeRegions",
                "dds:DescribeDBInstancePerformance",
                "dds:DescribeSecurityIps",
                "dds:ModifyDBInstanceDescription",
                "dds:ModifySecurityIps",
                "dds:DescribeShardingNetworkAddress",
                "dds:DescribeSlowLogRecords",
                "dds:DescribeRunningLogRecords",
                "dds:DescribeErrorLogList"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "cms:QueryContactGroup",
                "cms:QueryContact"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "polardb:DescribeDBClusters",
                "polardb:DescribeRegions",
                "polardb:DescribeDBClusterAttribute",
                "polardb:ModifyDBNodeClass",
                "polardb:DescribeDBClusterAvailableResources",
                "polardb:CreateDBNodes",
                "polardb:DeleteDBNodes",
                "polardb:DescribeBackups",
                "polardb:CreateDBCluster",
                "polardb:DescribeDBClusterParameters"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "hdm.aliyuncs.com"
                }
            }
        }
    ]
}

删除服务关联角色

如果您需要删除服务关联角色(AliyunServiceRoleForDAS),请参见删除服务关联角色