当您使用资源组对资源进行分组管理时,可以结合访问控制(RAM),在单个阿里云账号内实现资源的隔离和精细化权限管理。本文总结了E-MapReduce对资源组的支持情况,以及资源组级别的授权操作步骤。
-
只有支持资源组的资源类型和支持资源组级别授权的操作,资源组级别授权才能生效。
-
对于不支持资源组的资源类型,授予资源组范围的权限将无效。在选择资源范围时,请选择账号级别,进行账号级别授权。具体操作,请参见不支持资源组级别授权的操作。
资源组授权的工作原理
您可以使用资源组(Resource Group)对阿里云账号内的资源进行分组管理。例如,为不同的项目创建对应的资源组,并将资源转移到对应的组中,以便集中管理各项目的资源。更多信息,请参见什么是资源组。
在完成资源分组后,您可以为不同的RAM授权主体(RAM用户、RAM用户组或RAM角色)授予指定资源组范围的权限,从而限定这个授权主体只能管理该资源组内的资源。更多信息,请参见资源分组和授权。
这种授权方式的优点有:
-
权限精细化:确保每个身份能获得最准确的资源访问权限,避免账号下的多个项目的资源混合管理。
-
良好的扩展性:后续新增资源时,只需将其加入该资源组,RAM身份便会自动获得新资源的相应权限,无需再次授权。
为RAM用户授予资源组级别的权限
下面以RAM用户为例,介绍授予指定资源组内E-MapReduce资源权限的操作步骤。
1. 前置步骤
2. 进行资源组级别授权
您可以通过以下任一方式进行资源组级别授权。
方式一:在资源管理控制台中授权
通过资源组的权限管理功能为指定 RAM 用户授权。详情操作可参见为RAM身份授予资源组范围的权限。
方式二:在 RAM 控制台中授权
通过RAM控制台为指定 RAM 用户进行资源组级别授权。详细操作可参见为RAM用户授权。
支持资源组的资源类型
E-MapReduce支持资源组的资源类型如下表所示:
|
云服务 |
云服务代码 |
资源类型 |
|
E-MapReduce |
emr |
cluster : 集群 |
|
E-MapReduce |
emr |
flowproject : 项目 |
对于暂不支持资源组的资源类型,如有需要,您可以在资源组控制台提交反馈。
不支持资源组级别授权的操作
E-MapReduce中不支持资源组级别授权的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
emr:AddScalingConfigItemV2 |
- |
|
emr:AssignIpv6Addresses |
- |
|
emr:AttachClusterForNote |
- |
|
emr:AttachPubIp |
- |
|
emr:AuthRealName |
- |
|
emr:AuthorizeSecurityGroup |
- |
|
emr:BindPrivateZoneVpc |
- |
|
emr:CancelOrder |
- |
|
emr:CheckAssumeRole |
- |
|
emr:CheckDLFCatalogAuth |
- |
|
emr:CheckProductActiveStatus |
- |
|
emr:CheckRenewClusterForAdmin |
- |
|
emr:CheckUserBalance |
- |
|
emr:CheckUserRole |
- |
|
emr:CleanupFlowEntitySnapshot |
- |
|
emr:CommitFlowEntitySnapshot |
- |
|
emr:CommonApiWhiteList |
- |
|
emr:CreateAlertContact |
- |
|
emr:CreateAlertDingDingGroup |
- |
|
emr:CreateAlertUserGroup |
- |
|
emr:CreateBackup |
- |
|
emr:CreateBackupPlan |
- |
|
emr:CreateBackupRule |
- |
|
emr:CreateCloudNativeCluster |
- |
|
emr:CreateClusterBootstrapAction |
- |
|
emr:CreateClusterCost |
- |
|
emr:CreateClusterEni |
- |
|
emr:CreateClusterHostGroup |
- |
|
emr:CreateClusterTemplate |
- |
|
emr:CreateClusterV3 |
- |
|
emr:CreateClusterWithTemplate |
- |
|
emr:CreateClusterWithTemplateForInternal |
- |
|
emr:CreateDisasterRecoveryPlan |
- |
|
emr:CreateExternalUsers |
- |
|
emr:CreateFlowProject |
- |
|
emr:CreateFlowProjectClusterSetting |
- |
|
emr:CreateGateway |
- |
|
emr:CreateJob |
- |
|
emr:CreateJobExecutionPlanFolder |
- |
|
emr:CreateJobExecutionPlanParam |
- |
|
emr:CreateLibrary |
- |
|
emr:CreateMetaTablePreviewTask |
- |
|
emr:CreateMetaTablePreviewTaskForOuter |
- |
|
emr:CreateNote |
- |
|
emr:CreateOnKubeCluster |
- |
|
emr:CreateParagraph |
- |
|
emr:CreateScalingGroupV2 |
- |
|
emr:CreateUserPassword |
- |
|
emr:CreateUserStatistics |
- |
|
emr:CreateVerificationCode |
- |
|
emr:DeleteAlertContacts |
- |
|
emr:DeleteAlertDingDingGroups |
- |
|
emr:DeleteAlertUserGroups |
- |
|
emr:DeleteApiTemplate |
删除指定的API模板。 |
|
emr:DeleteClusterBootstrapAction |
- |
|
emr:DeleteClusterScript |
- |
|
emr:DeleteClusterTemplate |
- |
|
emr:DeleteDisasterRecoveryPlan |
- |
|
emr:DeleteExecutionPlan |
- |
|
emr:DeleteFlowEditLock |
- |
|
emr:DeleteFlowProject |
- |
|
emr:DeleteFlowProjectById |
- |
|
emr:DeleteFlowProjectClusterSetting |
- |
|
emr:DeleteFlowProjectUser |
- |
|
emr:DeleteJob |
- |
|
emr:DeleteJobExecutionPlanFolder |
- |
|
emr:DeleteJobExecutionPlanParam |
- |
|
emr:DeleteLibraries |
- |
|
emr:DeleteNote |
- |
|
emr:DeleteParagraph |
- |
|
emr:DeleteScalingRule |
- |
|
emr:DeleteScalingTaskGroup |
- |
|
emr:DescribeAvailableInstanceType |
- |
|
emr:DescribeClusterBindSecurityCenter |
- |
|
emr:DescribeClusterForInternal |
- |
|
emr:DescribeClusterForOuter |
- |
|
emr:DescribeClusterHealth |
- |
|
emr:DescribeClusterMetaCollect |
- |
|
emr:DescribeClusterOpLog |
- |
|
emr:DescribeClusterOperationHostTaskLog |
- |
|
emr:DescribeClusterPrometheusDataSource |
- |
|
emr:DescribeClusterResourcePoolSchedulerTypeForAdmin |
- |
|
emr:DescribeClusterServiceConfigForAdmin |
- |
|
emr:DescribeClusterServiceConfigHistory |
- |
|
emr:DescribeClusterServiceConfigTagForAdmin |
- |
|
emr:DescribeClusterTemplate |
- |
|
emr:DescribeDiskOpsActivity |
- |
|
emr:DescribeEmrMainVersion |
- |
|
emr:DescribeExecutionPlan |
- |
|
emr:DescribeFlowAgentToken |
- |
|
emr:DescribeFlowAgentUser |
- |
|
emr:DescribeFlowEntitySnapshot |
- |
|
emr:DescribeFlowProjectClusterSetting |
- |
|
emr:DescribeFlowProjectGeneralSetting |
- |
|
emr:DescribeJob |
- |
|
emr:DescribeKafkaBroker |
- |
|
emr:DescribeKafkaReassign |
- |
|
emr:DescribeLibraryDetail |
- |
|
emr:DescribeLibraryInstallTaskDetail |
- |
|
emr:DescribeMetaDataSourceForOuter |
- |
|
emr:DescribeMetaDatabaseForOuter |
- |
|
emr:DescribeMetaTableColumnForOuter |
- |
|
emr:DescribeMetaTablePartitionForOuter |
- |
|
emr:DescribeMetaTablePreviewTask |
- |
|
emr:DescribeMetaTablePreviewTaskForOuter |
- |
|
emr:DescribeNote |
- |
|
emr:DescribeOperationTask |
- |
|
emr:DescribeParagraph |
- |
|
emr:DescribeRdsInstance |
- |
|
emr:DescribeScalingActivity |
- |
|
emr:DescribeScalingCommonConfig |
- |
|
emr:DescribeScalingConfigItemV2 |
- |
|
emr:DescribeScalingGroupInstanceV2 |
- |
|
emr:DescribeScalingGroupV2 |
- |
|
emr:DescribeScalingMetrics |
- |
|
emr:DescribeScalingRule |
- |
|
emr:DescribeScalingTaskGroup |
- |
|
emr:DescribeSecurityGroupAttribute |
- |
|
emr:DescribeServiceConfigDefinition |
- |
|
emr:DescribeServiceHealth |
- |
|
emr:DescribeUserStatistics |
- |
|
emr:DetachAndReleaseClusterEni |
- |
|
emr:DetachClusterForNote |
- |
|
emr:DiffFlowEntitySnapshot |
- |
|
emr:DumpMetaDataSourceForOuter |
- |
|
emr:ExecuteFsAction |
- |
|
emr:ExecuteHiveSql |
- |
|
emr:ExistsUser |
- |
|
emr:GetApiTemplate |
获取特定API模板的详细配置信息。 |
|
emr:GetAuditLogs |
- |
|
emr:GetBackPlanInfo |
- |
|
emr:GetBackupInfo |
- |
|
emr:GetBackupRuleInfo |
- |
|
emr:GetClusterCost |
- |
|
emr:GetCostUploadSignature |
- |
|
emr:GetDisasterRecoveryPlan |
- |
|
emr:GetDoctorHDFSDirectory |
通过EMR Doctor获取集群HDFS特定目录数据分析结果,目录不超过5级。 |
|
emr:GetFlowAgentTrackStatus |
- |
|
emr:GetFlowAuditLogs |
- |
|
emr:GetFlowEntityRelationGraph |
- |
|
emr:GetJobMigrateResult |
- |
|
emr:GetMetadataTypeList |
- |
|
emr:GetOverview |
- |
|
emr:GetPriceForCreate |
- |
|
emr:GetPriceForCreateOnKubeCluster |
- |
|
emr:GetReleaseVersion |
- |
|
emr:GetScalingConfigItemV2 |
- |
|
emr:GetScalingGroupV2 |
- |
|
emr:GetSlsTempToken |
- |
|
emr:HasRamOauthPolicy |
- |
|
emr:InnerCheckAckInstance |
- |
|
emr:InnerDescribeUserAccountStatus |
- |
|
emr:InstallLibraries |
- |
|
emr:KillExecutionJobInstance |
- |
|
emr:KillExecutionPlanInstance |
- |
|
emr:ListAdviceAction |
- |
|
emr:ListApmMetadata |
- |
|
emr:ListBackupPlans |
- |
|
emr:ListBackupRules |
- |
|
emr:ListBackups |
- |
|
emr:ListClusterBootstrapActions |
- |
|
emr:ListClusterCosts |
- |
|
emr:ListClusterForAdmin |
- |
|
emr:ListClusterForOuter |
- |
|
emr:ListClusterHostComponentForAdmin |
- |
|
emr:ListClusterNode |
- |
|
emr:ListClusterNodes |
- |
|
emr:ListClusterOperationHostTask |
- |
|
emr:ListClusterOperationTask |
- |
|
emr:ListClusterServiceComponent |
- |
|
emr:ListClusterServiceConfigHistoryForAdmin |
- |
|
emr:ListClusterServiceStatusOverview |
- |
|
emr:ListClusterSupportService |
- |
|
emr:ListClusterTag |
- |
|
emr:ListClusterTagForAdmin |
- |
|
emr:ListClusterTypes |
- |
|
emr:ListComponentDefaultTopologies |
- |
|
emr:ListDependApplications |
- |
|
emr:ListDependedService |
- |
|
emr:ListDisasterRecoveryPlans |
- |
|
emr:ListDisasterRecoveryRecords |
- |
|
emr:ListDiskOpsEvents |
- |
|
emr:ListEcsInstances |
- |
|
emr:ListEmrAvailableConfig |
- |
|
emr:ListEmrAvailableMetaType |
- |
|
emr:ListEmrAvailableResource |
- |
|
emr:ListEmrMainVersion |
- |
|
emr:ListEmrMainVersionServiceGroup |
- |
|
emr:ListEmrMainVersions |
- |
|
emr:ListExecutePlanMigrateInfo |
- |
|
emr:ListExecutionPlanInstanceTrend |
- |
|
emr:ListExecutionPlanInstances |
- |
|
emr:ListExecutionPlans |
- |
|
emr:ListFailureJobExecutionInstances |
- |
|
emr:ListFeatures |
- |
|
emr:ListFlowClusterAllHosts |
- |
|
emr:ListFlowClusterK8sNamespace |
- |
|
emr:ListFlowEntitySnapshot |
- |
|
emr:ListFlowProjectClusterSetting |
- |
|
emr:ListFlowProjectUser |
- |
|
emr:ListGlobalConfigs |
- |
|
emr:ListHPHost |
- |
|
emr:ListHealthRule |
- |
|
emr:ListJobExecutionInstanceTrend |
- |
|
emr:ListJobExecutionInstances |
- |
|
emr:ListJobExecutionPlanHierarchy |
- |
|
emr:ListJobExecutionPlanParams |
- |
|
emr:ListJobInstanceWorkers |
- |
|
emr:ListJobMigrateInfo |
- |
|
emr:ListJobs |
- |
|
emr:ListKMSKeys |
- |
|
emr:ListKafkaReassign |
- |
|
emr:ListKafkaReassignForAdmin |
- |
|
emr:ListKafkaReassignTopic |
- |
|
emr:ListKafkaTopicStatistics |
- |
|
emr:ListKafkaTopicStatisticsForAdmin |
- |
|
emr:ListKeyPairNames |
- |
|
emr:ListLibraries |
- |
|
emr:ListLibraryInstallTasks |
- |
|
emr:ListLibraryStatus |
- |
|
emr:ListLocalDiskComponentInfo |
- |
|
emr:ListMetaCluster |
- |
|
emr:ListMetaDataSourceForOuter |
- |
|
emr:ListMetaDatabaseForOuter |
- |
|
emr:ListMetaTableColumnForOuter |
- |
|
emr:ListMetaTableForOuter |
- |
|
emr:ListMetaTablePartitionForOuter |
- |
|
emr:ListMetastoreTypes |
- |
|
emr:ListNodeGroupSpecs |
- |
|
emr:ListNotes |
- |
|
emr:ListOperation |
- |
|
emr:ListOperationActivity |
- |
|
emr:ListOperationStageInstanceRelation |
- |
|
emr:ListOperationTask |
- |
|
emr:ListPrivateZones |
- |
|
emr:ListRamRole |
- |
|
emr:ListRamUsers |
- |
|
emr:ListRdsDatabase |
- |
|
emr:ListRdsInstance |
- |
|
emr:ListRegions |
- |
|
emr:ListReleaseVersions |
- |
|
emr:ListRequiredService |
- |
|
emr:ListResourcePoolForAdmin |
- |
|
emr:ListScalingActivity |
- |
|
emr:ListScalingActivityV2 |
- |
|
emr:ListScalingConfigItemV2 |
- |
|
emr:ListScalingGroupV2 |
- |
|
emr:ListSecurityGroup |
- |
|
emr:ListSecurityGroups |
- |
|
emr:ListServiceComponentTopology |
- |
|
emr:ListSlsProject |
- |
|
emr:ListStack |
- |
|
emr:ListStackService |
- |
|
emr:ListStreamingSqlQuery |
- |
|
emr:ListSupportedServiceName |
- |
|
emr:ListTagKeys |
- |
|
emr:ListTagValues |
- |
|
emr:ListUserStatistics |
- |
|
emr:ListVpcInfo |
- |
|
emr:ListVswitch |
- |
|
emr:ManageUserPlatform |
- |
|
emr:MetastoreCreateDatabase |
- |
|
emr:MetastoreCreateKafkaTopic |
- |
|
emr:MetastoreCreateTable |
- |
|
emr:MetastoreDataPreview |
- |
|
emr:MetastoreDeleteKafkaTopic |
- |
|
emr:MetastoreDescribeDataSource |
- |
|
emr:MetastoreDescribeDatabase |
- |
|
emr:MetastoreDescribeKafkaConsumerGroup |
- |
|
emr:MetastoreDescribeKafkaTopic |
- |
|
emr:MetastoreDescribeTable |
- |
|
emr:MetastoreDescribeTask |
- |
|
emr:MetastoreDropDatabase |
- |
|
emr:MetastoreDropTable |
- |
|
emr:MetastoreListDataSource |
- |
|
emr:MetastoreListDataSourceForAdmin |
- |
|
emr:MetastoreListDatabases |
- |
|
emr:MetastoreListKafkaConsumerGroup |
- |
|
emr:MetastoreListKafkaTopic |
- |
|
emr:MetastoreListKafkaTopicForAdmin |
- |
|
emr:MetastoreListTablePartition |
- |
|
emr:MetastoreListTables |
- |
|
emr:MetastoreListTask |
- |
|
emr:MetastoreRetryTask |
- |
|
emr:MetastoreSearchTables |
- |
|
emr:MetastoreSync |
- |
|
emr:MetastoreUpdateKafkaTopic |
- |
|
emr:MetastoreUpdateKafkaTopicBatch |
- |
|
emr:MetastoreUpdateTable |
- |
|
emr:MigrateJobs |
- |
|
emr:ModifyAlertContact |
- |
|
emr:ModifyAlertUserGroup |
- |
|
emr:ModifyClusterBootstrapAction |
- |
|
emr:ModifyClusterEasModel |
- |
|
emr:ModifyClusterSecurityGroupRule |
- |
|
emr:ModifyClusterTemplate |
- |
|
emr:ModifyExecutionPlan |
- |
|
emr:ModifyExecutionPlanBasicInfo |
- |
|
emr:ModifyExecutionPlanClusterInfo |
- |
|
emr:ModifyExecutionPlanJobInfo |
- |
|
emr:ModifyExecutionPlanScheduleInfo |
- |
|
emr:ModifyFlowProject |
- |
|
emr:ModifyFlowProjectClusterSetting |
- |
|
emr:ModifyFlowProjectGeneralSetting |
- |
|
emr:ModifyFlowVariableCollection |
- |
|
emr:ModifyHealthRuleConfig |
- |
|
emr:ModifyJob |
- |
|
emr:ModifyJobExecutionPlanFolder |
- |
|
emr:ModifyJobExecutionPlanParam |
- |
|
emr:ModifyPrepayInstanceSpec |
- |
|
emr:ModifyScalingConfigItemV2 |
- |
|
emr:ModifyScalingGroupV2 |
- |
|
emr:ModifyScalingTaskGroup |
- |
|
emr:ModifyUserChannelInfo |
- |
|
emr:ModifyUserStatistics |
- |
|
emr:OfflineKafkaBroker |
- |
|
emr:PassRole |
- |
|
emr:PreCheckClusterBootstrapAction |
- |
|
emr:QueryInfoByToken |
- |
|
emr:QueryLogKey |
- |
|
emr:QueryPrice |
- |
|
emr:QuerySlsMetricData |
- |
|
emr:QueryTableData |
- |
|
emr:QueryTrendData |
- |
|
emr:QueryUserById |
- |
|
emr:ReassignKafka |
- |
|
emr:RefreshBackupList |
- |
|
emr:RemoveBackupPlan |
- |
|
emr:RemoveBackupRule |
- |
|
emr:RemoveScalingConfigItemV2 |
- |
|
emr:ResizeCluster |
- |
|
emr:RestoreBackup |
- |
|
emr:RestoreFlowEntitySnapshot |
- |
|
emr:ResumeExecutionPlanInstance |
- |
|
emr:ResumeExecutionPlanScheduler |
- |
|
emr:RetryCreateLdapUser |
- |
|
emr:RetryExecutionPlan |
- |
|
emr:RetryExecutionPlanInstance |
- |
|
emr:RunApiTemplate |
调用 API 模板。 |
|
emr:RunDisasterRecoveryPlan |
- |
|
emr:RunDiskOpsActivity |
- |
|
emr:RunExecutionPlan |
- |
|
emr:RunNoteParagraphs |
- |
|
emr:RunParagraph |
- |
|
emr:RunScalingActionV2 |
- |
|
emr:SaveParagraph |
- |
|
emr:StartKafkaPreferredReplicaElection |
- |
|
emr:StopParagraph |
- |
|
emr:SuspendExecutionPlanInstance |
- |
|
emr:SuspendExecutionPlanScheduler |
- |
|
emr:TerminateClusterOperation |
- |
|
emr:UninstallLibraries |
- |
|
emr:UpdateClusterCost |
- |
|
emr:UpdateDisasterRecoveryPlan |
- |
|
emr:UpdateKafkaReassignParam |
- |
|
emr:UpdateLibraryInstallTaskStatus |
- |
|
emr:UpdateNodeMaintenanceStatus |
- |
|
emr:UploadCostBucket |
- |
|
emr:describeOperationTask |
- |
|
emr:queryTableData |
- |
|
emr:queryTrendData |
- |
对于不支持资源组授权的操作,授权时资源范围选择资源组级别将无效。如果仍需要RAM用户有上述操作权限,您需要创建自定义权限策略,授权时资源范围选择账号级别。
以下是两个自定义权限策略示例,您可以根据实际需要调整策略内容。
-
允许不支持资源组级别授权的全部只读操作:
Action中列举不支持资源组级别授权的所有只读操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "emr:GetApiTemplate", "emr:GetAuditLogs", "emr:GetBackPlanInfo", "emr:GetBackupInfo", "emr:GetBackupRuleInfo", "emr:GetClusterCost", "emr:GetCostUploadSignature", "emr:GetDisasterRecoveryPlan", "emr:GetDoctorHDFSDirectory", "emr:GetFlowAgentTrackStatus", "emr:GetFlowAuditLogs", "emr:GetFlowEntityRelationGraph", "emr:GetJobMigrateResult", "emr:GetMetadataTypeList", "emr:GetOverview", "emr:GetPriceForCreate", "emr:GetPriceForCreateOnKubeCluster", "emr:GetReleaseVersion", "emr:GetScalingConfigItemV2", "emr:GetScalingGroupV2", "emr:GetSlsTempToken", "emr:ListAdviceAction", "emr:ListApmMetadata", "emr:ListBackupPlans", "emr:ListBackupRules", "emr:ListBackups", "emr:ListClusterBootstrapActions", "emr:ListClusterCosts", "emr:ListClusterForAdmin", "emr:ListClusterForOuter", "emr:ListClusterHostComponentForAdmin", "emr:ListClusterNode", "emr:ListClusterNodes", "emr:ListClusterOperationHostTask", "emr:ListClusterOperationTask", "emr:ListClusterServiceComponent", "emr:ListClusterServiceConfigHistoryForAdmin", "emr:ListClusterServiceStatusOverview", "emr:ListClusterSupportService", "emr:ListClusterTag", "emr:ListClusterTagForAdmin", "emr:ListClusterTypes", "emr:ListComponentDefaultTopologies", "emr:ListDependApplications", "emr:ListDependedService", "emr:ListDisasterRecoveryPlans", "emr:ListDisasterRecoveryRecords", "emr:ListDiskOpsEvents", "emr:ListEcsInstances", "emr:ListEmrAvailableConfig", "emr:ListEmrAvailableMetaType", "emr:ListEmrAvailableResource", "emr:ListEmrMainVersion", "emr:ListEmrMainVersionServiceGroup", "emr:ListEmrMainVersions", "emr:ListExecutePlanMigrateInfo", "emr:ListExecutionPlanInstanceTrend", "emr:ListExecutionPlanInstances", "emr:ListExecutionPlans", "emr:ListFailureJobExecutionInstances", "emr:ListFeatures", "emr:ListFlowClusterAllHosts", "emr:ListFlowClusterK8sNamespace", "emr:ListFlowEntitySnapshot", "emr:ListFlowProjectClusterSetting", "emr:ListFlowProjectUser", "emr:ListGlobalConfigs", "emr:ListHPHost", "emr:ListHealthRule", "emr:ListJobExecutionInstanceTrend", "emr:ListJobExecutionInstances", "emr:ListJobExecutionPlanHierarchy", "emr:ListJobExecutionPlanParams", "emr:ListJobInstanceWorkers", "emr:ListJobMigrateInfo", "emr:ListJobs", "emr:ListKMSKeys", "emr:ListKafkaReassign", "emr:ListKafkaReassignForAdmin", "emr:ListKafkaReassignTopic", "emr:ListKafkaTopicStatistics", "emr:ListKafkaTopicStatisticsForAdmin", "emr:ListKeyPairNames", "emr:ListLibraries", "emr:ListLibraryInstallTasks", "emr:ListLibraryStatus", "emr:ListLocalDiskComponentInfo", "emr:ListMetaCluster", "emr:ListMetaDataSourceForOuter", "emr:ListMetaDatabaseForOuter", "emr:ListMetaTableColumnForOuter", "emr:ListMetaTableForOuter", "emr:ListMetaTablePartitionForOuter", "emr:ListMetastoreTypes", "emr:ListNodeGroupSpecs", "emr:ListNotes", "emr:ListOperation", "emr:ListOperationActivity", "emr:ListOperationStageInstanceRelation", "emr:ListOperationTask", "emr:ListPrivateZones", "emr:ListRamRole", "emr:ListRamUsers", "emr:ListRdsDatabase", "emr:ListRdsInstance", "emr:ListRegions", "emr:ListReleaseVersions", "emr:ListRequiredService", "emr:ListResourcePoolForAdmin", "emr:ListScalingActivity", "emr:ListScalingActivityV2", "emr:ListScalingConfigItemV2", "emr:ListScalingGroupV2", "emr:ListSecurityGroup", "emr:ListSecurityGroups", "emr:ListServiceComponentTopology", "emr:ListSlsProject", "emr:ListStack", "emr:ListStackService", "emr:ListStreamingSqlQuery", "emr:ListSupportedServiceName", "emr:ListTagKeys", "emr:ListTagValues", "emr:ListUserStatistics", "emr:ListVpcInfo", "emr:ListVswitch", "emr:QueryInfoByToken", "emr:QueryLogKey", "emr:QueryPrice", "emr:QuerySlsMetricData", "emr:QueryTableData", "emr:QueryTrendData", "emr:QueryUserById" ], "Resource": "*" } ] } -
允许不支持资源组级别授权的全部操作:
Action中列举不支持资源组级别授权的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "emr:AddScalingConfigItemV2", "emr:AssignIpv6Addresses", "emr:AttachClusterForNote", "emr:AttachPubIp", "emr:AuthRealName", "emr:AuthorizeSecurityGroup", "emr:BindPrivateZoneVpc", "emr:CancelOrder", "emr:CheckAssumeRole", "emr:CheckDLFCatalogAuth", "emr:CheckProductActiveStatus", "emr:CheckRenewClusterForAdmin", "emr:CheckUserBalance", "emr:CheckUserRole", "emr:CleanupFlowEntitySnapshot", "emr:CommitFlowEntitySnapshot", "emr:CommonApiWhiteList", "emr:CreateAlertContact", "emr:CreateAlertDingDingGroup", "emr:CreateAlertUserGroup", "emr:CreateBackup", "emr:CreateBackupPlan", "emr:CreateBackupRule", "emr:CreateCloudNativeCluster", "emr:CreateClusterBootstrapAction", "emr:CreateClusterCost", "emr:CreateClusterEni", "emr:CreateClusterHostGroup", "emr:CreateClusterTemplate", "emr:CreateClusterV3", "emr:CreateClusterWithTemplate", "emr:CreateClusterWithTemplateForInternal", "emr:CreateDisasterRecoveryPlan", "emr:CreateExternalUsers", "emr:CreateFlowProject", "emr:CreateFlowProjectClusterSetting", "emr:CreateGateway", "emr:CreateJob", "emr:CreateJobExecutionPlanFolder", "emr:CreateJobExecutionPlanParam", "emr:CreateLibrary", "emr:CreateMetaTablePreviewTask", "emr:CreateMetaTablePreviewTaskForOuter", "emr:CreateNote", "emr:CreateOnKubeCluster", "emr:CreateParagraph", "emr:CreateScalingGroupV2", "emr:CreateUserPassword", "emr:CreateUserStatistics", "emr:CreateVerificationCode", "emr:DeleteAlertContacts", "emr:DeleteAlertDingDingGroups", "emr:DeleteAlertUserGroups", "emr:DeleteApiTemplate", "emr:DeleteClusterBootstrapAction", "emr:DeleteClusterScript", "emr:DeleteClusterTemplate", "emr:DeleteDisasterRecoveryPlan", "emr:DeleteExecutionPlan", "emr:DeleteFlowEditLock", "emr:DeleteFlowProject", "emr:DeleteFlowProjectById", "emr:DeleteFlowProjectClusterSetting", "emr:DeleteFlowProjectUser", "emr:DeleteJob", "emr:DeleteJobExecutionPlanFolder", "emr:DeleteJobExecutionPlanParam", "emr:DeleteLibraries", "emr:DeleteNote", "emr:DeleteParagraph", "emr:DeleteScalingRule", "emr:DeleteScalingTaskGroup", "emr:DescribeAvailableInstanceType", "emr:DescribeClusterBindSecurityCenter", "emr:DescribeClusterForInternal", "emr:DescribeClusterForOuter", "emr:DescribeClusterHealth", "emr:DescribeClusterMetaCollect", "emr:DescribeClusterOpLog", "emr:DescribeClusterOperationHostTaskLog", "emr:DescribeClusterPrometheusDataSource", "emr:DescribeClusterResourcePoolSchedulerTypeForAdmin", "emr:DescribeClusterServiceConfigForAdmin", "emr:DescribeClusterServiceConfigHistory", "emr:DescribeClusterServiceConfigTagForAdmin", "emr:DescribeClusterTemplate", "emr:DescribeDiskOpsActivity", "emr:DescribeEmrMainVersion", "emr:DescribeExecutionPlan", "emr:DescribeFlowAgentToken", "emr:DescribeFlowAgentUser", "emr:DescribeFlowEntitySnapshot", "emr:DescribeFlowProjectClusterSetting", "emr:DescribeFlowProjectGeneralSetting", "emr:DescribeJob", "emr:DescribeKafkaBroker", "emr:DescribeKafkaReassign", "emr:DescribeLibraryDetail", "emr:DescribeLibraryInstallTaskDetail", "emr:DescribeMetaDataSourceForOuter", "emr:DescribeMetaDatabaseForOuter", "emr:DescribeMetaTableColumnForOuter", "emr:DescribeMetaTablePartitionForOuter", "emr:DescribeMetaTablePreviewTask", "emr:DescribeMetaTablePreviewTaskForOuter", "emr:DescribeNote", "emr:DescribeOperationTask", "emr:DescribeParagraph", "emr:DescribeRdsInstance", "emr:DescribeScalingActivity", "emr:DescribeScalingCommonConfig", "emr:DescribeScalingConfigItemV2", "emr:DescribeScalingGroupInstanceV2", "emr:DescribeScalingGroupV2", "emr:DescribeScalingMetrics", "emr:DescribeScalingRule", "emr:DescribeScalingTaskGroup", "emr:DescribeSecurityGroupAttribute", "emr:DescribeServiceConfigDefinition", "emr:DescribeServiceHealth", "emr:DescribeUserStatistics", "emr:DetachAndReleaseClusterEni", "emr:DetachClusterForNote", "emr:DiffFlowEntitySnapshot", "emr:DumpMetaDataSourceForOuter", "emr:ExecuteFsAction", "emr:ExecuteHiveSql", "emr:ExistsUser", "emr:GetApiTemplate", "emr:GetAuditLogs", "emr:GetBackPlanInfo", "emr:GetBackupInfo", "emr:GetBackupRuleInfo", "emr:GetClusterCost", "emr:GetCostUploadSignature", "emr:GetDisasterRecoveryPlan", "emr:GetDoctorHDFSDirectory", "emr:GetFlowAgentTrackStatus", "emr:GetFlowAuditLogs", "emr:GetFlowEntityRelationGraph", "emr:GetJobMigrateResult", "emr:GetMetadataTypeList", "emr:GetOverview", "emr:GetPriceForCreate", "emr:GetPriceForCreateOnKubeCluster", "emr:GetReleaseVersion", "emr:GetScalingConfigItemV2", "emr:GetScalingGroupV2", "emr:GetSlsTempToken", "emr:HasRamOauthPolicy", "emr:InnerCheckAckInstance", "emr:InnerDescribeUserAccountStatus", "emr:InstallLibraries", "emr:KillExecutionJobInstance", "emr:KillExecutionPlanInstance", "emr:ListAdviceAction", "emr:ListApmMetadata", "emr:ListBackupPlans", "emr:ListBackupRules", "emr:ListBackups", "emr:ListClusterBootstrapActions", "emr:ListClusterCosts", "emr:ListClusterForAdmin", "emr:ListClusterForOuter", "emr:ListClusterHostComponentForAdmin", "emr:ListClusterNode", "emr:ListClusterNodes", "emr:ListClusterOperationHostTask", "emr:ListClusterOperationTask", "emr:ListClusterServiceComponent", "emr:ListClusterServiceConfigHistoryForAdmin", "emr:ListClusterServiceStatusOverview", "emr:ListClusterSupportService", "emr:ListClusterTag", "emr:ListClusterTagForAdmin", "emr:ListClusterTypes", "emr:ListComponentDefaultTopologies", "emr:ListDependApplications", "emr:ListDependedService", "emr:ListDisasterRecoveryPlans", "emr:ListDisasterRecoveryRecords", "emr:ListDiskOpsEvents", "emr:ListEcsInstances", "emr:ListEmrAvailableConfig", "emr:ListEmrAvailableMetaType", "emr:ListEmrAvailableResource", "emr:ListEmrMainVersion", "emr:ListEmrMainVersionServiceGroup", "emr:ListEmrMainVersions", "emr:ListExecutePlanMigrateInfo", "emr:ListExecutionPlanInstanceTrend", "emr:ListExecutionPlanInstances", "emr:ListExecutionPlans", "emr:ListFailureJobExecutionInstances", "emr:ListFeatures", "emr:ListFlowClusterAllHosts", "emr:ListFlowClusterK8sNamespace", "emr:ListFlowEntitySnapshot", "emr:ListFlowProjectClusterSetting", "emr:ListFlowProjectUser", "emr:ListGlobalConfigs", "emr:ListHPHost", "emr:ListHealthRule", "emr:ListJobExecutionInstanceTrend", "emr:ListJobExecutionInstances", "emr:ListJobExecutionPlanHierarchy", "emr:ListJobExecutionPlanParams", "emr:ListJobInstanceWorkers", "emr:ListJobMigrateInfo", "emr:ListJobs", "emr:ListKMSKeys", "emr:ListKafkaReassign", "emr:ListKafkaReassignForAdmin", "emr:ListKafkaReassignTopic", "emr:ListKafkaTopicStatistics", "emr:ListKafkaTopicStatisticsForAdmin", "emr:ListKeyPairNames", "emr:ListLibraries", "emr:ListLibraryInstallTasks", "emr:ListLibraryStatus", "emr:ListLocalDiskComponentInfo", "emr:ListMetaCluster", "emr:ListMetaDataSourceForOuter", "emr:ListMetaDatabaseForOuter", "emr:ListMetaTableColumnForOuter", "emr:ListMetaTableForOuter", "emr:ListMetaTablePartitionForOuter", "emr:ListMetastoreTypes", "emr:ListNodeGroupSpecs", "emr:ListNotes", "emr:ListOperation", "emr:ListOperationActivity", "emr:ListOperationStageInstanceRelation", "emr:ListOperationTask", "emr:ListPrivateZones", "emr:ListRamRole", "emr:ListRamUsers", "emr:ListRdsDatabase", "emr:ListRdsInstance", "emr:ListRegions", "emr:ListReleaseVersions", "emr:ListRequiredService", "emr:ListResourcePoolForAdmin", "emr:ListScalingActivity", "emr:ListScalingActivityV2", "emr:ListScalingConfigItemV2", "emr:ListScalingGroupV2", "emr:ListSecurityGroup", "emr:ListSecurityGroups", "emr:ListServiceComponentTopology", "emr:ListSlsProject", "emr:ListStack", "emr:ListStackService", "emr:ListStreamingSqlQuery", "emr:ListSupportedServiceName", "emr:ListTagKeys", "emr:ListTagValues", "emr:ListUserStatistics", "emr:ListVpcInfo", "emr:ListVswitch", "emr:ManageUserPlatform", "emr:MetastoreCreateDatabase", "emr:MetastoreCreateKafkaTopic", "emr:MetastoreCreateTable", "emr:MetastoreDataPreview", "emr:MetastoreDeleteKafkaTopic", "emr:MetastoreDescribeDataSource", "emr:MetastoreDescribeDatabase", "emr:MetastoreDescribeKafkaConsumerGroup", "emr:MetastoreDescribeKafkaTopic", "emr:MetastoreDescribeTable", "emr:MetastoreDescribeTask", "emr:MetastoreDropDatabase", "emr:MetastoreDropTable", "emr:MetastoreListDataSource", "emr:MetastoreListDataSourceForAdmin", "emr:MetastoreListDatabases", "emr:MetastoreListKafkaConsumerGroup", "emr:MetastoreListKafkaTopic", "emr:MetastoreListKafkaTopicForAdmin", "emr:MetastoreListTablePartition", "emr:MetastoreListTables", "emr:MetastoreListTask", "emr:MetastoreRetryTask", "emr:MetastoreSearchTables", "emr:MetastoreSync", "emr:MetastoreUpdateKafkaTopic", "emr:MetastoreUpdateKafkaTopicBatch", "emr:MetastoreUpdateTable", "emr:MigrateJobs", "emr:ModifyAlertContact", "emr:ModifyAlertUserGroup", "emr:ModifyClusterBootstrapAction", "emr:ModifyClusterEasModel", "emr:ModifyClusterSecurityGroupRule", "emr:ModifyClusterTemplate", "emr:ModifyExecutionPlan", "emr:ModifyExecutionPlanBasicInfo", "emr:ModifyExecutionPlanClusterInfo", "emr:ModifyExecutionPlanJobInfo", "emr:ModifyExecutionPlanScheduleInfo", "emr:ModifyFlowProject", "emr:ModifyFlowProjectClusterSetting", "emr:ModifyFlowProjectGeneralSetting", "emr:ModifyFlowVariableCollection", "emr:ModifyHealthRuleConfig", "emr:ModifyJob", "emr:ModifyJobExecutionPlanFolder", "emr:ModifyJobExecutionPlanParam", "emr:ModifyPrepayInstanceSpec", "emr:ModifyScalingConfigItemV2", "emr:ModifyScalingGroupV2", "emr:ModifyScalingTaskGroup", "emr:ModifyUserChannelInfo", "emr:ModifyUserStatistics", "emr:OfflineKafkaBroker", "emr:PassRole", "emr:PreCheckClusterBootstrapAction", "emr:QueryInfoByToken", "emr:QueryLogKey", "emr:QueryPrice", "emr:QuerySlsMetricData", "emr:QueryTableData", "emr:QueryTrendData", "emr:QueryUserById", "emr:ReassignKafka", "emr:RefreshBackupList", "emr:RemoveBackupPlan", "emr:RemoveBackupRule", "emr:RemoveScalingConfigItemV2", "emr:ResizeCluster", "emr:RestoreBackup", "emr:RestoreFlowEntitySnapshot", "emr:ResumeExecutionPlanInstance", "emr:ResumeExecutionPlanScheduler", "emr:RetryCreateLdapUser", "emr:RetryExecutionPlan", "emr:RetryExecutionPlanInstance", "emr:RunApiTemplate", "emr:RunDisasterRecoveryPlan", "emr:RunDiskOpsActivity", "emr:RunExecutionPlan", "emr:RunNoteParagraphs", "emr:RunParagraph", "emr:RunScalingActionV2", "emr:SaveParagraph", "emr:StartKafkaPreferredReplicaElection", "emr:StopParagraph", "emr:SuspendExecutionPlanInstance", "emr:SuspendExecutionPlanScheduler", "emr:TerminateClusterOperation", "emr:UninstallLibraries", "emr:UpdateClusterCost", "emr:UpdateDisasterRecoveryPlan", "emr:UpdateKafkaReassignParam", "emr:UpdateLibraryInstallTaskStatus", "emr:UpdateNodeMaintenanceStatus", "emr:UploadCostBucket", "emr:describeOperationTask", "emr:queryTableData", "emr:queryTrendData" ], "Resource": "*" } ] }
获得账号级别权限的RAM用户或RAM角色,能够操作整个账号范围内的相关资源。请务必确认所授予的权限是否符合预期,遵从最小授权原则谨慎分配权限。
常见问题
如何查看当前资源属于哪个资源组?
-
方式一:单击资源名称,进入资源的详情页面,即可查看到当前资源的资源组。
-
方式二:登录资源管理控制台,单击,在左侧选择目标资源所属账号(默认为当前账号),通过筛选条件定位目标资源,即可查看其所属资源组。
如何查看当前产品在某个资源组下的所有资源?
如何批量修改多个资源的资源组?
登录资源管理控制台,单击,在目标资源组所在行的操作列下,单击资源管理以进入资源管理页面。通过筛选条件定位多个目标资源,批量勾选第一列的复选框后单击下方转移资源组,并按页面提示完成资源组修改。