Identity and Access Management

Список стандартных ролей и политик

Policy/Role Name	Type	Description
AOM Admin	System-defined policy	All permissions of Application Operations Monitor service
AOM Viewer	System-defined policy	The read-only permissions to Application Operations Monitor service
APIG Administrator	System-defined policy	APIG Administrator
APIG FullAccess	System-defined policy	All permissions for API Gateway
APIG ReadOnlyAccess	System-defined policy	Read-only permissions for viewing API Gateway
APM Admin	System-defined policy	All permissions of Application Performance Monitor service.
APM Administrator	System-defined role	Application Performance Monitor Administrator
APM Viewer	System-defined policy	The read-only permissions to Application Performance Monitor service
Agent Operator	System-defined role	Permissions for switching roles to access services of a delegating account
AutoScaling Admin	System-defined policy	All permissions template of AutoScaling Service
AutoScaling Administrator	System-defined role	AutoScaling Administrator
AutoScaling FullAccess	System-defined policy	Full permissions for Auto Scaling
AutoScaling Viewer	System-defined policy	The read-only permissions to all AutoScaling resources, which can be used for statistics and survey
BMS Admin	System-defined policy	All permissions of BMS service
BMS CommonOperations	System-defined policy	Permissions for basic BMS operations, such as starting, stopping, restarting a BMS, querying BMS details, and attaching data disks to or detaching data disks from a BMS
BMS FullAccess	System-defined policy	All permissions of BMS service
BMS ReadOnlyAccess	System-defined policy	The read-only permissions to all BMS resources, which can be used for statistics and survey.
BMS User	System-defined policy	Common permissions of BMS service, except installation, delete, reinstallation and so on.
BMS Viewer	System-defined policy	The read-only permissions to all BMS resources, which can be used for statistics and survey
CBH FullAccess	System-defined policy	All permissions for all CBH instances
CBH ReadOnlyAccess	System-defined policy	Read-only permissions for CBH instances. Users granted with read-only permissions can only view but not configure the CBH service
CBR Admin	System-defined policy	All permissions of Cloud Backup and Recovery service
CBR User	System-defined policy	General permissions of Cloud Backup and Recovery service (exclude policy create, update, and delete permission)
CBR Viewer	System-defined policy	The read-only permissions to all Cloud Backup and Recovery resources
CCE Administrator	System-defined role	CCE Administrator
CCE FullAccess	System-defined policy	Common operation permissions on CCE cluster resources, excluding the namespace-level permissions for the clusters (with Kubernetes RBAC enabled) and the privileged administrator operations, such as agency configuration and cluster certificate generation
CCE ReadOnlyAccess	System-defined policy	Permissions to view CCE cluster resources, excluding the namespace-level permissions of the clusters (with Kubernetes RBAC enabled)
CDM CommonOperations	System-defined policy	Operation permissions on Cloud Data Migration jobs and links
CDM FullAccess	System-defined policy	All permissions on Cloud Data Migration
CDM FullAccessExceptEIPUpdating	System-defined policy	All permissions on Cloud Data Migration except elastic IP address binding and unbinding
CDM ReadOnlyAccess	System-defined policy	Read-only permission on Cloud Data Migration
CES Admin	System-defined policy	All permissions of Cloud Eye service
CES Administrator	System-defined role	CloudEye Service Administrator
CES Viewer	System-defined policy	The read-only permissions to all Cloud Eye service
CGS FullAccess	System-defined policy	Full permissions of Container Guard Service
CGS ReadOnlyAccess	System-defined policy	Read-only permissions for Container Guard Service
CSE Admin	System-defined policy	All permissions of CSE service
CSE Viewer	System-defined policy	The read-only permissions to all CSE resources
CSS Administrator	System-defined role	Cloud Search Service Administrator
CSS FullAccess	System-defined policy	All permissions for Cloud Search Service
CSS ReadOnlyAccess	System-defined policy	Read-only permissions for viewing Cloud Search Service
CTS Administrator	System-defined role	CloudTrace Service Administrator
CTS FullAccess	System-defined policy	Full permissions for Cloud Trace Service
CTS ReadOnlyAccess	System-defined policy	Read-only permissions for Cloud Trace Service
DAS FullAccess	System-defined policy	Full permissions for Data Admin Service
DAYU Administrator	System-defined role	DAYU Administrator
DAYU User	System-defined role	DAYU User
DBSS FullAccess	System-defined policy	Full permissions for Database Security Service
DBSS ReadOnlyAccess	System-defined policy	Read-only permissions for Database Security Service
DCS Admin	System-defined policy	All permissions of DCS service
DCS Administrator	System-defined role	Distributed Cache Service Administrator
DCS AgencyAccess	System-defined policy	Permissions to assign to DCS agencies
DCS FullAccess	System-defined policy	All permissions for Distributed Cache Service
DCS ReadOnlyAccess	System-defined policy	Read-only permissions for Distributed Cache Service
DCS User	System-defined policy	Common permissions of DCS service, except create, modify, delete and scale-up
DCS UserAccess	System-defined policy	Common permissions of DCS service, except create, modify, delete and scale-up
DCS Viewer	System-defined policy	The read-only permissions to all DCS resources, which can be used for statistics and survey
DDM CommonOperations	System-defined policy	Common user permissions for DDM, except for permissions of creating, deleting, and scaling out DDM instances, scaling out schemas, rolling back schema scaling tasks, and changing instance class
DDM FullAccess	System-defined policy	Full permissions for Distributed Database Middleware
DDM ReadOnlyAccess	System-defined policy	Read-only permissions for Distributed Database Middleware
DDS Admin	System-defined policy	Full permissions for Document Database Service
DDS Admin	System-defined policy	All permissions of DDS service
DDS Administrator	System-defined role	Document Database Service Administrator
DDS DBA	System-defined policy	DBA permissions of DDS service, except delete
DDS FullAccess	System-defined policy	Full permissions for Document Database Service
DDS ManageAccess	System-defined policy	Database administrator permissions for all operations except deleting DDS resources
DDS ReadOnlyAccess	System-defined policy	Read-only permissions for Document Database Service
DDS Viewer	System-defined policy	Read-only permissions for Document Database Service
DLI Service Administrator	System-defined role	All permissions for Data Lake Insight
DLI Service User	System-defined role	Users who were granted this permission can view the queue list, table structure, and create packages and package groups
DMS Admin	System-defined policy	All permissions of Distributed Message Service
DMS Administrator	System-defined role	Administrator to control DMS API access
DMS Administrator	System-defined role	Administrator to control DMS API access
DMS User	System-defined policy	Common permissions of Distributed Message Service, except install, modify, delete and so on
DMS Viewer	System-defined policy	The read-only permissions to all Distributed Message Service resources
DNS Admin	System-defined policy	DNS administrator permissions, which allow users to perform all operations, including creating, deleting, querying, and modifying DNS resources
DNS Administrator	System-defined role	DNS Administrator
DNS Viewer	System-defined policy	Read-only permissions, which only allow users to query DNS resources
DRS FullAccess	System-defined policy	Full permissions for Data Replication Service
DRS ReadOnlyAccess	System-defined policy	Read-only permissions for Data Replication Service
DWS FullAccess	System-defined policy	All permissions of DWS service
DWS ReadOnlyAccess	System-defined policy	The read-only permissions to all DWS resources
Direct Connect Administrator	System-defined role	Direct Connect Administrator
ECS Admin	System-defined policy	All permissions of ECS service
ECS User	System-defined policy	Common permissions of ECS service, except installation, delete, reinstallation and so on
ECS Viewer	System-defined policy	The read-only permissions to all ECS resources, which can be used for statistics and survey
ELB Admin	System-defined policy	All permissions of ELB service
ELB Service Administrator	System-defined role	ELB Service Administrator
ELB Viewer	System-defined policy	The read-only permissions to all ELB resources, which can be used for statistics and survey
EVS Admin	System-defined policy	All permissions of EVS service
EVS Viewer	System-defined policy	The read-only permissions to all EVS resources, which can be used for statistics and survey
Elasticsearch Administrator	System-defined role	Elasticsearch Administrator
Full Access	System-defined policy	All permissions of all services
FunctionGraph CommonOperations	System-defined policy	Common operations for functiongraph service, include query and invoke function
FunctionGraph FullAccess	System-defined policy	All permissions of FunctionGraph service
FunctionGraph ReadOnlyAccess	System-defined policy	The read-only permissions to all functiongraph resources
GES Development	System-defined policy	Usage permissions for Graph Engine Service
GES FullAccess	System-defined policy	Full permissions for Graph Engine Service
GES ReadOnlyAccess	System-defined policy	Read-only permissions for Graph Engine Service
HSS Administrator	System-defined role	Full permissions for Host Security Service
HSS FullAccess	System-defined policy	All permissions of Host Security Service
HSS ReadOnlyAccess	System-defined policy	Read-only permission for Host Security Service
IAM ReadOnlyAccess	System-defined policy	Read-only permissions for Identity and Access Management
IMS Admin	System-defined policy	All permissions of Image Management Service
IMS Administrator	System-defined role	IMS Administrator
IMS Viewer	System-defined policy	The read-only permissions to all IMS resources, which can be used for statistics and survey
KMS Administrator	System-defined role	KMS Administrator
KMS CMKFullAccess	System-defined policy	All permissions for custom keys in Key Management Service
LTS FullAccess	System-defined policy	All permissions of Log Tank service
LTS ReadOnlyAccess	System-defined policy	The read-only permissions to all Log Tank service resources
MRS Admin	System-defined policy	MapReduce all permissions for the service
MRS Administrator	System-defined role	MRS Administrator
MRS User	System-defined policy	MapReduce Service Usage Permissions
MRS Viewer	System-defined policy	MapReduce Service read-only permissions
ModelArts CommonOperations	System-defined policy	Common permissions of ModelArts service,except create,update,delete pool
ModelArts FullAccess	System-defined policy	All permissions of ModelArts service
NAT Admin	System-defined policy	All permissions of NAT Gateway service
NAT Gateway Administrator	System-defined role	NAT Gateway Administrator
NAT Viewer	System-defined policy	The read-only permissions to all NAT Gateway resources
OBS Administrator	System-defined policy	Object Storage Service Administrator
OBS Buckets Viewer	System-defined role	Permissions to view the bucket list, obtain bucket metadata, and query bucket location
OBS Operator	System-defined policy	Basic operation permissions to view the bucket list, obtain bucket metadata, list objects in a bucket, query bucket location, upload objects, download objects, delete objects, and obtain object ACLs
OBS Viewer	System-defined policy	Permissions to view the bucket list, obtain bucket metadata, list objects in a bucket, and query bucket location
RDS Admin	System-defined policy	All permissions of RDS service
RDS Administrator	System-defined role	RDS Administrator
RDS DBA	System-defined policy	DBA permissions of RDS service, except delete
RDS FullAccess	System-defined policy	Full permissions for Relational Database Service
RDS ManageAccess	System-defined policy	Database administrator permissions for all operations except deleting RDS resources
RDS ReadOnlyAccess	System-defined policy	Read-only permissions for Relational Database Service
RDS Viewer	System-defined policy	The read-only permissions to all RDS resources, which can be used for statistics and survey
RMS FullAccess	System-defined policy	Full permissions for Resource Management Service
RMS ReadOnlyAccess	System-defined policy	Read-only permissions for Resource Management Service
SFS Admin	System-defined policy	All permissions of Scalable File Service
SFS Administrator	System-defined role	SFS Administrator
SFS Turbo Admin	System-defined policy	All permissions of Scalable File Service (SFS Turbo)
SFS Turbo Viewer	System-defined policy	The read-only permissions to all Scalable File Service (SFS Turbo) resources
SFS Viewer	System-defined policy	The read-only permissions to all Scalable File Service resources
SMN Administrator	System-defined role	SMN Administrator
SMN FullAccess	System-defined policy	Full permissions for the Simple Message Notification service
SMN ReadOnlyAccess	System-defined policy	Read-only access to the Simple Message Notification service
SMS FullAccess	System-defined policy	Full permissions for Server Migration Service
SMS ReadOnlyAccess	System-defined policy	Read-only permissions Server Migration Service
SWR Administrator	System-defined role	Software Repository Administrator
Security Administrator	System-defined role	Full permissions for Identity and Access Management. This role does not have permissions for switching roles
Server Administrator	System-defined role	Server Administrator
ServiceStage Admin	System-defined policy	All permissions of ServiceStage service
ServiceStage Administrator	System-defined role	ServiceStage administrator, who has full permissions for this service
ServiceStage Developer	System-defined policy	Developer permissions of ServiceStage service(exclude review and approve)
ServiceStage Viewer	System-defined policy	The read-only permissions to all ServiceStage resources
TMS Administrator	System-defined role	Tag Management Service Administrator
Tenant Administrator	System-defined role	Tenant Administrator (Exclude IAM)
Tenant Guest	System-defined role	Tenant Guest (Exclude IAM)
VPC Admin	System-defined policy	All permissions of VPC service
VPC Administrator	System-defined role	Project-level services
VPC Viewer	System-defined policy	The read-only permissions to all VPC resources, which can be used for statistics and survey
VPCEndpoint Administrator	System-defined role	VPCEndpoint service enables you to privately connect your VPC to supported services
VPN Administrator	System-defined role	Virtual Private Network Administrator
WAF Administrator	System-defined role	Web application firewall service administrator of instance and policy
WAF FullAccess	System-defined policy	All permissions of waf service
WAF ReadOnlyAccess	System-defined policy	The read-only permissions to all Web application firewall resources, which can be used for statistics and survey

Предыдущая статья

Защита критических операций (Critical option protection)

Следующая статья

Быстрый старт

Была ли эта статья полезна?

Поддержка Юридические документы