Список стандартных ролей и политик
Policy/Role Name | Type | Description |
---|---|---|
AOM Admin
| System-defined policy | All permissions of Application Operations Monitor service |
AOM Viewer
| System-defined policy | The read-only permissions to Application Operations Monitor service |
APIG Administrator
| System-defined policy | APIG Administrator |
APIG FullAccess
| System-defined policy | All permissions for API Gateway |
APIG ReadOnlyAccess
| System-defined policy | Read-only permissions for viewing API Gateway |
APM Admin
| System-defined policy | All permissions of Application Performance Monitor service. |
APM Administrator
| System-defined role | Application Performance Monitor Administrator |
APM Viewer
| System-defined policy | The read-only permissions to Application Performance Monitor service |
Agent Operator
| System-defined role | Permissions for switching roles to access services of a delegating account |
AutoScaling Admin
| System-defined policy | All permissions template of AutoScaling Service |
AutoScaling Administrator
| System-defined role | AutoScaling Administrator |
AutoScaling FullAccess
| System-defined policy | Full permissions for Auto Scaling |
AutoScaling Viewer
| System-defined policy | The read-only permissions to all AutoScaling resources, which can be used for statistics and survey |
BMS Admin
| System-defined policy | All permissions of BMS service |
BMS CommonOperations
| System-defined policy | Permissions for basic BMS operations, such as starting, stopping, restarting a BMS, querying BMS details, and attaching data disks to or detaching data disks from a BMS |
BMS FullAccess
| System-defined policy | All permissions of BMS service |
BMS ReadOnlyAccess
| System-defined policy | The read-only permissions to all BMS resources, which can be used for statistics and survey. |
BMS User
| System-defined policy | Common permissions of BMS service, except installation, delete, reinstallation and so on. |
BMS Viewer
| System-defined policy | The read-only permissions to all BMS resources, which can be used for statistics and survey |
CBH FullAccess
| System-defined policy | All permissions for all CBH instances |
CBH ReadOnlyAccess
| System-defined policy | Read-only permissions for CBH instances. Users granted with read-only permissions can only view but not configure the CBH service |
CBR Admin
| System-defined policy | All permissions of Cloud Backup and Recovery service |
CBR User
| System-defined policy | General permissions of Cloud Backup and Recovery service (exclude policy create, update, and delete permission) |
CBR Viewer
| System-defined policy | The read-only permissions to all Cloud Backup and Recovery resources |
CCE Administrator
| System-defined role | CCE Administrator |
CCE FullAccess
| System-defined policy | Common operation permissions on CCE cluster resources, excluding the namespace-level permissions for the clusters (with Kubernetes RBAC enabled) and the privileged administrator operations, such as agency configuration and cluster certificate generation |
CCE ReadOnlyAccess
| System-defined policy | Permissions to view CCE cluster resources, excluding the namespace-level permissions of the clusters (with Kubernetes RBAC enabled) |
CDM CommonOperations
| System-defined policy | Operation permissions on Cloud Data Migration jobs and links |
CDM FullAccess
| System-defined policy | All permissions on Cloud Data Migration |
CDM FullAccessExceptEIPUpdating
| System-defined policy | All permissions on Cloud Data Migration except elastic IP address binding and unbinding |
CDM ReadOnlyAccess
| System-defined policy | Read-only permission on Cloud Data Migration |
CES Admin
| System-defined policy | All permissions of Cloud Eye service |
CES Administrator
| System-defined role | CloudEye Service Administrator |
CES Viewer
| System-defined policy | The read-only permissions to all Cloud Eye service |
CGS FullAccess
| System-defined policy | Full permissions of Container Guard Service |
CGS ReadOnlyAccess
| System-defined policy | Read-only permissions for Container Guard Service |
CSE Admin
| System-defined policy | All permissions of CSE service |
CSE Viewer
| System-defined policy | The read-only permissions to all CSE resources |
CSS Administrator
| System-defined role | Cloud Search Service Administrator |
CSS FullAccess
| System-defined policy | All permissions for Cloud Search Service |
CSS ReadOnlyAccess
| System-defined policy | Read-only permissions for viewing Cloud Search Service |
CTS Administrator
| System-defined role | CloudTrace Service Administrator |
CTS FullAccess
| System-defined policy | Full permissions for Cloud Trace Service |
CTS ReadOnlyAccess
| System-defined policy | Read-only permissions for Cloud Trace Service |
DAS FullAccess
| System-defined policy | Full permissions for Data Admin Service |
DAYU Administrator
| System-defined role | DAYU Administrator |
DAYU User
| System-defined role | DAYU User |
DBSS FullAccess
| System-defined policy | Full permissions for Database Security Service |
DBSS ReadOnlyAccess
| System-defined policy | Read-only permissions for Database Security Service |
DCS Admin
| System-defined policy | All permissions of DCS service |
DCS Administrator
| System-defined role | Distributed Cache Service Administrator |
DCS AgencyAccess
| System-defined policy | Permissions to assign to DCS agencies |
DCS FullAccess
| System-defined policy | All permissions for Distributed Cache Service |
DCS ReadOnlyAccess
| System-defined policy | Read-only permissions for Distributed Cache Service |
DCS User
| System-defined policy | Common permissions of DCS service, except create, modify, delete and scale-up |
DCS UserAccess
| System-defined policy | Common permissions of DCS service, except create, modify, delete and scale-up |
DCS Viewer
| System-defined policy | The read-only permissions to all DCS resources, which can be used for statistics and survey |
DDM CommonOperations
| System-defined policy | Common user permissions for DDM, except for permissions of creating, deleting, and scaling out DDM instances, scaling out schemas, rolling back schema scaling tasks, and changing instance class |
DDM FullAccess
| System-defined policy | Full permissions for Distributed Database Middleware |
DDM ReadOnlyAccess
| System-defined policy | Read-only permissions for Distributed Database Middleware |
DDS Admin
| System-defined policy | Full permissions for Document Database Service |
DDS Admin
| System-defined policy | All permissions of DDS service |
DDS Administrator
| System-defined role | Document Database Service Administrator |
DDS DBA
| System-defined policy | DBA permissions of DDS service, except delete |
DDS FullAccess
| System-defined policy | Full permissions for Document Database Service |
DDS ManageAccess
| System-defined policy | Database administrator permissions for all operations except deleting DDS resources |
DDS ReadOnlyAccess
| System-defined policy | Read-only permissions for Document Database Service |
DDS Viewer
| System-defined policy | Read-only permissions for Document Database Service |
DLI Service Administrator
| System-defined role | All permissions for Data Lake Insight |
DLI Service User
| System-defined role | Users who were granted this permission can view the queue list, table structure, and create packages and package groups |
DMS Admin
| System-defined policy | All permissions of Distributed Message Service |
DMS Administrator
| System-defined role | Administrator to control DMS API access |
DMS Administrator
| System-defined role | Administrator to control DMS API access |
DMS User
| System-defined policy | Common permissions of Distributed Message Service, except install, modify, delete and so on |
DMS Viewer
| System-defined policy | The read-only permissions to all Distributed Message Service resources |
DNS Admin
| System-defined policy | DNS administrator permissions, which allow users to perform all operations, including creating, deleting, querying, and modifying DNS resources |
DNS Administrator
| System-defined role | DNS Administrator |
DNS Viewer
| System-defined policy | Read-only permissions, which only allow users to query DNS resources |
DRS FullAccess
| System-defined policy | Full permissions for Data Replication Service |
DRS ReadOnlyAccess
| System-defined policy | Read-only permissions for Data Replication Service |
DWS FullAccess
| System-defined policy | All permissions of DWS service |
DWS ReadOnlyAccess
| System-defined policy | The read-only permissions to all DWS resources |
Direct Connect Administrator
| System-defined role | Direct Connect Administrator |
ECS Admin
| System-defined policy | All permissions of ECS service |
ECS User
| System-defined policy | Common permissions of ECS service, except installation, delete, reinstallation and so on |
ECS Viewer
| System-defined policy | The read-only permissions to all ECS resources, which can be used for statistics and survey |
ELB Admin
| System-defined policy | All permissions of ELB service |
ELB Service Administrator
| System-defined role | ELB Service Administrator |
ELB Viewer
| System-defined policy | The read-only permissions to all ELB resources, which can be used for statistics and survey |
EVS Admin
| System-defined policy | All permissions of EVS service |
EVS Viewer
| System-defined policy | The read-only permissions to all EVS resources, which can be used for statistics and survey |
Elasticsearch Administrator
| System-defined role | Elasticsearch Administrator |
Full Access
| System-defined policy | All permissions of all services |
FunctionGraph CommonOperations
| System-defined policy | Common operations for functiongraph service, include query and invoke function |
FunctionGraph FullAccess
| System-defined policy | All permissions of FunctionGraph service |
FunctionGraph ReadOnlyAccess
| System-defined policy | The read-only permissions to all functiongraph resources |
GES Development
| System-defined policy | Usage permissions for Graph Engine Service |
GES FullAccess
| System-defined policy | Full permissions for Graph Engine Service |
GES ReadOnlyAccess
| System-defined policy | Read-only permissions for Graph Engine Service |
HSS Administrator
| System-defined role | Full permissions for Host Security Service |
HSS FullAccess
| System-defined policy | All permissions of Host Security Service |
HSS ReadOnlyAccess
| System-defined policy | Read-only permission for Host Security Service |
IAM ReadOnlyAccess
| System-defined policy | Read-only permissions for Identity and Access Management |
IMS Admin
| System-defined policy | All permissions of Image Management Service |
IMS Administrator
| System-defined role | IMS Administrator |
IMS Viewer
| System-defined policy | The read-only permissions to all IMS resources, which can be used for statistics and survey |
KMS Administrator
| System-defined role | KMS Administrator |
KMS CMKFullAccess
| System-defined policy | All permissions for custom keys in Key Management Service |
LTS FullAccess
| System-defined policy | All permissions of Log Tank service |
LTS ReadOnlyAccess
| System-defined policy | The read-only permissions to all Log Tank service resources |
MRS Admin
| System-defined policy | MapReduce all permissions for the service |
MRS Administrator
| System-defined role | MRS Administrator |
MRS User
| System-defined policy | MapReduce Service Usage Permissions |
MRS Viewer
| System-defined policy | MapReduce Service read-only permissions |
ModelArts CommonOperations
| System-defined policy | Common permissions of ModelArts service,except create,update,delete pool |
ModelArts FullAccess
| System-defined policy | All permissions of ModelArts service |
NAT Admin
| System-defined policy | All permissions of NAT Gateway service |
NAT Gateway Administrator
| System-defined role | NAT Gateway Administrator |
NAT Viewer
| System-defined policy | The read-only permissions to all NAT Gateway resources |
OBS Administrator
| System-defined policy | Object Storage Service Administrator |
OBS Buckets Viewer
| System-defined role | Permissions to view the bucket list, obtain bucket metadata, and query bucket location |
OBS Operator
| System-defined policy | Basic operation permissions to view the bucket list, obtain bucket metadata, list objects in a bucket, query bucket location, upload objects, download objects, delete objects, and obtain object ACLs |
OBS Viewer
| System-defined policy | Permissions to view the bucket list, obtain bucket metadata, list objects in a bucket, and query bucket location |
RDS Admin
| System-defined policy | All permissions of RDS service |
RDS Administrator
| System-defined role | RDS Administrator |
RDS DBA
| System-defined policy | DBA permissions of RDS service, except delete |
RDS FullAccess
| System-defined policy | Full permissions for Relational Database Service |
RDS ManageAccess
| System-defined policy | Database administrator permissions for all operations except deleting RDS resources |
RDS ReadOnlyAccess
| System-defined policy | Read-only permissions for Relational Database Service |
RDS Viewer
| System-defined policy | The read-only permissions to all RDS resources, which can be used for statistics and survey |
RMS FullAccess
| System-defined policy | Full permissions for Resource Management Service |
RMS ReadOnlyAccess
| System-defined policy | Read-only permissions for Resource Management Service |
SFS Admin
| System-defined policy | All permissions of Scalable File Service |
SFS Administrator
| System-defined role | SFS Administrator |
SFS Turbo Admin
| System-defined policy | All permissions of Scalable File Service (SFS Turbo) |
SFS Turbo Viewer
| System-defined policy | The read-only permissions to all Scalable File Service (SFS Turbo) resources |
SFS Viewer
| System-defined policy | The read-only permissions to all Scalable File Service resources |
SMN Administrator
| System-defined role | SMN Administrator |
SMN FullAccess
| System-defined policy | Full permissions for the Simple Message Notification service |
SMN ReadOnlyAccess
| System-defined policy | Read-only access to the Simple Message Notification service |
SMS FullAccess
| System-defined policy | Full permissions for Server Migration Service |
SMS ReadOnlyAccess
| System-defined policy | Read-only permissions Server Migration Service |
SWR Administrator
| System-defined role | Software Repository Administrator |
Security Administrator
| System-defined role | Full permissions for Identity and Access Management. This role does not have permissions for switching roles |
Server Administrator
| System-defined role | Server Administrator |
ServiceStage Admin
| System-defined policy | All permissions of ServiceStage service |
ServiceStage Administrator
| System-defined role | ServiceStage administrator, who has full permissions for this service |
ServiceStage Developer
| System-defined policy | Developer permissions of ServiceStage service(exclude review and approve) |
ServiceStage Viewer
| System-defined policy | The read-only permissions to all ServiceStage resources |
TMS Administrator
| System-defined role | Tag Management Service Administrator |
Tenant Administrator
| System-defined role | Tenant Administrator (Exclude IAM) |
Tenant Guest
| System-defined role | Tenant Guest (Exclude IAM) |
VPC Admin
| System-defined policy | All permissions of VPC service |
VPC Administrator
| System-defined role | Project-level services |
VPC Viewer
| System-defined policy | The read-only permissions to all VPC resources, which can be used for statistics and survey |
VPCEndpoint Administrator
| System-defined role | VPCEndpoint service enables you to privately connect your VPC to supported services |
VPN Administrator
| System-defined role | Virtual Private Network Administrator |
WAF Administrator
| System-defined role | Web application firewall service administrator of instance and policy |
WAF FullAccess
| System-defined policy | All permissions of waf service |
WAF ReadOnlyAccess
| System-defined policy | The read-only permissions to all Web application firewall resources, which can be used for statistics and survey |