System-defined Identity Policies
New IAM users do not have any permissions assigned by default. You need to attach identity policies to the users or add them to one or more groups and attach identity policies to these groups on the new IAM console. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
IAM provides system-defined identity policies to define common actions supported by cloud services. System-defined identity policies cannot be modified. They can be directly used to assign permissions to users.
If there are no system-defined identity policies for a specific service, it indicates that IAM does not support this service. The administrator can submit a service ticket and request to register permissions for that service in IAM.
If system-defined identity policies cannot meet your requirements, you can create custom identity policies for more refined access control. For the permissions, resources, and condition keys supported by each service, see Identity Policy–based Authorization.
Global
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Global services |
ReadOnlyPolicy |
Read-only permissions for all services. |
|
Global services |
AdministratorAccessPolicy |
Full permissions for all services.
NOTE:
All services refer to the cloud services that support identity policies and trust agencies. |
Compute
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Elastic Cloud Server (ECS) |
ECSFullPolicy |
Full permissions for ECS. |
|
ECSCommonOperationsPolicy |
Common user permissions for ECS. Users granted these permissions can query, start, stop, and restart ECSs, manage automatic recovery of an ECS, reset the password for logging in to an ECS with a few clicks, configure a private IP address for a NIC of an ECS, obtain the address for remotely logging in to an ECS using VNC, obtain EVS disk information, configure security group rules, manage ECS groups, use float IP addresses and key pairs, manage the password to log in to a Windows ECS, obtain the address for logging in to the console using VNC, create images, configure ECS metadata, add tags to an ECS, use ECS disks, query the disks attached to an ECS, query NICs of an ECS, and create, query, and delete IMS images. |
|
|
ECSReadOnlyPolicy |
Read-only permissions for ECS. |
|
|
ECSPartnerOperationsPolicy |
Partner permissions for ECS. |
|
|
Bare Metal Server (BMS) |
BMSFullPolicy |
Full permissions for BMS. |
|
BMSReadOnlyPolicy |
Read-only permissions for BMS. |
|
|
BMSCommonOperationsPolicy |
Common user permissions for BMS. Users with these permissions can start, stop, restart, and query BMSs, and attach a data disk to and detach a data disk from a BMS. |
|
|
Auto Scaling |
ASFullPolicy |
Full permissions for Auto Scaling. |
|
ASReadOnlyPolicy |
Read-only permissions for Auto Scaling. |
|
|
ASServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for Auto Scaling. |
|
|
Image Management Service (IMS) |
IMSFullAccessPolicy |
Full permissions for IMS. |
|
IMSReadOnlyPolicy |
Read-only permissions for IMS. |
|
|
FunctionGraph |
FunctionGraphFullAccessPolicy |
Full permissions for FunctionGraph. |
|
FunctionGraphReadOnlyPolicy |
Read-only permissions for FunctionGraph. |
|
|
FunctionGraphCommonOperationsPolicy |
Invoker permissions for querying functions and triggers, and invoking functions. |
|
|
FunctionGraphServiceLinkedAgencyPolicy |
Agency permissions for FunctionGraph to access VPC and mount disks. |
Storage
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Object Storage Service (OBS) |
OBSBucketsViewerPolicy |
Permissions for viewing the bucket list, obtaining bucket metadata, and querying the bucket location in OBS. |
|
OBSFullAccessPolicy |
Administrator permissions for OBS. |
|
|
OBSConsoleFullAccessPolicy |
Permissions for all operations on the OBS console. |
|
|
OBSBasicOperationsPolicy |
Permissions for basic operations on OBS, such as viewing the bucket list, obtaining bucket metadata, listing objects in a bucket, querying the bucket location, uploading objects, obtaining objects, deleting objects, and obtaining an object ACL. |
|
|
OBSReadOnlyPolicy |
Read-only permissions for viewing the bucket list, obtaining bucket metadata, listing objects in a bucket, and querying the bucket location in OBS. |
|
|
Elastic Volume Service (EVS) |
EVSFullAccessPolicy |
Administrator permissions for using all disks and snapshots on EVS. |
|
EVSReadOnlyPolicy |
Read-only permissions for EVS. |
|
|
Cloud Backup and Recovery (CBR) |
CBRFullAccessPolicy |
Administrator permissions for using all vaults, backups, and policies on CBR. |
|
CBRReadOnlyPolicy |
Read-only permissions for CBR. |
|
|
CBRBackupsAndVaultsFullAccessPolicy |
Common user permissions for CBR, excluding the permissions for creating, updating, and deleting a policy. |
|
|
CBRServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for CBR across accounts. |
|
|
Content Delivery Network (CDN) |
CDNLogsReadOnlyPolicy |
Read-only permissions for the CDN log service. |
|
CDNSecurityProtectionConfigurationReadOnlyPolicy |
Read-only permissions for the CDN security service. |
|
|
CDNRefreshAndPreheatPolicy |
Permissions to configure CDN cache refreshing and preheating. |
|
|
CDNAdministratorPolicy |
Full permissions for CDN. |
|
|
CDNSecurityProtectionConfigurationPolicy |
Permissions for adding, modifying, and deleting a CDN security policy, and binding or unbinding a domain name. |
|
|
CDNReadOnlyPolicy |
Read-only permissions for all CDN services. |
|
|
CDNFullPolicy |
Full permissions for CDN. |
|
|
CDNStatisticsReadOnlyPolicy |
Read-only permissions for the CDN statistics service. |
|
|
CDNSecurityProtectionStatisticsReadOnlyPolicy |
Read-only permissions for CDN security statistics. |
|
|
CDNDomainConfigurationPolicy |
Permissions for configuring CDN acceleration domain names. |
|
|
CDNDomainReadOnlyPolicy |
Read-only permissions for CDN acceleration domain names. |
|
|
CDNChargeConfigurationPolicy |
Permission for enabling CDN billing and modifying and querying the billing option. |
|
|
CDNStatisticsFullPolicy |
Full permissions for the CDN statistics service. |
|
|
Scalable File Service (SFS) |
SFSTurboFullAccessPolicy |
Administrator permissions for SFS. Users granted these permissions can perform all operations on file systems. |
|
SFSTurboReadOnlyPolicy |
Read-only permissions for SFS. |
Networking
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Virtual Private Cloud (VPC) |
VPCFullAccessPolicy |
Full permissions for VPC. |
|
VPCReadOnlyPolicy |
Read-only permissions for VPC. |
|
|
VPCConsoleFullAccessPolicy |
Permissions for all operations on the VPC console. |
|
|
VPCConsoleReadOnlyPolicy |
Read-only permissions for VPC. |
|
|
Elastic Load Balance (ELB) |
ELBFullAccessPolicy |
Full permissions for ELB. |
|
ELBReadOnlyAccessPolicy |
Read-only permissions for ELB. |
|
|
NAT Gateway |
NATFullAccessPolicy |
Full permissions for NAT Gateway. |
|
NATReadOnlyPolicy |
Read-only permissions for NAT Gateway. |
|
|
Direct Connect |
DCAASFullAccessPolicy |
Full permissions for Direct Connect. |
|
DCAASReadOnlyPolicy |
Read-only permissions for Direct Connect. |
|
|
Virtual Private Network (VPN) |
VPNFullAccessPolicy |
Full permissions for VPN. |
|
VPNReadOnlyPolicy |
Read-only permissions for VPN. |
|
|
Domain Name Service (DNS) |
DNSFullAccessPolicy |
Administrator permissions for performing all operations (including creating, deleting, querying, and modifying resources) on DNS. |
|
DNSReadOnlyAccessPolicy |
Read-only permissions for DNS. Users granted these permissions can only view DNS resources. |
|
|
VPC Endpoint (VPCEP) |
VPCEPFullAccessPolicy |
Full permissions for VPCEP. |
|
VPCEPReadOnlyPolicy |
Read-only permissions for VPCEP. |
|
|
Cloud Connect |
CCFullAccessPolicy |
Full permissions for Cloud Connect. |
|
CCReadOnlyPolicy |
Read-only permissions for Cloud Connect. |
|
|
Enterprise Router |
ERFullAccessPolicy |
Full permissions for Enterprise Router. |
|
ERReadOnlyPolicy |
Read-only permissions for Enterprise Router. |
|
|
Elastic IP (EIP) |
EIPReadOnlyAccessPolicy |
Read-only permissions for EIP. |
|
EIPFullAccessPolicy |
Full permissions for EIP. |
|
|
Global Accelerator |
GAFullAccessPolicy |
Full permissions for Global Accelerator. |
|
GAReadOnlyPolicy |
Read-only permissions for Global Accelerator. |
Containers
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Cloud Container Engine (CCE) |
CCEFullPolicy |
Full permissions for CCE. |
|
CCEReadOnlyPolicy |
Read-only permissions for CCE. |
|
|
Cloud Container Instance (CCI) |
CCIFullAccessPolicy |
Full permissions for CCI. |
|
CCIReadOnlyPolicy |
Read-only permissions for CCI. |
|
|
Software Repository for Container (SWR) |
SWRReadOnlyAccessPolicy |
Read-only permissions for SWR. |
|
SWROperateAccessPolicy |
Operation permissions for SWR. |
|
|
SWRFullAccessPolicy |
Full permissions for SWR. |
Security & Compliance
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Advanced Anti-DDoS (AAD) |
AADFullAccessPolicy |
Full permissions for AAD. |
|
AADReadOnlyAccessPolicy |
AAD read-only permissions. Users with these permissions can only view AAD information. |
|
|
Cloud Native Anti-DDoS Advanced (CNAD) |
CNADFullAccessPolicy |
Full permissions for CNAD. |
|
CNADReadOnlyPolicy |
Read-only permissions for CNAD. Users granted these permissions can only view CNAD resources. |
|
|
CNAD Basic (Anti-DDoS) |
Anti-DDoSFullAccessPolicy |
Full permissions for Anti-DDoS. |
|
Anti-DDoSReadOnlyPolicy |
Read-only permissions for Anti-DDoS. Users with these permissions can only view Anti-DDoS information. |
|
|
Host Security Service (HSS) |
HSSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for HSS across accounts. |
|
HSSFullAccessPolicy |
Full permissions for HSS. |
|
|
HSSReadOnlyAccessPolicy |
Read-only permissions for HSS. |
|
|
HSSAdministratorPolicy |
HSS administrator with full permissions. |
|
|
Database Security Service (DBSS) |
DBSSReadOnlyPolicy |
Read-only permissions for DBSS. |
|
DBSSFullAccessPolicy |
Full permissions for DBSS. |
|
|
DBSSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for DBSS. |
|
|
Data Encryption Workshop (DEW) |
KMSReadOnlyPolicy |
Read-only permissions for KMS. |
|
KMSFullAccessPolicy |
Full permissions for KMS. |
|
|
CSMSFullAccessPolicy |
Full permissions for Cloud Secret Management Service (CSMS). |
|
|
CSMSReadOnlyPolicy |
Read-only permissions for CSMS. |
|
|
CSMSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for CSMS across accounts. |
|
|
DHSMFullAccessPolicy |
Administrator permissions for DHSM. |
|
|
DHSMReadOnlyPolicy |
Read-only permissions for DHSM. |
|
|
KPSFullAccessPolicy |
Full permissions for KPS. |
|
|
KPSReadOnlyPolicy |
Read-only permissions for KPS. |
|
|
Web Application Firewall (WAF) |
WAFReadOnlyAccessPolicy |
Read-only permissions for WAF. |
|
WAFFullAccessPolicy |
Administrator permissions for WAF. |
|
|
WAFServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for WAF across accounts. |
|
|
Cloud Firewall (CFW) |
CFWFullAccessPolicy |
Full permissions for CFW. |
|
CFWReadOnlyPolicy |
Read-only permissions for CFW. |
|
|
CFWServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for CFW across accounts. |
|
|
SSL Certificate Manager (SCM) (Global service) (SCM has been integrated into CCM.) |
SCMReadOnlyPolicy |
Read-only permissions for SCM. |
|
SCMFullPolicy |
Administrator permissions for SCM. |
|
|
Cloud Bastion Host (CBH) |
CBHFullAccessPolicy |
Full permissions for CBH. |
|
CBHReadOnlyPolicy |
Read-only permissions for CBH. |
|
|
CBHServiceLinkedAgencyPolicy |
Agency permissions required for CBH to access KMS and credential management services of tenants. |
|
|
Data Security Center (DSC) |
DSCDashboardReadOnlyAccessPolicy |
Read-only permissions for the overview page of DSC. |
|
DSCFullAccessPolicy |
Full permissions for DSC. |
|
|
DSCReadOnlyAccessPolicy |
Read-only permissions for DSC. |
|
|
DSCServiceAgencyPolicy |
Agency permissions for DSC. |
|
|
DSCServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for DSC across accounts. |
|
|
Cloud Certificate & Manager (CCM) |
PCAFullAccessPolicy |
Full permissions for PCA. |
|
PCAReadOnlyPolicy |
Read-only permissions for PCA. |
|
|
PCAServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for PCA across accounts. |
|
|
SecMaster |
SecMasterFullAccess |
Administrator permissions for SecMaster. |
|
SecMasterReadOnly |
Read-only permissions for SecMaster. |
|
|
ServiceLinkedAgencyForSecMaster |
SecMaster agency policy for connecting with other services. |
Management & Governance
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Identity and Access Management (IAM) |
IAMFullAccessPolicy |
Full permissions for IAM. |
|
IAMReadOnlyPolicy |
Read-only permissions for IAM. |
|
|
AccessAnalyzerServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for Access Analyzer. |
|
|
Cloud Eye |
CESReadOnlyPolicy |
Read-only permissions for Cloud Eye. |
|
CESFullAccessPolicy |
Full permissions for Cloud Eye. |
|
|
CESAgentServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for the Cloud Eye Agent. |
|
|
Application Operations Management (AOM) |
AOMFullAccessPolicy |
Full permissions for AOM. |
|
AOMReadOnlyPolicy |
Read-only permissions for AOM. |
|
|
AOMServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for AOM across accounts. |
|
|
Cloud Trace Service (CTS) |
CTSFullAccessPolicy |
Full permissions for CTS. |
|
CTSReadOnlyPolicy |
Read-only permissions for CTS. |
|
|
CTSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for CTS across accounts. |
|
|
Log Tank Service (LTS) |
LTSFullAccessPolicy |
Full permissions for LTS. |
|
LTSReadOnlyAccessPolicy |
Read-only permissions for LTS. |
|
|
LTSServiceLinkedAgencyPolicy |
Organization management permissions for LTS across accounts. |
|
|
Tag Management Service (TMS) |
TMSReadOnlyPolicy |
Read-only permissions for TMS. |
|
TMSFullAccessPolicy |
Full permissions for TMS. |
|
|
Config |
ConfigReadOnlyPolicy |
Read-only permissions for Config. |
|
ConfigFullAccessPolicy |
Full permissions for Config. |
|
|
ConfigConsoleFullAccessPolicy |
Permissions for all operations on the Config console. |
|
|
RMSRemediationServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for Config remediation. |
|
|
RMSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for Config across accounts. |
|
|
RMSConformsServiceLinkedAgencyPolicy |
Service agencies for conformance package configuration management. |
|
|
Resource Access Manager (RAM) |
RAMFullAccessPolicy |
Full permissions for RAM. |
|
RAMReadOnlyPolicy |
Read-only permissions for RAM. |
|
|
RAMResourceShareParticipantAccessPolicy |
Permissions for accepting or reject the invitation to a resource share. |
|
|
IAM Identity Center |
IdentityCenterFullAccessPolicy |
Administrator permissions for IAM Identity Center. Users with this permission can manage and use IAM Identity Center resources. |
|
IdentityCenterReadOnlyPolicy |
Read-only permissions for IAM Identity Center. Users with this permission can only view data on IAM Identity Center. |
|
|
IdentityCenterServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for IAM Identity Center. |
|
|
Organizations |
OrganizationsReadOnlyAccessPolicy |
Read-only permissions for Organizations. |
|
OrganizationsFullAccessPolicy |
Full permissions for Organizations. |
|
|
OrganizationsServiceLinkedAgencyPolicy |
Permissions for creating and deleting service-linked agencies. |
|
|
Resource Formation Service (RFS) |
RFFullAccessPolicy |
Full permissions for RFS. |
|
RFReadOnlyPolicy |
Read-only permissions for RFS. |
|
|
RFDeployPolicy |
Read-only permissions for RFS. |
|
|
RFStackSetFullAccessPolicy |
Full permissions for the stack set. |
|
|
RFStackSetReadOnlyPolicy |
Read-only permissions for the stack set. |
|
|
Resource Governance Center (RGC) |
RGCServiceLinkedAgencyPolicy |
Permissions for deleting service-linked agencies. |
Application
|
Service |
Identity Policy |
Description |
|---|---|---|
|
ServiceStage |
ServiceStageFullAccessPolicy |
Full permissions for ServiceStage. |
|
ServiceStageReadOnlyPolicy |
Read-only permissions for ServiceStage. |
|
|
ServiceStageDeveloperPolicy |
Developer permissions for ServiceStage, including permissions for performing operations on applications, components, and environments, but excluding approval permissions and permissions for creating infrastructure. |
|
|
Cloud Service Engine (CSE) |
CSEFullAccessPolicy |
Full permissions for CSE. |
|
CSEReadOnlyPolicy |
Permissions for viewing CSE resources. |
|
|
CSEServiceLinkedAgencyPolicy |
Agency permissions required for creating and maintaining CSE instances. |
|
|
Distributed Cache Service (DCS) |
DCSFullAccessPolicy |
Full permissions for DCS. |
|
DCSUserAccessPolicy |
Common user permissions for DCS operations except creating, modifying, deleting, and scaling instances. |
|
|
DCSReadOnlyAccessPolicy |
Read-only permissions for DCS. |
|
|
DCSServiceLinkedAgencyPolicy |
Agency permissions required by DCS for migrating faulty instances. |
|
|
Distributed Message Service (DMS for Kafka and DMS for RabbitMQ) |
DMSFullAccessPolicy |
Full permissions for DMS. |
|
DMSConsoleFullAccessPolicy |
Full permissions for operations on the DMS console. |
|
|
DMSUserAccessPolicy |
Common user permissions for DMS, excluding permissions for creating, deleting, scaling up instances, and dumping. |
|
|
DMSReadOnlyAccessPolicy |
Read-only permissions for DMS. |
|
|
DMSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for DMS. |
|
|
Simple Message Notification (SMN) |
SMNFullAccessPolicy |
Full permissions for SMN. |
|
SMNReadOnlyPolicy |
Read-only permissions for SMN. |
|
|
API Gateway |
APIGFullAccessPolicy |
Full permissions for APIG. |
|
APIGReadOnlyAccessPolicy |
Read-only permissions for APIG. |
Database
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Relational Database Service (RDS) |
RDSFullAccessPolicy |
Full permissions for RDS. |
|
RDSReadOnlyPolicy |
Read-only permissions for RDS. |
|
|
RDSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for RDS across accounts. |
|
|
Document Database Service (DDS) |
DDSFullAccessPolicy |
Full permissions for DDS. |
|
DDSReadOnlyPolicy |
Read-only permissions for DDS. |
|
|
DDSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for DDS across accounts. |
|
|
Data Replication Service (DRS) |
DRSFullAccessPolicy |
Administrator permissions for DRS. Users granted these permissions can operate and use DRS. |
|
DRSFullWithOutDeleteAccessPolicy |
Full permissions for DRS, except for those for stopping and deleting tasks. |
|
|
DRSReadOnlyAccessPolicy |
Read-only permissions for DRS. |
|
|
DRSServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for DRS across accounts. |
|
|
GeminiDB |
GaussDBforNoSQLFullAccessPolicy |
Full permissions for GeminiDB. |
|
GaussDBforNoSQLReadOnlyPolicy |
Read-only permissions for GeminiDB. |
|
|
GaussDBforNoSQLServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for GeminiDB across accounts. |
|
|
GaussDB |
GaussDBFullAccessPolicy |
Full permissions for GaussDB. |
|
GaussDBReadOnlyPolicy |
Read-only permissions for GaussDB. |
|
|
GaussDBServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for GaussDB across accounts. |
|
|
GaussDB(for MySQL) |
GaussDBforMySQLReadOnlyPolicy |
Read-only permissions for GaussDB(for MySQL). |
|
GaussDBforMySQLFullAccessPolicy |
Full permissions for GaussDB(for MySQL). |
|
|
GaussDBforMySQLServiceLinkedAgencyPolicy |
Permissions of service-linked agencies for GaussDB(for MySQL) across accounts. |
Migration
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Server Migration Service (SMS) |
SMSFullAccessPolicy |
Full permissions for SMS. |
|
SMSReadOnlyPolicy |
Read-only permissions for SMS. |
|
|
Object Storage Migration Service (OMS) |
OMSFullAccessPolicy |
Administrator permissions for OMS. Users granted these permissions can create, operate, and view OMS resources. |
|
OMSReadOnlyPolicy |
Full permissions for OMS. |
|
|
Migration Center (MgC) |
MGCFullAccessPolicy |
Full permissions for MgC. |
|
MGCReadOnlyPolicy |
Read-only permissions for MgC. |
|
|
MGCCollectionAccessPolicy |
Permissions for resource discovery and collection with MgC. |
|
|
MGCAssessmentAccessPolicy |
Permissions for resource assessment with MgC. |
|
|
MGCManagementAccessPolicy |
Permissions for managing migration settings on MgC. |
|
|
MGCWorkflowAccessPolicy |
Permissions for using MgC migration workflows. |
|
|
MGCMigrationPlanAccessPolicy |
Permissions for designing migration plans with MgC. |
|
|
MGCBigdataAccessPolicy |
Permissions for migrating and verifying big data with MgC. |
AI
|
Service |
Identity Policy |
Description |
|---|---|---|
|
ModelArts |
ModelArtsFullAccessPolicy |
Full permissions for ModelArts. |
|
ModelArtsCommonOperationsPolicy |
Common user permissions for ModelArts (excluding creating, updating, and deleting a dedicated resource pool). |
|
|
ModelArtsDependencyAccessPolicy |
Permissions for common dependent services of ModelArts. |
|
|
OptVerseFullAccessPolicy |
Full permissions for OptVerse. |
|
|
OptVerseReadOnlyPolicy |
Read-only permissions for OptVerse. |
|
|
OptVerseTaskFullAccessPolicy |
Full permissions for OptVerse task management. |
|
|
MapReduce Service (MRS) |
MRSFullAccessPolicy |
Administrator permissions for MRS. Users granted these permissions can operate and use MRS clusters. |
|
MRSReadOnlyAccessPolicy |
Read-only permissions for MRS. |
|
|
DWS |
DWSFullAccessPolicy |
Full permissions for DWS. |
|
DWSReadOnlyPolicy |
Read-only permissions for DWS. |
|
|
DWSAccessVPCPolicy |
Agency permissions for DWS to access VPC. |
|
|
DWSAccessOBSPolicy |
Agency permissions for DWS to access OBS. |
|
|
DWSAccessLTSPolicy |
Agency permissions for DWS to access LTS. |
|
|
DWSAccessKMSPolicy |
Agency permissions for DWS to access KMS. |
|
|
DWSAccessDWSPolicy |
Agency permissions for DWS to access DWS. |
|
|
Data Lake Insight (DLI) |
DLIFullAccessPolicy |
Full permissions for DLI. |
|
DLIReadOnlyPolicy |
Read-only permissions for DLI. |
|
|
Cloud Search Service (CSS) |
CSSFullAccessPolicy |
Full permissions for CSS. |
|
CSSReadOnlyPolicy |
Read-only permissions for CSS. |
|
|
CSSAccessVPCPolicy |
Agency permissions for CSS to access VPC. |
|
|
CSSAccessOBSPolicy |
Agency permissions for CSS to access OBS. |
|
|
CSSAccessELBPolicy |
Agency permissions for CSS to access ELB. |
|
|
CSSAccessCSSLogstreamPolicy |
Agency permissions for CSS to access CSS logs. |
Big Data
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Data Lake Insight (DLI) |
DLIFullAccessPolicy |
Full permissions for DLI. |
|
DLIReadOnlyPolicy |
Read-only permissions for DLI. |
|
|
DataArts Studio |
DataArtsStudioReadOnlyPolicy |
Full permissions for managing DataArts Studio instances and workspaces, except service operation permissions in workspaces and permissions of dependent services. |
|
DataArtsStudioFullAccessPolicy |
Permissions for performing common operations on DataArts Studio instances and workspaces, except service operation permissions in workspaces and permissions of dependent services. |
|
|
DataArtsStudioReadOnlyPolicy |
Permissions for viewing DataArts Studio instances and workspaces, except service operation permissions in workspaces and permissions of dependent services. |
Video
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Media Processing Center (MPC) |
MPCFullAccessPolicy |
Full permissions for MPC. |
|
MPCReadOnlyPolicy |
Read-only permissions for MPC. |
|
|
Live |
LiveFullAccessPolicy |
Full permissions for Live. |
|
LiveReadOnlyPolicy |
Read-only permissions for Live. |
|
|
MetaStudio |
MetaStudioFullAccessPolicy |
Full permissions for MetaStudio. |
|
MetaStudioReadOnlyPolicy |
Read-only permissions for MetaStudio. |
Internet of Things
|
Service |
Identity Policy |
Description |
|---|---|---|
|
IoT Device Access (IoTDA) |
IoTDAFullAccessPolicy |
Full permissions for IoTDA. |
|
IoTDAReadOnlyPolicy |
Read-only permissions for IoTDA. |
Developer Services
|
Service |
Identity Policy |
Description |
|---|---|---|
|
CodeArts |
CODEARTSFullAccessPolicy |
Full permissions for the CodeArts console. |
|
CODEARTSReadOnlyPolicy |
Read-only permissions for the CodeArts console. |
|
|
CodeArts Pipeline |
CODEARTSPIPELINEFullAccessPolicy |
Full permissions for CodeArts Pipeline. |
|
CODEARTSPIPELINEReadOnlyPolicy |
Read-only permissions for CodeArts Pipeline. |
|
|
CODEARTSPIPELINETemplateFullAccessPolicy |
Full permissions for pipeline templates. |
|
|
CODEARTSPIPELINERuleFullAccessPolicy |
Full permissions for pipeline rules. |
|
|
CODEARTSPIPELINEStrategyFullAccessPolicy |
Full permissions for pipeline policies. |
|
|
CODEARTSPIPELINEExtensionFullAccessPolicy |
Full permissions for pipeline extension plug-ins. |
Customer Services
|
Service |
Identity Policy |
Description |
|---|---|---|
|
Business Support System (BSS) |
BILLINGFullAccessPolicy |
Full permissions for Billing Center, Account Center, Cost Center, Enterprise Center, and Message Center. It is generally granted to administrators. |
|
BILLINGOperatorPolicy |
Permissions for viewing information in Billing Center, Account Center, Cost Center, Enterprise Center, and Message Center, for example, viewing the change, management, and use of cloud services. This policy does not have financial permissions. It is generally granted to the technical personnel, such as R&D and O&M personnel. |
|
|
BILLINGFinancePolicy |
Permissions for financial operations, including payment, consumption, invoicing, and cost. This policy does not have permission for modifying cloud services. It is generally granted to financial personnel. |
|
|
Enterprise Center |
BusinessUnitCenterFullAccessPolicy |
Full permissions for Enterprise Center. It is generally granted to the management personnel of an organization. |
|
BusinessUnitCenterReadOnlyPolicy |
Permissions to view data in Enterprise Center. It is generally granted to the members in an enterprise organization. |
|
|
BusinessUnitCenterMemberFinanceReadPolicy |
Permissions for a master account to view the financial information of its member accounts. It is generally granted to the management personnel of an organization. |
|
|
Enterprise Project Management Service (EPS) |
EPSReadOnlyPolicy |
Read-only permissions for EPS. |
|
EPSFullAccessPolicy |
Full permissions for EPS. |
|
|
Cost Center |
CostCenterFullAccessPolicy |
Full permissions for Cost Center. Generally, this policy is granted to cost administrators and cost analysis personnel. |
|
CostCenterReadOnlyPolicy |
Permissions to view data in Cost Center. Generally, this policy is granted to those who want to view cost reports. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
