Agent Operator
|
-Identity and Access Management
+ | Identity and Access Management
|
Permissions for switching roles to access resources of delegating accounts.
|
-IAM ReadOnlyAccess
+ |
IAM ReadOnlyAccess
|
-Identity and Access Management
+ | Identity and Access Management
|
Read-only permissions for IAM.
|
-CBR Administrator
+ |
CBR FullAccess
|
-Cloud Backup and Recovery
+ | Cloud Backup and Recovery
|
-Administrator permissions for CBR. Users granted these permissions can operate and use all vaults, backups, and policies.
+ | Administrator permissions for CBR. Users granted these permissions can operate and use all vaults, backups, and policies.
|
-CBR User
+ |
CBR BackupsAndVaultsFullAccess
|
-Cloud Backup and Recovery
+ | Cloud Backup and Recovery
|
-Common user permissions for CBR. Users granted these permissions can create, view, and delete vaults and backups, but cannot create, update, or delete policies.
+ | Common user permissions for CBR. Users granted these permissions can create, view, and delete vaults and backups, but cannot create, update, or delete policies.
|
-CBR Viewer
+ |
CBR ReadOnlyAccess
|
-Cloud Backup and Recovery
+ | Cloud Backup and Recovery
|
-Read-only permissions for CBR. Users granted these permissions can only view CBR data.
+ | Read-only permissions for CBR. Users granted these permissions can only view CBR data.
|
-CCE Admin
+ |
CCE Admin
|
-Cloud Container Engine
+ | Cloud Container Engine
|
Read and write permissions for CCE clusters, including creating, deleting, and updating a cluster.
|
-CCE Administrator
+ |
CCE Administrator
|
-Cloud Container Engine
+ | Cloud Container Engine
|
All permissions related to CCE service resources. Users who use this permission must have Tenant Guest, Server Administrator, OBS Tenant Administrator, and ELB Administrator permissions.
|
-CCE Viewer
+ |
CCE Viewer
|
-Cloud Container Engine
+ | Cloud Container Engine
|
Read-only permissions for CCE clusters.
|
-CES Administrator
+ |
CES Administrator
|
-Cloud Eye
+ | Cloud Eye
|
Permissions to view monitoring metrics as well as add, modify, and delete alarm rules. Users granted permissions of this policy must also be granted permissions of the Tenant Guest policy.
|
-CSBS Administrator
+ |
CSBS Administrator
|
-Cloud Server Backup Service
+ | Cloud Server Backup Service
|
Permissions to create, restore, and delete backups of ECSs, and manage backup policies. The creation, restoration, and management permissions depend on the Server Administrator permission. If the Server Administrator permission is unavailable, ECS information cannot be obtained when users create and restore backups. If the Server Administrator permission is unavailable, ECS information cannot be obtained when users associate ECSs with backup policies..
|
-CSS Administrator
+ |
CSS Administrator
|
-Cloud Search Service
+ | Cloud Search Service
|
Management permissions on all CSS resources.The permissions depend on the Tenant Guest and Server Administrator permissions. CSS cannot run properly if either of the permissions is unavailable.
|
-CTS Administrator
+ |
CTS Administrator
|
-Cloud Trace Service
+ | Cloud Trace Service
|
Full permissions for CTS. This policy depends on the Tenant Guest policy in the same project and the Tenant Administrator policy in the OBS project.
|
-DCS Administrator
+ |
DCS Administrator
|
-Distributed Cache Service
+ | Distributed Cache Service
|
Permissions to: Create, start, stop, restart, and delete DCS instances. Change passwords of DCS instances. Configure DCS instance parameters.
|
-DDS Administrator
+ |
DDS Administrator
|
-Document Database Service
+ | Document Database Service
|
Users who have this right, plus Tenant Guest and Server Administrator rights, can perform any operations on DDS, including creating, deleting, rebooting, or scaling up DB instances, configuring database parameters, and restoring DB instances. Users who have this right but not the Tenant Guest or Server Administrator right cannot use DDS. Users who have the VPC Administrator right can create VPCs or subnets. Users who have the CES Administrator right can add or modify alarm rules for DB instances.
|
-DIS Administrator
+ |
DIS Administrator
|
-Data Ingestion Service
+ | Data Ingestion Service
|
Permissions to: Create, delete, query, and list DIS streams. Push data to DIS streams or pull data from them. Query stream monitoring metrics.
|
-DMS Administrator
+ |
DMS Administrator
|
-Distributed Message Service
+ | Distributed Message Service
|
Administrator permissions for DMS. Users granted these permissions can perform all operations on DMS queues.
|
-DNS Administrator
+ |
DNS Administrator
|
-Domain Name Service
+ | Domain Name Service
|
Permissions to create, query, and delete zones and record sets.
|
-DWS Administrator
+ |
DWS Administrator
|
-Data Warehouse Service
+ | Data Warehouse Service
|
Management permissions on all DWS resources. The permissions depend on the Tenant Guest and Server Administrator permissions. DWS cannot run properly if either of the permissions is unavailable. If DWS users are to create a VPC or a subnet, the VPC Administrator permission is required. If DWS users are to view monitoring metrics of data warehouse clusters, the CES Administrator permission is required.
|
-DWS Database Access
+ |
DWS Database Access
|
-Data Warehouse Service
+ | Data Warehouse Service
|
DWS Database Access permission. Users with this permission can generate temporary database user credentials based on IAM users to connect to the DWS cluster database.
|
-ECS Admin
+ |
ECS Admin
|
-Elastic Cloud Server
+ | Elastic Cloud Server
|
All ECS operation permissions, including creating, deleting, and viewing ECSs and modifying ECS specifications.
|
-ECS User
+ |
ECS User
|
-Elastic Cloud Server
+ | Elastic Cloud Server
|
General operation permissions on ECSs (such as viewing and restarting ECSs), but not advanced operation permissions (such as creating or deleting ECSs, or reinstalling/changing ECS OSs).
|
-ECS Viewer
+ |
ECS Viewer
|
-Elastic Cloud Server
+ | Elastic Cloud Server
|
ECS read-only permissions, such as viewing ECSs.
|
-ELB Administrator
+ |
ELB Administrator
|
-Elastic Load Balancing
+ | Elastic Load Balancing
|
Permissions on all ELB resources. This permission depends on the VPC Administrator, Server Administrator, CES Administrator, and OBS Administrator permissions. Users who use the ELB Administrator permission cannot use some functions provided by the ELB service if they do not have the preceding permissions. If users who use this permission do not have the VPC Administrator and Server Administrator permissions, they cannot create or delete load balancers and backend servers. If users who use this permission do not have the CES Administrator permission, monitoring data cannot be reported to Cloud Eye. If users who use this permission do not have the OBS Administrator permission, data backups cannot be stored in OBS buckets.
|
-EVS Admin
+ |
EVS Admin
|
-Elastic Volume Service
+ | Elastic Volume Service
|
All EVS operation permissions, including creating, deleting, and viewing EVS disks and modifying EVS disk specifications.
|
-EVS Viewer
+ |
EVS Viewer
|
-Elastic Volume Service
+ | Elastic Volume Service
|
EVS read-only permission, such as viewing EVS disks and EVS disk details.
|
-GaussDB FullAccess
+ |
GaussDB FullAccess
|
-GaussDB(for MySQL)
+ | GaussDB(for MySQL)
|
Full permissions for GaussDB
|
-GaussDB ReadOnlyAccess
+ |
GaussDB ReadOnlyAccess
|
-GaussDB(for MySQL)
+ | GaussDB(for MySQL)
|
Read-only permissions for GaussDB
|
-IAM ReadOnlyAccess
+ |
IAM ReadOnlyAccess
|
-Identity and Access Management
+ | Identity and Access Management
|
Read-only permissions for IAM.
|
-IMS Administrator
+ |
IMS Administrator
|
-Image Management Service
+ | Image Management Service
|
Permissions to create, modify, delete, and share images. The permissions depend on the Server Administrator and OBS Tenant Administrator permissions. To create an image using an ECS, users need to configure this permission as well as the Server Administrator permission. To create an image using an image file, users need to configure this permission as well as the OBS Tenant Guest permission. To export an image, users need to configure this permission as well as the OBS Tenant Administrator permission. To query predefined tags when adding a tag to an image or searching for an image by tag, users need to configure this permission as well as the TMS Administrator permission.
|
-KMS Administrator
+ |
KMS Administrator
|
-Key Management Service
+ | Key Management Service
|
Permissions to: Create, enable, disable, schedule the deletion of, and cancel the scheduled deletion of CMKs. Query the list of CMKs and information about CMKs. Create random numbers. Create DEKs. Create DEKs without plaintext. Encrypt and decrypt DEKs. Change the aliases and description of CMKs. Create, revoke, and query grants on CMKs. Import, delete CMK material. Add, delete, and query CMK tags.
|
-LTS Administrator
+ |
LTS Administrator
|
-Log Tank Service
+ | Log Tank Service
|
Permissions to create log groups, query log groups, delete log groups, create log topics, query log topics, and delete log topics.
|
-ModelArts CommonOperations
+ |
ModelArts CommonOperations
|
-ModelArts
+ | ModelArts
|
Common user permissions for ModelArts. Users granted these permissions can operate and use ModelArts, but cannot manage dedicated resource pools.
|
-ModelArts FullAccess
+ |
ModelArts FullAccess
|
-ModelArts
+ | ModelArts
|
Administrator permissions for ModelArts. Users granted these permissions can operate and use ModelArts.
|
-MRS Administrator
+ |
MRS Administrator
|
-MapReduce Service
+ | MapReduce Service
|
Permissions to view MRS overview information, operation logs, cluster information, job information, HDFS file operation information, alarm list, and MRS Manager portal.
|
-NAT Gateway Administrator
+ |
NAT Gateway Administrator
|
-NAT Gateway
+ | NAT Gateway
|
Permissions to create, delete, modify, and query all resources of the NAT Gateway service. The permissions depend on the Tenant Guest permission. If a NAT user needs resources, including VPCs, subnets, and EIPs, to create NAT gateways, the VPC Administrator and Server Administrator permissions are required.
|
-OBS Buckets Viewer
+ |
OBS Buckets Viewer
|
-Object Storage Service
+ | Object Storage Service
|
Operation permissions: listing buckets, obtaining basic bucket information, obtaining bucket metadata, and listing objects.
|
-RDS Administrator
+ |
RDS Administrator
|
-Relational Database Service
+ | Relational Database Service
|
Users who have this right, plus Tenant Guest and Server Administrator rights, can perform any operations on RDS and DDS, including creating, deleting, rebooting, or scaling up DB instances, configuring database parameters, and restoring DB instances. Users who have this right but not the Tenant Guest or Server Administrator right cannot use RDS and DDS. NOTE Users who have the VPC Administrator right can create VPCs or subnets. Users who have the CES Administrator right can add or modify alarm rules for DB instances.
|
-RTS Administrator
+ |
RTS Administrator
|
-Resource Template Service
+ | Resource Template Service
|
Operation permissions: All operations on RTS. To orchestrate a resource, users with this permission must also have the Administrator permission. For example: Users with this permission and the Server Administrator permission can create stacks for ECS, VPC, EVS, and IMS resources. Users with this permission and the ELB Administrator permission can create an ELB resource stack.
|
-SDRS Administrator
+ |
SDRS Administrator
|
-Storage Disaster Recovery Service
+ | Storage Disaster Recovery Service
|
Users with this permission can create, modify, delete, and query SDRS resources.
|
-Security Administrator
+ |
Security Administrator
|
-Base
+ | Base
|
Full permissions for IAM.
|
-Server Administrator
+ |
Server Administrator
|
-Base
+ | Base
|
For the EVS service, users with this permission can create, modify, and delete EVS disks. For the ECS service, users with this permission can create, modify, and delete ECSs.This role must be used together with the Tenant Guest role in the same project. For the VPC service, users with this permission and the Tenant Guest permission can perform all operations on security groups, security group rules, ports, firewalls, elastic IP addresses (EIPs), and bandwidth. For the IMS service, users with this permission can create, delete, query, and modify images.This role must be used together with the IMS Administrator role in the same project.
|
-SFS Administrator
+ |
SFS Administrator
|
-Scalable File Service
+ | Scalable File Service
|
Users with both this permission and the Tenant Guest permission can create, delete, query, expand, and downsize the file system.
|
-SFS Turbo Administrator
+ |
SFS Turbo Administrator
|
-Scalable File Service
+ | Scalable File Service
|
Users with both this permission and the Tenant Guest permission can create, delete, query, and expand the SFS Turbo file system.
|
-SFS Turbo Viewer
+ |
SFS Turbo Viewer
|
-Scalable File Service
+ | Scalable File Service
|
Read-only permissions. Users granted these permissions can only view file system data.
|
-SMN Administrator
+ |
SMN Administrator
|
-Simple Message Notification
+ | Simple Message Notification
|
Permissions to: Create, modify, delete, and view topics. Create, delete, and view subscriptions. Create, modify, delete, and view message templates.
|
-SWR Administrator
+ |
SWR Administrator
|
-Software Repository for Container
+ | Software Repository for Container
|
All SWR operation permissions, including pushing and pulling images, and granting permissions.
|
-Tenant Administrator
+ |
Tenant Administrator
|
-Base
+ | Base
|
Administrator permissions for all services except IAM.
|
-Tenant Guest
+ |
Tenant Guest
|
-Base
+ | Base
|
Read-only permissions for all services except IAM.
|
-TMS Administrator
+ |
TMS Administrator
|
-Tag Management Service
+ | Tag Management Service
|
Users with this permission can create, modify, and delete predefined tags.
|
-VBS Administrator
+ |
VBS Administrator
|
-Volume Backup Service
+ | Volume Backup Service
|
Permissions to create backups, delete backups, and restore data using backups. This permission depends on the ServerAdministrator and Tenant Guest permissions. The VBS administrator must have permissions to manage EVS disks and read images.
|
-VPC Admin
+ |
VPC Admin
|
-Virtual Private Cloud
+ | Virtual Private Cloud
|
All VPC operation permissions, including creating, querying, modifying, and deleting VPCs, subnets, and security groups.
|
-VPC Administrator
+ |
VPC Administrator
|
-Virtual Private Cloud
+ | Virtual Private Cloud
|
All operation permissions on VPCs, subnets, ports, VPNs, and Direct Connect resources. A user with the VPC Administrator permission must have the Tenant Guest permission.
|
-VPC Viewer
+ |
VPC Viewer
|
-Virtual Private Cloud
+ | Virtual Private Cloud
|
VPC real-only permission, such as querying VPCs.
|
-VPCEndpoint Administrator
+ |
VPCEndpoint Administrator
|
-VPC Endpoint
+ | VPC Endpoint
|
Full permissions for VPCEP. This role must be used together with the Server Administrator, VPC Administrator, and DNS Administrator roles in the same project.
|
-WAF Administrator
+ |
WAF Administrator
|
-Web Application Firewall
+ | Web Application Firewall
|
Permissions to: Create and delete WAF instances. Configure, enable, disable WAF instances. Modify the protection policies of WAF instances. Configure alarm notification for WAF instances. Query the WAF instance list and details. Authenticate the domain name of a WAF instance.
|
-Anti-DDoS Administrator
+ |
Anti-DDoS Administrator
|
-Anti-DDoS
+ | Anti-DDoS
|
Permissions to enable, disable, and modify configurations. This permission depends on the Tenant Guest permission and must have permission to query EIPs in VPCs.
|
-DRS Administrator
+ |
DRS Administrator
|
-Data Replication Service
+ | Data Replication Service
|
Basic permission, which must be added when DRS is used.Dependent on the Tenant Guest, Server Administrator, and RDS Administrator policies.
|