Список стандартных ролей и политик
Policy/Role Name |
Type |
Description |
|---|---|---|
AOM Admin
|
System-defined policy |
All permissions of Application Operations Monitor service |
AOM Viewer
|
System-defined policy |
The read-only permissions to Application Operations Monitor service |
APIG Administrator
|
System-defined policy |
APIG Administrator |
APIG FullAccess
|
System-defined policy |
All permissions for API Gateway |
APIG ReadOnlyAccess
|
System-defined policy |
Read-only permissions for viewing API Gateway |
APM Admin
|
System-defined policy |
All permissions of Application Performance Monitor service. |
APM Administrator
|
System-defined role |
Application Performance Monitor Administrator |
APM Viewer
|
System-defined policy |
The read-only permissions to Application Performance Monitor service |
Agent Operator
|
System-defined role |
Permissions for switching roles to access services of a delegating account |
AutoScaling Admin
|
System-defined policy |
All permissions template of AutoScaling Service |
AutoScaling Administrator
|
System-defined role |
AutoScaling Administrator |
AutoScaling FullAccess
|
System-defined policy |
Full permissions for Auto Scaling |
AutoScaling Viewer
|
System-defined policy |
The read-only permissions to all AutoScaling resources, which can be used for statistics and survey |
BMS Admin
|
System-defined policy |
All permissions of BMS service |
BMS CommonOperations
|
System-defined policy |
Permissions for basic BMS operations, such as starting, stopping, restarting a BMS, querying BMS details, and attaching data disks to or detaching data disks from a BMS |
BMS FullAccess
|
System-defined policy |
All permissions of BMS service |
BMS ReadOnlyAccess
|
System-defined policy |
The read-only permissions to all BMS resources, which can be used for statistics and survey. |
BMS User
|
System-defined policy |
Common permissions of BMS service, except installation, delete, reinstallation and so on. |
BMS Viewer
|
System-defined policy |
The read-only permissions to all BMS resources, which can be used for statistics and survey |
CBH FullAccess
|
System-defined policy |
All permissions for all CBH instances |
CBH ReadOnlyAccess
|
System-defined policy |
Read-only permissions for CBH instances. Users granted with read-only permissions can only view but not configure the CBH service |
CBR Admin
|
System-defined policy |
All permissions of Cloud Backup and Recovery service |
CBR User
|
System-defined policy |
General permissions of Cloud Backup and Recovery service (exclude policy create, update, and delete permission) |
CBR Viewer
|
System-defined policy |
The read-only permissions to all Cloud Backup and Recovery resources |
CCE Administrator
|
System-defined role |
CCE Administrator |
CCE FullAccess
|
System-defined policy |
Common operation permissions on CCE cluster resources, excluding the namespace-level permissions for the clusters (with Kubernetes RBAC enabled) and the privileged administrator operations, such as agency configuration and cluster certificate generation |
CCE ReadOnlyAccess
|
System-defined policy |
Permissions to view CCE cluster resources, excluding the namespace-level permissions of the clusters (with Kubernetes RBAC enabled) |
CDM CommonOperations
|
System-defined policy |
Operation permissions on Cloud Data Migration jobs and links |
CDM FullAccess
|
System-defined policy |
All permissions on Cloud Data Migration |
CDM FullAccessExceptEIPUpdating
|
System-defined policy |
All permissions on Cloud Data Migration except elastic IP address binding and unbinding |
CDM ReadOnlyAccess
|
System-defined policy |
Read-only permission on Cloud Data Migration |
CES Admin
|
System-defined policy |
All permissions of Cloud Eye service |
CES Administrator
|
System-defined role |
CloudEye Service Administrator |
CES Viewer
|
System-defined policy |
The read-only permissions to all Cloud Eye service |
CGS FullAccess
|
System-defined policy |
Full permissions of Container Guard Service |
CGS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Container Guard Service |
CSE Admin
|
System-defined policy |
All permissions of CSE service |
CSE Viewer
|
System-defined policy |
The read-only permissions to all CSE resources |
CSS Administrator
|
System-defined role |
Cloud Search Service Administrator |
CSS FullAccess
|
System-defined policy |
All permissions for Cloud Search Service |
CSS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for viewing Cloud Search Service |
CTS Administrator
|
System-defined role |
CloudTrace Service Administrator |
CTS FullAccess
|
System-defined policy |
Full permissions for Cloud Trace Service |
CTS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Cloud Trace Service |
DAS FullAccess
|
System-defined policy |
Full permissions for Data Admin Service |
DAYU Administrator
|
System-defined role |
DAYU Administrator |
DAYU User
|
System-defined role |
DAYU User |
DBSS FullAccess
|
System-defined policy |
Full permissions for Database Security Service |
DBSS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Database Security Service |
DCS Admin
|
System-defined policy |
All permissions of DCS service |
DCS Administrator
|
System-defined role |
Distributed Cache Service Administrator |
DCS AgencyAccess
|
System-defined policy |
Permissions to assign to DCS agencies |
DCS FullAccess
|
System-defined policy |
All permissions for Distributed Cache Service |
DCS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Distributed Cache Service |
DCS User
|
System-defined policy |
Common permissions of DCS service, except create, modify, delete and scale-up |
DCS UserAccess
|
System-defined policy |
Common permissions of DCS service, except create, modify, delete and scale-up |
DCS Viewer
|
System-defined policy |
The read-only permissions to all DCS resources, which can be used for statistics and survey |
DDM CommonOperations
|
System-defined policy |
Common user permissions for DDM, except for permissions of creating, deleting, and scaling out DDM instances, scaling out schemas, rolling back schema scaling tasks, and changing instance class |
DDM FullAccess
|
System-defined policy |
Full permissions for Distributed Database Middleware |
DDM ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Distributed Database Middleware |
DDS Admin
|
System-defined policy |
Full permissions for Document Database Service |
DDS Admin
|
System-defined policy |
All permissions of DDS service |
DDS Administrator
|
System-defined role |
Document Database Service Administrator |
DDS DBA
|
System-defined policy |
DBA permissions of DDS service, except delete |
DDS FullAccess
|
System-defined policy |
Full permissions for Document Database Service |
DDS ManageAccess
|
System-defined policy |
Database administrator permissions for all operations except deleting DDS resources |
DDS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Document Database Service |
DDS Viewer
|
System-defined policy |
Read-only permissions for Document Database Service |
DIS Administrator
|
System-defined role |
Data Ingestion Service User |
DIS Operator
|
System-defined role |
Data Ingestion Service Operator |
DIS User
|
System-defined role |
Data Ingestion Service User |
DLI Service Administrator
|
System-defined role |
All permissions for Data Lake Insight |
DLI Service User
|
System-defined role |
Users who were granted this permission can view the queue list, table structure, and create packages and package groups |
DMS Admin
|
System-defined policy |
All permissions of Distributed Message Service |
DMS Administrator
|
System-defined role |
Administrator to control DMS API access |
DMS Administrator
|
System-defined role |
Administrator to control DMS API access |
DMS User
|
System-defined policy |
Common permissions of Distributed Message Service, except install, modify, delete and so on |
DMS Viewer
|
System-defined policy |
The read-only permissions to all Distributed Message Service resources |
DNS Admin
|
System-defined policy |
DNS administrator permissions, which allow users to perform all operations, including creating, deleting, querying, and modifying DNS resources |
DNS Administrator
|
System-defined role |
DNS Administrator |
DNS Viewer
|
System-defined policy |
Read-only permissions, which only allow users to query DNS resources |
DRS FullAccess
|
System-defined policy |
Full permissions for Data Replication Service |
DRS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Data Replication Service |
DWS FullAccess
|
System-defined policy |
All permissions of DWS service |
DWS ReadOnlyAccess
|
System-defined policy |
The read-only permissions to all DWS resources |
Direct Connect Administrator
|
System-defined role |
Direct Connect Administrator |
ECS Admin
|
System-defined policy |
All permissions of ECS service |
ECS User
|
System-defined policy |
Common permissions of ECS service, except installation, delete, reinstallation and so on |
ECS Viewer
|
System-defined policy |
The read-only permissions to all ECS resources, which can be used for statistics and survey |
ELB Admin
|
System-defined policy |
All permissions of ELB service |
ELB Service Administrator
|
System-defined role |
ELB Service Administrator |
ELB Viewer
|
System-defined policy |
The read-only permissions to all ELB resources, which can be used for statistics and survey |
EVS Admin
|
System-defined policy |
All permissions of EVS service |
EVS Viewer
|
System-defined policy |
The read-only permissions to all EVS resources, which can be used for statistics and survey |
Elasticsearch Administrator
|
System-defined role |
Elasticsearch Administrator |
Full Access
|
System-defined policy |
All permissions of all services |
FunctionGraph CommonOperations
|
System-defined policy |
Common operations for functiongraph service, include query and invoke function |
FunctionGraph FullAccess
|
System-defined policy |
All permissions of FunctionGraph service |
FunctionGraph ReadOnlyAccess
|
System-defined policy |
The read-only permissions to all functiongraph resources |
GES Development
|
System-defined policy |
Usage permissions for Graph Engine Service |
GES FullAccess
|
System-defined policy |
Full permissions for Graph Engine Service |
GES ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Graph Engine Service |
HSS Administrator
|
System-defined role |
Full permissions for Host Security Service |
HSS FullAccess
|
System-defined policy |
All permissions of Host Security Service |
HSS ReadOnlyAccess
|
System-defined policy |
Read-only permission for Host Security Service |
IAM ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Identity and Access Management |
IMS Admin
|
System-defined policy |
All permissions of Image Management Service |
IMS Administrator
|
System-defined role |
IMS Administrator |
IMS Viewer
|
System-defined policy |
The read-only permissions to all IMS resources, which can be used for statistics and survey |
KMS Administrator
|
System-defined role |
KMS Administrator |
KMS CMKFullAccess
|
System-defined policy |
All permissions for custom keys in Key Management Service |
LTS FullAccess
|
System-defined policy |
All permissions of Log Tank service |
LTS ReadOnlyAccess
|
System-defined policy |
The read-only permissions to all Log Tank service resources |
MRS Admin
|
System-defined policy |
MapReduce all permissions for the service |
MRS Administrator
|
System-defined role |
MRS Administrator |
MRS User
|
System-defined policy |
MapReduce Service Usage Permissions |
MRS Viewer
|
System-defined policy |
MapReduce Service read-only permissions |
ModelArts CommonOperations
|
System-defined policy |
Common permissions of ModelArts service,except create,update,delete pool |
ModelArts FullAccess
|
System-defined policy |
All permissions of ModelArts service |
NAT Admin
|
System-defined policy |
All permissions of NAT Gateway service |
NAT Gateway Administrator
|
System-defined role |
NAT Gateway Administrator |
NAT Viewer
|
System-defined policy |
The read-only permissions to all NAT Gateway resources |
OBS Administrator
|
System-defined policy |
Object Storage Service Administrator |
OBS Buckets Viewer
|
System-defined role |
Permissions to view the bucket list, obtain bucket metadata, and query bucket location |
OBS Operator
|
System-defined policy |
Basic operation permissions to view the bucket list, obtain bucket metadata, list objects in a bucket, query bucket location, upload objects, download objects, delete objects, and obtain object ACLs |
OBS Viewer
|
System-defined policy |
Permissions to view the bucket list, obtain bucket metadata, list objects in a bucket, and query bucket location |
RDS Admin
|
System-defined policy |
All permissions of RDS service |
RDS Administrator
|
System-defined role |
RDS Administrator |
RDS DBA
|
System-defined policy |
DBA permissions of RDS service, except delete |
RDS FullAccess
|
System-defined policy |
Full permissions for Relational Database Service |
RDS ManageAccess
|
System-defined policy |
Database administrator permissions for all operations except deleting RDS resources |
RDS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Relational Database Service |
RDS Viewer
|
System-defined policy |
The read-only permissions to all RDS resources, which can be used for statistics and survey |
RMS FullAccess
|
System-defined policy |
Full permissions for Resource Management Service |
RMS ReadOnlyAccess
|
System-defined policy |
Read-only permissions for Resource Management Service |
SFS Admin
|
System-defined policy |
All permissions of Scalable File Service |
SFS Administrator
|
System-defined role |
SFS Administrator |
SFS Turbo Admin
|
System-defined policy |
All permissions of Scalable File Service (SFS Turbo) |
SFS Turbo Viewer
|
System-defined policy |
The read-only permissions to all Scalable File Service (SFS Turbo) resources |
SFS Viewer
|
System-defined policy |
The read-only permissions to all Scalable File Service resources |
SMN Administrator
|
System-defined role |
SMN Administrator |
SMN FullAccess
|
System-defined policy |
Full permissions for the Simple Message Notification service |
SMN ReadOnlyAccess
|
System-defined policy |
Read-only access to the Simple Message Notification service |
SMS FullAccess
|
System-defined policy |
Full permissions for Server Migration Service |
SMS ReadOnlyAccess
|
System-defined policy |
Read-only permissions Server Migration Service |
SWR Administrator
|
System-defined role |
Software Repository Administrator |
Security Administrator
|
System-defined role |
Full permissions for Identity and Access Management. This role does not have permissions for switching roles |
Server Administrator
|
System-defined role |
Server Administrator |
ServiceStage Admin
|
System-defined policy |
All permissions of ServiceStage service |
ServiceStage Administrator
|
System-defined role |
ServiceStage administrator, who has full permissions for this service |
ServiceStage Developer
|
System-defined policy |
Developer permissions of ServiceStage service(exclude review and approve) |
ServiceStage Viewer
|
System-defined policy |
The read-only permissions to all ServiceStage resources |
TMS Administrator
|
System-defined role |
Tag Management Service Administrator |
Tenant Administrator
|
System-defined role |
Tenant Administrator (Exclude IAM) |
Tenant Guest
|
System-defined role |
Tenant Guest (Exclude IAM) |
VPC Admin
|
System-defined policy |
All permissions of VPC service |
VPC Administrator
|
System-defined role |
Project-level services |
VPC Viewer
|
System-defined policy |
The read-only permissions to all VPC resources, which can be used for statistics and survey |
VPCEndpoint Administrator
|
System-defined role |
VPCEndpoint service enables you to privately connect your VPC to supported services |
VPN Administrator
|
System-defined role |
Virtual Private Network Administrator |
WAF Administrator
|
System-defined role |
Web application firewall service administrator of instance and policy |
WAF FullAccess
|
System-defined policy |
All permissions of waf service |
WAF ReadOnlyAccess
|
System-defined policy |
The read-only permissions to all Web application firewall resources, which can be used for statistics and survey |
для Dev & Test