Access Control (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions.You can use RAM to prevent RAM users from sharing the AccessKey pairs of your Alibaba Cloud account. You can also use RAM to grant minimum permissions to RAM users. RAM used Permission Policy to describe the specific content for authorization.
This topic describes the elements, such as Action, Resource, and Condition, that are defined by EMR .You can use the elements to create policies in RAM. The code (RamCode) in RAM that is used to indicate EMR 's RAM code (RamCode) is emr. You can grant permissions on resource level。
Policies can be stored as JSON files. The following code provides an example on the general structure of a policy:View Details...
EMR resources that can be specified in the Resource policy element to grant the permissions to perform specific operations on this resource.
An Alibaba Cloud Resource Name (ARN) is the unique identifier of a resource on Alibaba Cloud. Description:
- {#} is a variable and must be replaced with the actual value. Example: {#ramcode} must be replaced with the actual RAM code of the cloud service.
- *) is used as a wildcard. Examples:
- {#resourceType}/*: indicates all resources.
- {#regionId} is set to *, all regions are specified.
- {#accountId} is set to *, all Alibaba Cloud accounts are specified.
EMR does not define service-specific condition keys. For more information about common condition keys that are defined by Alibaba Cloud, see Generic Condition Keyword。
You can create a custom policy and attach the policy to a RAM user, RAM user group, or RAM role. For more information, see the following topics: