All Products
Search
Document Center

Simple Log Service:Resource list

最終更新日:Oct 26, 2023

You can use an Alibaba Cloud account to grant a RAM user the specific permissions to use Log Service resources. This topic describes the resources whose permissions you can grant to a RAM user.

The following table describes the resources.

Resource type Resource expressions in a permission policy
Project and Logstore acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName}
Project, Logstore, and LogShipper task acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName}/shipper/${shipperName}
acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/*
Project and Logtail configuration file acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/${logtailConfigName}
acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/*
Project and machine group acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName}
acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/*
Project and consumer group acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName}/consumergroup/${consumerGroupName}
acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName}/consumergroup/*
Project and saved search acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/savedsearch/${savedSearchName}
acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/savedsearch/*
Project and dashboard acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/dashboard/${dashboardName}
acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/dashboard/*
Project and alert acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/alert/${alarmName}
acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/alert/*
All types of resources acs:log:${regionName}:${projectOwnerAliUid}:*
acs:log:*:${projectOwnerAliUid}:*
Note The resources in Log Service are organized into a hierarchy. Projects are root resources. Logstores, Logtail configuration files, and machine groups are parallel sub-resources of projects. LogShipper tasks and consumer groups are sub-resources of Logstores.
The following table describes the parameters that are used in the policies.
Parameter Description
${regionName} The name of a region.
${projectOwnerAliUid} The ID of an Alibaba Cloud account.
${projectName} The name of a project.
${logstoreName} The name of a Logstore.
${logtailconfig} The name of a Logtail configuration file.
${machineGroupName} The name of a machine group.
${shipperName} The name of a LogShipper task.
${consumerGroupName} The name of a consumer group.
${savedSearchName} The name of a saved search.
${dashboardName} The name of a dashboard.
${alarmName} The name of an alert rule.