Multi-Cloud Management Permission Table
Permission requirements for various functions of the cloud platform.
tip
If using precise permissions, please ensure object storage permissions are added, This table will be continuously updated according to cloud platform management functions.
- AWS
- Azure
- Alibaba Cloud
- Tencent Cloud
- Huawei Cloud
- Google GCP
| Function | Read-Only Permission | Read-Write Permission |
|---|---|---|
| All Functions | ReadOnlyAccess | AdministratorAccess |
| Virtual Machine, Disk, Security Group, Image, Snapshot, Disk, Image | AmazonEC2ReadOnlyAccess | AmazonEC2FullAccess |
| Project | - | - |
| Vpc, Vpc Peering Connection, Route Table, NAT, Elastic NIC, EIP, NAT | AmazonVPCReadOnlyAccess | AmazonVPCFullAccess |
| Object Storage | AmazonS3ReadOnlyAccess | AmazonS3FullAccess |
| Load Balancer | ElasticLoadBalancingReadOnly | ElasticLoadBalancingFullAccess |
| RDS | AmazonRDSReadOnlyAccess | AmazonRDSFullAccess |
| Elastic Cache | AmazonElastiCacheReadOnlyAccess | AmazonElastiCacheFullAccess |
| Operation Logs | AWSCloudTrailReadOnlyAccess | AWSCloudTrail_FullAccess |
| NAS | AmazonElasticFileSystemReadOnlyAccess | AmazonElasticFileSystemFullAccess |
| WAF | AWSWAFReadOnlyAccess | AWSWAFFullAccess |
| IAM | IAMReadOnlyAccess | IAMFullAccess |
| DNS | AmazonRoute53DomainsReadOnlyAccess | AmazonRoute53DomainsFullAccess |
| Billing, Costs | AWSBillingReadOnlyAccess | Billing |
| Monitoring | CloudWatchReadOnlyAccess | CloudWatchFullAccess |
| Function | Read-Only Permission | Read-Write Permission |
|---|---|---|
| All Functions | Reader | Owner |
| Virtual Machine, Disk, Security Group, Image, Snapshot, Disk, Image, Load Balancer | - | Virtual Machine Contributor Classic Virtual Machine Contributor |
| Project | - | - |
| Vpc, Vpc Peering Connection, Route Table, NAT, Elastic NIC, EIP, NAT, WAF | - | Network Contributor, Classic Network Contributor |
| Object Storage | Storage Blob Data Reader | Storage Blob Data Owner |
| RDS | Cloud SQL Viewer | Cloud SQL Admin |
| Elastic Cache | Redis Enterprise Cloud Viewer | Redis Enterprise Cloud Admin |
| NAS | Storage File Data SMB Share Reader | Storage File Data SMB Share Contributor |
| WAF | - | - |
| IAM | - | Graph Owner Resource Policy Contributor |
| DNS | - | DNS Zone Contributor Private DNS Zone Contributor |
| Billing, Costs | Billing Reader Cost Management Reader | Cost Management Contributor |
| Monitoring, Operation Logs | Monitoring Reader | Monitoring Contributor |
| Function | Read-Only Permission | Read-Write Permission |
|---|---|---|
| All Functions | ReadOnlyAccess | AdministratorAccess |
| Virtual Machine, Security Group, Image, Disk, Snapshot | AliyunECSReadOnlyAccess | AliyunECSFullAccess |
| Vpc, Vpc Peering Connection, Route Table | AliyunVPCReadOnlyAccess | AliyunVPCFullAccess |
| Eip | AliyunEIPReadOnlyAccess | AliyunEIPFullAccess |
| Elastic NIC | AliyunVPCNetworkIntelligenceReadOnlyAccess | AliyunECSNetworkInterfaceManagementAccess |
| Object Storage | AliyunOSSReadOnlyAccess | AliyunOSSFullAccess |
| NAT | AliyunNATGatewayReadOnlyAccess | AliyunNATGatewayFullAccess |
| Load Balancer | AliyunSLBReadOnlyAccess AliyunALBFullAccess | AliyunSLBFullAccess AliyunALBFullAccess |
| RDS | AliyunRDSReadOnlyAccess | AliyunRDSFullAccess |
| Elastic Cache | AliyunKvstoreReadOnlyAccess | AliyunKvstoreFullAccess |
| Operation Logs | AliyunActionTrailFullAccess | AliyunActionTrailFullAccess |
| NAS | AliyunNASReadOnlyAccess | AliyunNASFullAccess |
| WAF | AliyunYundunWAFReadOnlyAccess | AliyunYundunWAFFullAccess |
| IAM | AliyunRAMReadOnlyAccess | AliyunRAMFullAccess |
| DNS | AliyunDNSReadOnlyAccess AliyunPubDNSFullAccess | AliyunDNSFullAccess AliyunPubDNSFullAccess |
| Billing, Balance, Costs | AliyunFinanceConsoleReadOnlyAccess | AliyunFinanceConsoleFullAccess |
| Monitoring | AliyunCloudMonitorReadOnlyAccess | AliyunCloudMonitorFullAccess |
| Function | Read-Only Permission | Read-Write Permission |
|---|---|---|
| All Functions | ReadOnlyAccess | AdministratorAccess |
| Virtual Machine, Security Group, Image, Disk, Snapshot | QcloudCVMReadOnlyAccess | QcloudCVMFullAccess |
| Vpc, Vpc Peering Connection, Route Table, NAT, Elastic NIC | QcloudVPCReadOnlyAccess | QcloudVPCFullAccess |
| Eip | - | QcloudEIPFullAccess |
| Object Storage | QcloudCOSReadOnlyAccess | QcloudCOSFullAccess |
| Load Balancer | QcloudCLBReadOnlyAccess | QcloudCLBFullAccess |
| RDS | QcloudMariaDBReadOnlyAccess QcloudCDBReadOnlyAccess QcloudSQLServerReadOnlyAccess QcloudPostgreSQLReadOnlyAccess | QcloudMariaDBFullAccess QcloudCDBFullAccess QcloudSQLServerFullAccess QcloudPostgreSQLFullAccess |
| Elastic Cache | QcloudRedisReadOnlyAccess | QcloudRedisFullAccess |
| Operation Logs | QcloudAuditReadOnlyAccess | QcloudAuditFullAccess |
| NAS | - | - |
| WAF | - | - |
| IAM | QcloudCamReadOnlyAccess | QcloudCamFullAccess |
| DNS | QcloudDNSPodReadOnlyAccess QcloudPrivateDNSReadOnlyAccess | QcloudPrivateDNSFullAccess QcloudDNSPodFullAccess |
| Billing, Balance, Costs | - | QCloudFinanceFullAccess |
| Monitoring | QcloudMonitorReadOnlyAccess | QcloudMonitorFullAccess |
| Kafka | QcloudCkafkaReadOnlyAccess | QcloudCKafkaFullAccess |
| MongoDB | QcloudMongoDBReadOnlyAccess | QcloudMongoDBFullAccess |
| CDN | QcloudCDNReadOnlyAccess | QcloudCDNFullAccess |
| Container | QcloudTKEReadOnlyAccess | QcloudTKEFullAccess |
| Function | Read-Only Permission | Read-Write Permission |
|---|---|---|
| All Functions | Tenant Guest IAM ReadOnlyAccess | Tenant Administrator Security Administrator |
| Virtual Machine | ECS ReadOnlyAccess | ECS FullAccess |
| Disk, Snapshot | EVS ReadOnlyAccess | EVS FullAccess |
| Project | EPS ReadOnlyAccess | EPS FullAccess |
| Image | IMS ReadOnlyAccess | IMS FullAccess |
| Vpc, Vpc Peering Connection, Route Table, Elastic NIC, EIP, Security Group | VPC ReadOnlyAccess | VPC FullAccess |
| NAT | NAT ReadOnlyAccess | NAT FullAccess |
| Object Storage | OBS ReadOnlyAccess | OBS Administrator |
| Load Balancer | ELB ReadOnlyAccess | ELB FullAccess |
| RDS | RDS ReadOnlyAccess | RDS FullAccess |
| Elastic Cache | DCS ReadOnlyAccess | DCS FullAccess |
| Operation Logs | CTS ReadOnlyAccess | CTS FullAccess |
| NAS | SFS ReadOnlyAccess SFS Turbo ReadOnlyAccess | SFS FullAccess SFS Turbo FullAccess |
| WAF | WAF ReadOnlyAccess | WAF FullAccess |
| IAM | IAM ReadOnlyAccess | Security Administrator |
| DNS | DNS ReadOnlyAccess | DNS FullAccess |
| Billing, Balance, Costs | BSS Operator | BSS Administrator |
| Monitoring | CES ReadOnlyAccess | CES FullAccess |
| Function | Read-Only Permission | Read-Write Permission |
|---|---|---|
| All Functions | Viewer | Editor |
| Virtual Machine, Disk, Security Group, Image, Snapshot, Disk, Image, Load Balancer | Compute Viewer | Compute Editor |
| Project | - | - |
| Vpc, Vpc Peering Connection, Route Table, NAT, Elastic NIC, EIP, NAT | Compute Network Viewer | Compute Network Admin |
| Object Storage | Storage Legacy Bucket Reader Storage Object Viewer | Storage Admin |
| RDS | Cloud SQL Viewer | Cloud SQL Admin |
| Elastic Cache | Redis Enterprise Cloud Viewer | Redis Enterprise Cloud Admin |
| Operation Logs | Logs Viewer | Logging Admin |
| NAS | Cloud Filestore Viewer | Cloud Filestore Editor |
| WAF | - | - |
| IAM | Role Viewer | Role Administrator |
| DNS | DNS Reader | DNS Administrator |
| Billing, Costs | Billing Account Viewer | Billing Account Administrator |
| Monitoring | Monitoring Viewer | Monitoring Admin |