Ansichten:
Überprüfen Sie die Berechtigungen erforderlich, um Ressourcen bereitzustellen, und die Berechtigungen, die gewährt werden, wenn Alibaba Cloud-Konten mit Trend Vision One verbunden werden.

Erforderliche Berechtigungen für Alibaba Cloud

Funktion
Erforderliche Berechtigungen
Beschreibung
Kernfunktionen
  • actiontrail:DescribeTrails
  • adb:DescribeDBClusters
  • gpdb:DescribeDBInstances
  • apigateway:DescribeInstances
  • apigateway:DescribeApiGroups
  • apigateway:DescribeApis
  • cr:ListInstance
  • cr:ListInstanceEndpoint
  • cr:ListRepository cr:ListNamespace
  • cr:ListRepositoryTag ram:ListUsers
  • ram:DeleteOIDCProvider
  • ram:DeletePolicy
  • ram:DeletePolicyVersion
  • ram:DeleteRole
  • ram:DetachPolicyFromRole
  • ram:DetachPolicyFromUser
  • ram:ListEntitiesForPolicy
  • ram:ListPolicies
  • ram:ListRoles
  • ram:ListPoliciesForRole
  • ram:ListPolicyVersions
  • ram:ListTagResources
  • ram:GetOIDCProvider
  • ram:GetRole
  • ram:GetPolicy
  • ram:UpdateRole
  • ram:GetUserMFAInfo
  • ram:GetLoginProfile
  • ram:ListPoliciesForUser
  • ram:ListAccessKeys
  • ram:GetPolicy ram:ListPolicies
  • ram:GetPasswordPolicy
  • ram:ListVirtualMFADevices
  • ram:ListGroups ram:ListRoles
  • ram:GetRole oss:ListBuckets
  • oss:GetBucketInfo
  • oss:GetBucketPolicy
  • oss:GetBucketTagging
  • oss:GetBucketLogging
  • ots:ListInstance
  • ots:ListTable
  • ots:DescribeTable
  • rds:DescribeDBInstances
  • rds:DescribeSQLCollectorPolicy
  • rds:DescribeDBInstanceIPArrayList
  • rds:DescribeDBInstanceSSL
  • rds:DescribeDBInstanceTDE
  • rds:DescribeSQLCollectorRetention
  • rds:DescribeTags
  • cs:DescribeClusterNodePools
  • cs:ListClusterChecks
  • cs:GetClusters
  • cs:DescribeClusters
  • yundun-sas:ListUninstallAegisMachines
  • yundun-sas:DescribeVulConfig
  • yundun-sas:DescribeVersionConfig
  • yundun-sas:DescribeConcernNecessity
  • yundun-aegis:DescribeNoticeConfig
  • yundun-waf:DescribeInstance
  • ecs:DescribeInstances
  • ecs:DescribeDisks
  • ess:DescribeScalingGroups
  • vpc:DescribeVpcs
  • vpc:DescribeNatGateways
  • vpc:DescribeVpnGateways
  • vpc:DescribeEipAddresses
  • fc:ListFunctions fc:GetResourceTags
  • fc:ListLayers
  • fc:ListTagResources
  • ecs:DescribeDedicatedHosts
  • kms:ListKeys
  • kms:DescribeKey
  • kms:ListAliasesByKeyId
  • kms:ListResourceTags
  • kms:GetKeyPolicy
  • kvstore:DescribeInstances
  • alb:ListLoadBalancers
  • alb:ListLoadBalancers
  • nlb:ListLoadBalancers
  • nas:DescribeFileSystems
  • ehpc:ListClusters
  • ehpc:ListTagResources
  • slb:DescribeLoadBalancers
  • cen:DescribeCens
  • elasticsearch:ListInstance
  • dds:DescribeDBInstances
  • eci:BeschreibeContainergruppen
  • fnf:ListFlows eiam:ListInstances
  • eiam:GetInstance
  • privatelink:ListVpcEndpoints
Diese Berechtigungen sind erforderlich, um Alibaba Cloud-Konten mit Trend Vision One zu verbinden.
Server- und Workload Protection
  • ram:GetAccountAlias
    ecs:DescribeInstances
  • ecs:DescribeInstanceAttribute
  • ecs:DescribeInstanceStatus
  • ecs:DescribeInstancesFullStatus
  • ecs:DescribeSecurityGroupAttribute
  • ecs:DescribeSecurityGroups
  • ecs:DescribeManagedInstances
  • ecs:DescribeTags
  • vpc:DescribeVSwitches
  • vpc:DescribeVSwitchAttributes
  • vpc:DescribeVpcs
  • vpc:DescribeVpcAttribute
  
Cloud Security Posture
  • actiontrail:DescribeTrails
  • adb:DescribeDBClusters
  • gpdb:DescribeDBInstances
  • apigateway:DescribeInstances
  • apigateway:DescribeApiGroups
  • apigateway:DescribeApis
  • cr:ListInstance
  • cr:ListInstanceEndpoint
  • cr:ListRepository
  • cr:ListNamespace
  • cr:ListRepositoryTag
  • ram:ListUsers
  • ram:GetUserMFAInfo
  • ram:GetLoginProfile
  • ram:ListPoliciesForUser
  • ram:ListAccessKeys
  • ram:GetPolicy
  • ram:ListPolicies
  • ram:GetPasswordPolicy
  • ram:ListVirtualMFADevices
  • ram:ListGroups
  • ram:ListRoles
  • ram:GetRole
  • oss:ListBuckets
  • oss:GetBucketInfo
  • oss:GetBucketPolicy
  • oss:GetBucketTagging
  • oss:GetBucketLogging
  • ots:ListInstance
  • ots:ListTable
  • ots:DescribeTable
  • rds:DescribeDBInstances
  • rds:DescribeSQLCollectorPolicy
  • rds:DescribeDBInstanceIPArrayList
  • rds:DescribeDBInstanceSSL
  • rds:DescribeParameters
  • rds:DescribeDBInstanceTDE
  • rds:DescribeSQLCollectorRetention
  • rds:DescribeTags
  • cs:DescribeClusterNodePools
  • cs:ListClusterChecks
  • cs:GetClusters
  • cs:DescribeClusters
  • yundun-sas:ListUninstallAegisMachines
  • yundun-sas:DescribeVulConfig
  • yundun-sas:DescribeVersionConfig
  • yundun-sas:DescribeConcernNecessity
  • yundun-aegis:DescribeNoticeConfig
  • yundun-waf:DescribeInstance
  • ecs:DescribeInstances
  • ecs:DescribeDisks
  • ess:DescribeScalingGroups
  • vpc:DescribeVpcs
  • vpc:DescribeNatGateways
  • vpc:DescribeVpnGateways
  • vpc:DescribeEipAddresses
  • fc:ListFunctions
  • fc:GetResourceTags
  • fc:ListLayers
  • fc:ListTagResources
  • ecs:DescribeDedicatedHosts
  • kms:ListKeys
  • kms:DescribeKey
  • kms:ListAliasesByKeyId
  • kms:ListResourceTags
  • kms:GetKeyPolicy
  • kvstore:DescribeInstances
  • alb:ListLoadBalancers
  • nlb:ListLoadBalancers
  • nas:DescribeFileSystems
  • ehpc:ListClusters
  • ehpc:ListTagResources
  • slb:DescribeLoadBalancers
  • cen:DescribeCens
  • elasticsearch:ListInstance
  • dds:DescribeDBInstances
  • eci:DescribeContainerGroups
  • fnf:ListFlows
  • eiam:ListInstances
  • eiam:GetInstance
  • privatelink:ListVpcEndpoints
  
Agentenlose Sicherheitslücken- und Bedrohungserkennung
Event Bridge-Berechtigungen:
  • eventbridge:CheckServiceLinkedRoleForProduct
  • eventbridge:DisableRule
  • eventbridge:EnableRule
  • eventbridge:GetEventBridgeStatus
  • eventbridge:GetEventBus
  • eventbridge:GetEventSource
  • eventbridge:GetRule
  • eventbridge:ListEventBuses
  • eventbridge:ListEventSources
  • eventbridge:ListRules
  • eventbridge:ListTagResources
  • eventbridge:ListTargets
  • eventbridge:ListTargetsByRule
  • eventbridge:ListTargetTypes
  • eventbridge:ListUserDefinedEventSources
  • eventbridge:PutEventSource
  • eventbridge:PutRule
  • eventbridge:PutTargets
  • eventbridge:TagResources
  • eventbridge:UntagResources
  • eventbridge:UpdateEventBus
  • eventbridge:UpdateEventSource
  • Alibaba Cloud vordefinierte Richtlinien:
    • AliyunEventBridgeResourceCreatePolicy
    • AliyunEventBridgeResourceDeletePolicy
    • AliyunEventBridgeResourceUpdatePolicy
    • AliyunEventBridgePutEventsPolicy
ECS-Berechtigungen:
  • ecs:CreateSecurityGroup
  • ecs:DeleteInstance
  • ecs:DeleteInstances
  • ecs:DeleteKeyPairs
  • ecs:DeleteSecurityGroup
  • ecs:DeleteSnapshot
  • ecs:DeleteSnapshotGroup
  • ecs:DeleteVolume
  • ecs:DescribeDisks
  • ecs:DescribeImages
  • ecs:DescribeInstanceStatus
  • ecs:DescribeInstanceTypeResource
  • ecs:DescribeInstances
  • ecs:DescribeSecurityGroupAttribute
  • ecs:DescribeSecurityGroups
  • ecs:DescribeVolumes
  • ecs:DetachVolume
Funktion Compute-Berechtigungen:
  • fc:CreateFunction
  • fc:CreateService
  • fc:CreateTrigger
  • fc:DeleteConcurrencyConfig
  • fc:DeleteFunction
  • fc:DeleteFunctionAsyncInvokeConfig
  • fc:DeleteService
  • fc:DeleteTrigger
  • fc:DeleteTriggerWithEventSource
  • fc:GetConcurrencyConfig
  • fc:GetFunction
  • fc:GetFunctionAsyncInvokeConfig
  • fc:GetService
  • fc:GetTrigger
  • fc:InvokeFunction
  • fc:InvokeFunctionAsync
  • fc:ListFunctions
  • fc:ListServices
  • fc:ListServiceVersions
  • fc:ListTriggers
  • fc:ListTriggersWithEventSource
  • fc:PutConcurrencyConfig
  • fc:PutFunctionAsyncInvokeConfig
  • fc:TagResource
  • fc:TagResources
  • fc:UnTagResource
  • fc:UpdateFunction
  • fc:UpdateService
  • fc:UpdateTrigger
Berechtigungen des Key Management Service:
  • kms:CreateSecret
  • kms:DeleteSecret
  • kms:DescribeSecret
  • kms:GetSecretValue
  • kms:PutSecretValue
  • kms:UpdateSecret
Berechtigungen für den Simple Log Service:
  • log:CreateIndex
  • log:CreateLogging
  • log:CreateLogStore
  • log:CreateProject
  • log:DeleteIndex
  • log:DeleteLogStore
  • log:DeleteProject
  • log:ListProject
  • log:ListShards
  • log:ListTagResources
  • log:GetIndex
  • log:GetLogging
  • log:GetLogStore
  • log:GetLogStoreLogs
  • log:GetLogStoreMeteringMode
  • log:GetProject
  • log:GetProjectPolicy
  • log:GetProjectPolicy
  • log:TagResources
  • log:UpdateIndex
  • log:UpdateLogStore
  • log:UpdateProject
Berechtigungen für Simple Message Queue (früher MNS):
  • mns:CreateQueue
  • mns:DeleteQueue
  • mns:GetQueueAttributes
  • mns:ListQueue
  • mns:ListTagResources
CloudOps-Orchestrierungsdienst-Berechtigungen:
  • oos:CreateSecretParameter
  • oos:DeleteParameter
  • oos:DeleteSecretParameter
  • oos:GetSecretParameter
  • oos:ListParameters
  • oos:ListSecretParameters
  • oos:ListTagResources
  • oos:UpdateSecretParameter
Berechtigungen für Objektspeicherdienst:
  • oss:AppendObject
  • oss:CleanRestoredObject
  • oss:DeleteAccessPoint
  • oss:DeleteAccessPointForObjectProcess
  • oss:DeleteAccessPointPolicy
  • oss:DeleteAccessPointPolicyForObjectProcess
  • oss:DeleteAccessPointPublicAccessBlock
  • oss:DeleteBucket
  • oss:DeleteBucketCallbackPolicy
  • oss:DeleteBucketCommonHeader
  • oss:DeleteBucketCors
  • oss:DeleteBucketDataRedundancyTransition
  • oss:DeleteBucketEncryption
  • oss:DeleteBucketEventNotification
  • oss:DeleteBucketImage
  • oss:DeleteBucketInventory
  • oss:DeleteBucketLifecycle
  • oss:DeleteBucketLogging
  • oss:DeleteBucketNotification
  • oss:DeleteBucketPolicy
  • oss:DeleteBucketPublicAccessBlock
  • oss:DeleteBucketQoSInfo
  • oss:DeleteBucketReplication
  • oss:DeleteBucketRequesterQoSInfo
  • oss:DeleteBucketResponseHeader
  • oss:DeleteBucketTagging
  • oss:DeleteBucketWebsite
  • oss:DeleteCache
  • oss:DeleteObject
  • oss:DeleteObjectTagging
  • oss:DeleteObjectVersion
  • oss:DeletePublicAccessBlock
  • oss:DescribeRegions
  • oss:GetAccessPoint
  • oss:GetAccessPointConfigForObjectProcess
  • oss:GetAccessPointForObjectProcess
  • oss:GetAccessPointPolicy
  • oss:GetAccessPointPolicyForObjectProcess
  • oss:GetAccessPointPublicAccessBlock
  • oss:GetAsyncFetchTask
  • oss:GetBucketAccessMonitor
  • oss:GetBucketAcl
  • oss:GetBucketArchiveDirectRead
  • oss:GetBucketCallbackPolicy
  • oss:GetBucketCommonHeader
  • oss:GetBucketCors
  • oss:GetBucketEncryption
  • oss:GetBucketEventNotification
  • oss:GetBucketHash
  • oss:GetBucketHttpsConfig
  • oss:GetBucketImage
  • oss:GetBucketInfo
  • oss:GetBucketInventory
  • oss:GetBucketLifecycle
  • oss:GetBucketLocation
  • oss:GetBucketLogging
  • oss:GetBucketNotification
  • oss:GetBucketPolicy
  • oss:GetBucketPolicyStatus
  • oss:GetBucketPublicAccessBlock
  • oss:GetBucketQoSInfo
  • oss:GetBucketReferer
  • oss:GetBucketResourceGroup
  • oss:GetBucketResponseHeader
  • oss:GetBucketStat
  • oss:GetBucketTagging
  • oss:GetBucketTransferAcceleration
  • oss:GetBucketVersioning
  • oss:GetBucketWebsite
  • oss:GetCache
  • oss:GetObject
  • oss:GetObjectAcl
  • oss:GetObjectTagging
  • oss:GetPublicAccessBlock
  • oss:GetReservedCapacity
  • oss:GetStatusList
  • oss:ListBuckets
  • oss:ListObjectVersions
  • oss:ListObjects
  • oss:ListOssBucket
  • oss:PutBucket
  • oss:PutBucketAccessMonitor
  • oss:PutBucketAcl
  • oss:PutBucketEncryption
  • oss:PutBucketLifeCycle
  • oss:PutBucketLifecycle
  • oss:PutBucketLogging
  • oss:PutBucketPublicAccessBlock
  • oss:PutBucketTagging
  • oss:PutObject
  • oss:PutObjectAcl
  • oss:PutObjectTagging
  • oss:PutPublicAccessBlock
Tabellenspeicherberechtigungen:
  • ots:BatchGetRow
  • ots:BatchWriteRow
  • ots:DeleteRow
  • ots:DeleteTags
  • ots:DescribeInstance
  • ots:DescribeSearchIndex
  • ots:DescribeTable
  • ots:GetInstance
  • ots:GetOtsServiceStatus
  • ots:GetRow
  • ots:InsertInstance
  • ots:InsertTags
  • ots:ListInstance
  • ots:ListVpcInfoByInstance
  • ots:ListVpcInfoByVpc
  • ots:OpenOtsService
  • ots:PutRow
  • ots:UpdateRow
ONS-Nachrichtenwarteschlangenberechtigungen:
  • mq:CreateInstance
  • mq:DeleteInstance
  • mq:TagResources
  • mq:UpdateInstance
Berechtigungen für die Verwaltung des Ressourcen-Zugriffs:
  • ram:CreateOIDCProvider
  • ram:AttachPolicyToRole
  • ram:CreatePolicy
  • ram:CreatePolicyVersion
  • ram:CreateResourceGroup
  • ram:CreateRole
  • ram:CreateServiceLinkedRole
  • ram:DeleteOIDCProvider
  • ram:DeletePolicy
  • ram:DeletePolicyVersion
  • ram:DeleteResourceGroup
  • ram:DeleteRole
  • ram:DetachPolicyFromRole
  • ram:DetachPolicyFromUser
  • ram:ListEntitiesForPolicy
  • ram:ListPolicies
  • ram:ListRoles
  • ram:ListPoliciesForRole
  • ram:ListPolicyVersions
  • ram:ListTagResources
  • ram:GetOIDCProvider
  • ram:GetRole
  • ram:GetPolicy
  • ram:PassRole
  • ram:TagResources
  • ram:UntagResources
  • ram:UpdateResourceGroup
  • ram:UpdateRole
Ressourcen-Manager für Berechtigungen der Ressourcengruppe:
  • resourcemanager:CreateResourceAccount
  • resourcemanager:CreateResourceGroup
  • resourcemanager:GetAccount
  • resourcemanager:ListAccounts
  • resourcemanager:ListTagResources
  • resourcemanager:MoveResourceGroup
  • resourcemanager:TagResources
  • resourcemanager:UntagResources
Tag-Berechtigungen:
  • tag:CreatePolicy
  • tag:CreateTags
  • tag:DeletePolicy
  • tag:DeleteTag
  • tag:DetachPolicy
  • tag:ListTagValues
VPC-Berechtigungen:
  • vpc:CreateVpc
  • vpc:CreateVSwitch
  • vpc:DeleteVpc
  • vpc:DeleteVSwitch
  • vpc:DescribeRouteTableList
  • vpc:DescribeVpcAttribute
  • vpc:DescribeVpcs
  • vpc:DescribeVSwitchAttributes
  • vpc:DescribeVSwitches