新旧版本控制台切换时所需的权限策略说明

如果您是RAM用户，并且计划从长期使用的SAE旧版控制台迁移至新版控制台，由于新版控制台新增功能的缘故，新旧版本所需的最低权限有所不同，如果您未及时更新权限策略，切换时会产生权限不足的报错。本文主要介绍新旧版控制台的权限差异和解决方法。

新旧版控制台权限助手生成的权限策略差异

本文以命名空间级别权限为例进行说明。

说明

您可以在权限助手页面生成所需的权限。具体操作，请参见SAE权限助手。

新版控制台权限助手生成的权限策略

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sae:ListJobs"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:job/******/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:ListApplications",
                "sae:ListWebApplicationsInner",
                "sae:ListWebApplications"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:application/******/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:DescribeConfigurationPrice",
                "sae:DescribeContainerRegistry*",
                "sae:ListTagResources",
                "sae:GetLastSecurityGroupId",
                "sae:SyncUserLoadBalancer",
                "sae:AssignUploadSignature",
                "sae:ListNamespacesV2",
                "sae:DescribeVSwitches",
                "sae:DescribeVpcs",
                "sae:DescribeNamespaceList",
                "sae:DescribeSlbQuota",
                "sae:DescribeNamespaces",
                "sae:DescribeInstanceSpecifications",
                "sae:DescribeTagKeys",
                "sae:CheckAppName",
                "sae:DescribeTag",
                "sae:GetArmsDashboardUrl"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:DescribeComponents",
                "sae:*Metric",
                "sae:GetCustomDomain",
                "sae:ListEventType",
                "sae:DescribeUserMeasureInfo",
                "sae:ListEventSubscribeRule",
                "sae:DescribeEdasContainers",
                "sae:ListWebApplicationsWithStatus",
                "sae:DescribeUserAppsInfo",
                "sae:ListLogtails",
                "sae:ListUserMeasure",
                "sae:DescribeResourceQuota",
                "sae:ListCustomDomains",
                "sae:ListEventRecord",
                "sae:CheckInDebt"
            ],
            "Resource": [
                "acs:sae:*:*:*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:DescribeNamespace*",
                "sae:ListNamespaceChangeOrders",
                "sae:ListWebCustomDomains",
                "sae:ListAppEvents",
                "sae:CheckIngressConfigWarn",
                "sae:DescribeConfigMap",
                "sae:ListSecrets",
                "sae:ListNamespacedConfigMaps",
                "sae:ListTimerRules",
                "sae:DescribeWebCustomDomain",
                "sae:DescribeIngress",
                "sae:ListIngresses"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:namespace/******"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:QueryResourceStatics",
                "sae:DescribeJob",
                "sae:*Services",
                "sae:DescribeApp*",
                "sae:ListLogConfigs",
                "sae:ListAppEvents",
                "sae:DescribeStage",
                "sae:DescribeChangeOrder",
                "sae:DescribeAggregationStage",
                "sae:ListChangeOrders",
                "sae:DescribeChangeOrderErrorTask",
                "sae:DescribeTask",
                "sae:DescribeInstanceLog",
                "sae:GetWebshellToken",
                "sae:DescribeJobHistory",
                "sae:DescribeJobStatus",
                "sae:ListAppVersions",
                "sae:DescribePipeline",
                "sae:DescribeNestedStage"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:job/******/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:QueryResourceStatics",
                "sae:GetApplicationScaleConfig",
                "sae:ListApplicationInstances",
                "sae:DescribeDebugSlb",
                "sae:DescribeWebApplication",
                "sae:GetWebApplication",
                "sae:DescribeApp*",
                "sae:DescribeStage",
                "sae:DescribeChangeOrder",
                "sae:DescribeAggregationStage",
                "sae:DescribeWebApplicationScalingConfig",
                "sae:ListAppAvailableSlbs",
                "sae:GetApplicationTrafficConfig",
                "sae:DescribeBuildPipeline",
                "sae:DescribeTask",
                "sae:DescribeInstanceLog",
                "sae:GetSystemMonitor",
                "sae:ListApplicationMetrics",
                "sae:ListBuildPipelineRuns",
                "sae:QueryArmsEnable",
                "sae:CheckApplicationSlbConfigWarn",
                "sae:DescribeGreyTagRoute",
                "sae:GetWebApplicationInner",
                "sae:ListAppVersions",
                "sae:ListAppServicesPage",
                "sae:GetWebApplicationLogs",
                "sae:*Services",
                "sae:ListApplicationVersions",
                "sae:DescribeWebInstanceLogs",
                "sae:DescribeSystemMonitor",
                "sae:InstanceExec",
                "sae:ListLogConfigs",
                "sae:ListAppEvents",
                "sae:DescribeWebApplicationResourceStatics",
                "sae:ListChangeOrders",
                "sae:DescribeBuildPipelineRun",
                "sae:DescribeChangeOrderErrorTask",
                "sae:DescribeWebApplicationRevision",
                "sae:GetWebshellToken",
                "sae:ListGreyTagRoute",
                "sae:GetWebResourceStatics",
                "sae:InstanceExecAuthorization",
                "sae:ListWebApplicationRevisions",
                "sae:DescribePipeline",
                "sae:ListIngresses"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:application/******/*"
            ]
        }
    ]
}

旧版控制台权限助手生成的权限策略

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sae:ListJobs"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:job/******/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:ListApplications"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:application/******/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:DescribeConfigurationPrice",
                "sae:DescribeContainerRegistry*",
                "sae:ListTagResources",
                "sae:GetLastSecurityGroupId",
                "sae:SyncUserLoadBalancer",
                "sae:AssignUploadSignature",
                "sae:DescribeVSwitches",
                "sae:DescribeVpcs",
                "sae:DescribeNamespaceList",
                "sae:DescribeSlbQuota",
                "sae:DescribeNamespaces",
                "sae:DescribeInstanceSpecifications",
                "sae:DescribeTagKeys",
                "sae:CheckAppName",
                "sae:DescribeTag",
                "sae:GetArmsDashboardUrl"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:ListEventSubscribeRule",
                "sae:DescribeEdasContainers",
                "sae:DescribeUserAppsInfo",
                "sae:ListLogtails",
                "sae:DescribeComponents",
                "sae:*Metric",
                "sae:ListUserMeasure",
                "sae:DescribeResourceQuota",
                "sae:ListEventType",
                "sae:ListEventRecord",
                "sae:CheckInDebt"
            ],
            "Resource": [
                "acs:sae:*:*:*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:DescribeNamespace*",
                "sae:ListNamespaceChangeOrders",
                "sae:CheckIngressConfigWarn",
                "sae:DescribeConfigMap",
                "sae:ListSecrets",
                "sae:ListNamespacedConfigMaps",
                "sae:ListTimerRules",
                "sae:ListAppEvents",
                "sae:DescribeIngress",
                "sae:ListIngresses"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:namespace/******"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:QueryResourceStatics",
                "sae:DescribeJob",
                "sae:*Services",
                "sae:DescribeApp*",
                "sae:ListLogConfigs",
                "sae:ListAppEvents",
                "sae:DescribeStage",
                "sae:DescribeChangeOrder",
                "sae:DescribeAggregationStage",
                "sae:ListChangeOrders",
                "sae:DescribeChangeOrderErrorTask",
                "sae:DescribeTask",
                "sae:DescribeInstanceLog",
                "sae:GetWebshellToken",
                "sae:DescribeJobHistory",
                "sae:DescribeJobStatus",
                "sae:ListAppVersions",
                "sae:DescribePipeline",
                "sae:DescribeNestedStage"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:job/******/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sae:QueryResourceStatics",
                "sae:DescribeDebugSlb",
                "sae:DescribeApp*",
                "sae:DescribeStage",
                "sae:DescribeChangeOrder",
                "sae:DescribeAggregationStage",
                "sae:ListAppAvailableSlbs",
                "sae:DescribeTask",
                "sae:DescribeInstanceLog",
                "sae:GetSystemMonitor",
                "sae:QueryArmsEnable",
                "sae:CheckApplicationSlbConfigWarn",
                "sae:DescribeGreyTagRoute",
                "sae:ListAppVersions",
                "sae:ListAppServicesPage",
                "sae:*Services",
                "sae:DescribeSystemMonitor",
                "sae:InstanceExec",
                "sae:ListLogConfigs",
                "sae:ListAppEvents",
                "sae:ListChangeOrders",
                "sae:DescribeChangeOrderErrorTask",
                "sae:GetWebshellToken",
                "sae:ListGreyTagRoute",
                "sae:DescribePipeline",
                "sae:ListIngresses"
            ],
            "Resource": [
                "acs:sae:cn-shenzhen:*:application/******/*"
            ]
        }
    ]
}

新旧版控制台权限助手生成的权限策略存在的差异

权限级别	差异
AppUniverse	ListWebApplicationsInner ListWebApplications GetApplicationScaleConfig ListApplicationInstances DescribeWebApplication GetWebApplication DescribeWebApplicationScalingConfig GetApplicationTrafficConfig DescribeBuildPipeline ListApplicationMetrics ListBuildPipelineRuns GetWebApplicationInner GetWebApplicationLogs ListApplicationVersions DescribeWebInstanceLogs DescribeWebApplicationResourceStatics DescribeBuildPipelineRun DescribeWebApplicationRevision GetWebResourceStatics InstanceExecAuthorization ListWebApplicationRevisions
RegionUniverse	ListNamespacesV2
Universe	GetCustomDomain DescribeUserMeasureInfo ListWebApplicationsWithStatus ListCustomDomains
Namespace	ListWebCustomDomains DescribeWebCustomDomain

切换新版控制台时遇到报错的解决方法

当您从旧版控制台切换到新版控制台时，如果未授予新版控制台所需的API权限，则会遇到权限不足的错误提示。

联系阿里云主账号管理员，使用主账号在权限助手页面生成RAM用户（子账号）所需权限策略并进行复制。具体操作，请参见SAE权限助手。
在主账号上使用脚本编辑的方式创建权限策略。具体操作，请参见通过脚本编辑模式创建自定义权限策略。
使用主账号为RAM用户（子账号）授予创建的自定义权限。具体操作，请参见为RAM角色授权。

新旧版本控制台切换时所需的权限策略说明

新旧版控制台权限助手生成的权限策略差异

切换新版控制台时遇到报错的解决方法

新旧版本控制台切换时所需的权限策略说明 2025-04-17 10:58

Serverless 应用引擎系统权限策略参考 2025-04-17 10:58

Serverless应用引擎自定义权限策略参考 2025-04-17 10:58

目录