RAM Role No Product Admin Access

ID: rule:aliyun:ram-role-no-product-admin-access
Severity: medium

Description

Ensures RAM roles do not have full administrative access or product administrator permissions.

Reason for Violation

Granting administrative access increases the risk of accidental or malicious configuration changes.

Recommendation

Follow the principle of least privilege. Use product-specific read-only permissions where possible.

Resource Types

• ALIYUN::RAM::Role