Skip to main content

RAM User Role No Product Admin Access

ID: rule:aliyun:ram-user-role-no-product-admin-access
Severity: medium
IaC Types: ROS, Terraform

Description

Ensures RAM user-defined roles do not have product administrative permissions.

Reason for Violation

Custom roles with admin permissions increase security risks.

Recommendation

Review role permissions and remove excessive privileges.

Resource Types

  • ROS: ALIYUN::RAM::Role
  • Terraform: alicloud_ram_role_policy_attachment