本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 讓您的使用者可以存取空間
<a name="studio-updated-jl-admin-guide-permissions"></a>

若要讓使用者可以存取私有或共用空間，您必須將許可政策連接至其 IAM 角色。您也可以使用許可政策，將私有空間及其相關聯的應用程式限制為特定的使用者設定檔。

下列許可政策會授與私有和共用空間的存取權。這可讓使用者建立自己的空間，並列出其網域內的其他空間。具有此政策的使用者無法存取不同使用者的私有空間。如需 Studio 空間的相關資訊，請參閱 [Amazon SageMaker Studio 空間](studio-updated-spaces.md)。

政策提供使用者下列項目的許可。
+ 私有空間或共用空間。
+ 用於存取這些空間的使用者設定檔。

若要提供許可，您可以縮小以下政策的許可範圍，並將其新增至使用者的 IAM 角色。您也可以使用此政策，將空間及其相關聯的應用程式限制為特定使用者設定檔。

------
#### [ JSON ]

****  

```
{
  "Version":"2012-10-17",		 	 	 
  "Statement": [
    {

      "Effect": "Allow",
      "Action": [
        "sagemaker:CreateApp",
        "sagemaker:DeleteApp"
      ],
      "Resource": "arn:aws:sagemaker:{{us-east-2}}:{{111122223333}}:app/*",
      "Condition": {
        "Null": {
          "sagemaker:OwnerUserProfileArn": "true"
        }
      }
    },
    {
      "Sid": "SMStudioCreatePresignedDomainUrlForUserProfile",
      "Effect": "Allow",
      "Action": [
        "sagemaker:CreatePresignedDomainUrl"
      ],
      "Resource": "arn:aws:sagemaker:{{us-east-2}}:{{111122223333}}:user-profile/{{sagemaker:DomainId}}/{{sagemaker:UserProfileName}}"
    },
    {
      "Sid": "SMStudioAppPermissionsListAndDescribe",
      "Effect": "Allow",
      "Action": [
        "sagemaker:ListApps",
        "sagemaker:ListDomains",
        "sagemaker:ListUserProfiles",
        "sagemaker:ListSpaces",
        "sagemaker:DescribeApp",
        "sagemaker:DescribeDomain",
        "sagemaker:DescribeUserProfile",
        "sagemaker:DescribeSpace"
      ],
      "Resource": "*"
    },
    {
      "Sid": "SMStudioAppPermissionsTagOnCreate",
      "Effect": "Allow",
      "Action": [
        "sagemaker:AddTags"
      ],
      "Resource": "arn:aws:sagemaker:{{us-east-2}}:{{111122223333}}:*/*",
      "Condition": {
        "Null": {
          "sagemaker:TaggingAction": "false"
        }
      }
    },
    {
      "Sid": "SMStudioRestrictSharedSpacesWithoutOwners",
      "Effect": "Allow",
      "Action": [
        "sagemaker:CreateSpace",
        "sagemaker:UpdateSpace",
        "sagemaker:DeleteSpace"
      ],
      "Resource": "arn:aws:sagemaker:{{us-east-2}}:{{111122223333}}:space/{{sagemaker:DomainId}}/*",
      "Condition": {
        "Null": {
          "sagemaker:OwnerUserProfileArn": "true"
        }
      }
    },
    {
      "Sid": "SMStudioRestrictSpacesToOwnerUserProfile",
      "Effect": "Allow",
      "Action": [
        "sagemaker:CreateSpace",
        "sagemaker:UpdateSpace",
        "sagemaker:DeleteSpace"
      ],
      "Resource": "arn:aws:sagemaker:{{us-east-2}}:{{111122223333}}:space/{{sagemaker:DomainId}}/*",
      "Condition": {
        "ArnLike": {
        "sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:{{us-east-2}}:{{111122223333}}:user-profile/{{sagemaker:DomainId}}/{{sagemaker:UserProfileName}}"
        },
        "StringEquals": {
          "sagemaker:SpaceSharingType": [
            "Private",
            "Shared"
          ]
        }
      }
    },
    {
      "Sid": "SMStudioRestrictCreatePrivateSpaceAppsToOwnerUserProfile",
      "Effect": "Allow",
      "Action": [
        "sagemaker:CreateApp",
        "sagemaker:DeleteApp"
      ],
      "Resource": "arn:aws:sagemaker:{{us-east-2}}:{{111122223333}}:app/{{sagemaker:DomainId}}/*",
      "Condition": {
        "ArnLike": {
          "sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:us-east-2:111122223333:user-profile/{{sagemaker:DomainId}}/{{sagemaker:UserProfileName}}"
        },
        "StringEquals": {
          "sagemaker:SpaceSharingType": [
            "Private"
          ]
        }
      }
    }
  ]
}
```

------