本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 创建 Private Marketplace 管理员
<a name="it-administrator"></a>

您可以创建 IT 管理员组来管理公司的 [Private Marketplace](private-marketplace.md) 设置。为您的组织启用 Private Marketplace 后，Private Marketplace 管理员可以执行许多任务，包括：
+ 查看和创建体验及受众。
+ 将产品添加到 Private Marketplace 体验中。
+ 从 Private Marketplace 体验中删除产品。
+ 配置 Private Marketplace 体验的用户界面。
+ 启用和禁用 Private Marketplace 体验。
+ 致电 AWS Marketplace Catalog API 以编程方式管理私有市场体验。

要创建多个 Private Marketplace 管理员且每个管理员只能执行一部分任务，请参阅[适用于 Private Marketplace 管理员的策略示例](#creating-custom-policies-for-private-marketplace-admin)。

**注意**  
启用 Private Marketplace 是一项一次性操作，必须通过管理账户执行。有关更多信息，请参阅 [Getting started with private marketplace](https://docs.aws.amazon.com/marketplace/latest/buyerguide/private-catalog-administration.html#private-marketplace-getting-started)。

您可以将 AWS Identity and Access Management (IAM) 关联到用户、群组或角色，从而授予 (IAM) 管理您的私有市场的权限。[AWS 托管策略：AWSPrivateMarketplaceAdminFullAccess](buyer-security-iam-awsmanpol.md#security-iam-awsmanpol-awsprivatemarketplaceadminfullaccess)我们建议使用组或角色。有关如何附加策略的详细信息，请参阅《IAM 用户指南》**中的[将策略附加到用户组](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_attach-policy)。

有关 `AWSPrivateMarketplaceAdminFullAccess` 策略中权限的更多信息，请参阅 [AWS 托管策略：AWSPrivateMarketplaceAdminFullAccess](buyer-security-iam-awsmanpol.md#security-iam-awsmanpol-awsprivatemarketplaceadminfullaccess)。要了解其他可供使用的策略 AWS Marketplace，请登录并转至 [IAM 策略页面](https://console.aws.amazon.com/iam/home?#/policies)。 AWS 管理控制台在搜索框中输入 **Marketplace** 以查找与 AWS Marketplace关联的所有策略。

## 适用于 Private Marketplace 管理员的策略示例
<a name="creating-custom-policies-for-private-marketplace-admin"></a>

您的组织可以创建多个 Private Marketplace 管理员，每个管理员只能执行一部分任务。您可以调整 AWS Identity and Access Management (IAM) 策略，为[AWS Marketplace 目录的 AWS Marketplace Catalog API 操作、资源和条件键中列出的操作指定条件键和资源](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmarketplacecatalog.html#awsmarketplacecatalog-catalog_ChangeType)。M [AWS arketplace Catalog API 指南](https://docs.aws.amazon.com/marketplace-catalog/latest/api-reference/api-access-control.html)中描述了使用 AWS Marketplace Catalog API 变更类型和资源调整 IAM 策略的一般机制。有关私有市场中可用的所有变更类型的列表 AWS Marketplace，请参阅[使用私有市场。](https://docs.aws.amazon.com/marketplace-catalog/latest/api-reference/private-marketplace.html)

要创建客户管理型策略，请参阅[创建 IAM 策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html)。以下是 JSON 策略示例，您可以使用它来创建只能在 Private Marketplace 中添加或删除产品的管理员。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:AssociateProductsWithPrivateMarketplace",
                "aws-marketplace:DisassociateProductsFromPrivateMarketplace",
                "aws-marketplace:ListPrivateMarketplaceRequests",
                "aws-marketplace:DescribePrivateMarketplaceRequests"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:DescribeEntity",
                "aws-marketplace:ListEntities",
                "aws-marketplace:ListChangeSets",
                "aws-marketplace:DescribeChangeSet",
                "aws-marketplace:CancelChangeSet"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:StartChangeSet"
            ],
            "Condition": {
                "StringEquals": {
                    "catalog:ChangeType": [
                        "AllowProductProcurement",
                        "DenyProductProcurement"
                    ]
                }
            },
            "Resource": "*"
        }
    ]
}
```

------

也可以将策略限制为管理部分 Private Marketplace 资源。以下是 JSON 策略示例，您可以使用它来创建只能管理特定 Private Marketplace 体验的管理员。此示例使用带有 `exp-1234example` 的资源字符串作为 `Experience` 标识符。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:AssociateProductsWithPrivateMarketplace",
                "aws-marketplace:DisassociateProductsFromPrivateMarketplace",
                "aws-marketplace:ListPrivateMarketplaceRequests",
                "aws-marketplace:DescribePrivateMarketplaceRequests"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:ListEntities",
                "aws-marketplace:DescribeEntity",
                "aws-marketplace:ListChangeSets",
                "aws-marketplace:DescribeChangeSet",
                "aws-marketplace:CancelChangeSet"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:StartChangeSet"
            ],
            "Resource": [
                "arn:aws:aws-marketplace:*:*:AWSMarketplace/Experience/exp-1234example"
            ]
        }
    ]
}
```

------

有关如何检索实体标识符以及如何查看 Private Marketplace 资源的详细信息，请参阅[使用 Private Marketplace](https://docs.aws.amazon.com/marketplace-catalog/latest/api-reference/private-marketplace.html)。