本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# `StartEarthObservationJob` API：执行角色权限
<a name="sagemaker-roles-start-eoj-perms"></a>

对于可在 `StartEarthObservationJob` API 请求中传递的执行角色，您可以将以下最低权限策略附加到该角色：

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                "arn:aws:s3:::*SageMaker*",
                "arn:aws:s3:::*Sagemaker*",
                "arn:aws:s3:::*sagemaker*"
            ]
        },
        {
        "Effect": "Allow",
        "Action": "sagemaker-geospatial:GetEarthObservationJob",
        "Resource":  "arn:aws:sagemaker-geospatial:*:*:earth-observation-job/*"
        },
        {
        "Effect": "Allow",
        "Action": "sagemaker-geospatial:GetRasterDataCollection",
        "Resource": "arn:aws:sagemaker-geospatial:*:*:raster-data-collection/*"
        }
    ]
    }
```

------

如果您输入的 Amazon S3 存储桶使用服务器端加密和 AWS KMS 托管密钥 (SSE-KMS) 进行加密，请参阅使用 [Amazon S3 存储桶密钥](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html)了解更多信息。