本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 建立私有市集管理員
您可以建立管理員群組來管理公司的[私有市集](private-marketplace.md)設定。為您的組織啟用私有市集之後,私有市集的管理員可以執行許多任務,包括下列項目:
+ 檢視和建立體驗和對象。
+ 將產品新增至私有市場體驗。
+ 從私有市集體驗中移除產品。
+ 設定私有市集體驗的使用者介面。
+ 啟用和停用私有市集體驗。
+ 呼叫 AWS Marketplace Catalog API 以程式設計方式管理私有市集體驗。
若要建立多個私有市集管理員,其中每個管理員僅限於一部分任務,請參閱 [私有市集管理員的範例政策](#creating-custom-policies-for-private-marketplace-admin)。
**注意**
啟用私有市集是一種一次性動作,必須從管理帳戶執行。如需詳細資訊,請參閱[私有市集入門](https://docs.aws.amazon.com/marketplace/latest/buyerguide/private-catalog-administration.html#private-marketplace-getting-started)。
您可以將 連接至[AWS 受管政策: AWSPrivateMarketplaceAdminFullAccess](buyer-security-iam-awsmanpol.md#security-iam-awsmanpol-awsprivatemarketplaceadminfullaccess)使用者、群組或角色,以授予 AWS Identity and Access Management (IAM) 許可來管理私有市集。建議使用群組或角色。如需如何連接政策的詳細資訊,請參閱《*IAM 使用者指南*》中的[將政策連接至使用者群組](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_attach-policy)。
如需`AWSPrivateMarketplaceAdminFullAccess`政策中許可的詳細資訊,請參閱 [AWS 受管政策: AWSPrivateMarketplaceAdminFullAccess](buyer-security-iam-awsmanpol.md#security-iam-awsmanpol-awsprivatemarketplaceadminfullaccess)。若要了解其他用於 的政策 AWS Marketplace,請登入 AWS 管理主控台,然後前往 [IAM 政策頁面](https://console.aws.amazon.com/iam/home?#/policies)。在搜尋方塊中,輸入 **Marketplace** 以尋找所有相關聯的政策 AWS Marketplace。
## 私有市集管理員的範例政策
您的組織可以建立多個私有市集管理員,其中每個管理員僅限於一部分的任務。您可以調整 AWS Identity and Access Management (IAM) 政策,在目錄的動作、資源和條件索引鍵中列出的 AWS Marketplace Catalog API 動作上指定條件索引鍵和資源。 [AWS Marketplace](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsmarketplacecatalog.html#awsmarketplacecatalog-catalog_ChangeType)有關使用 AWS Marketplace Catalog API 變更類型和資源來調整 IAM 政策的一般機制,請參閱 [AWS Marketplace Catalog API 指南](https://docs.aws.amazon.com/marketplace-catalog/latest/api-reference/api-access-control.html)。如需私有中所有可用變更類型的清單 AWS Marketplace,請參閱[使用私有市集。](https://docs.aws.amazon.com/marketplace-catalog/latest/api-reference/private-marketplace.html)
若要建立客戶受管政策,請參閱[建立 IAM 政策](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html)。以下是範例政策 JSON,您可以用來建立只能從私有市集新增或移除產品的管理員。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-marketplace:AssociateProductsWithPrivateMarketplace",
"aws-marketplace:DisassociateProductsFromPrivateMarketplace",
"aws-marketplace:ListPrivateMarketplaceRequests",
"aws-marketplace:DescribePrivateMarketplaceRequests"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"aws-marketplace:DescribeEntity",
"aws-marketplace:ListEntities",
"aws-marketplace:ListChangeSets",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:CancelChangeSet"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"aws-marketplace:StartChangeSet"
],
"Condition": {
"StringEquals": {
"catalog:ChangeType": [
"AllowProductProcurement",
"DenyProductProcurement"
]
}
},
"Resource": "*"
}
]
}
```
------
也可以限制政策來管理私有市集資源的子集。以下是範例政策 JSON,您可以用來建立只能管理特定私有市集體驗的管理員。此範例使用資源字串搭配 `exp-1234example`做為`Experience`識別符。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-marketplace:AssociateProductsWithPrivateMarketplace",
"aws-marketplace:DisassociateProductsFromPrivateMarketplace",
"aws-marketplace:ListPrivateMarketplaceRequests",
"aws-marketplace:DescribePrivateMarketplaceRequests"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"aws-marketplace:ListEntities",
"aws-marketplace:DescribeEntity",
"aws-marketplace:ListChangeSets",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:CancelChangeSet"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"aws-marketplace:StartChangeSet"
],
"Resource": [
"arn:aws:aws-marketplace:*:*:AWSMarketplace/Experience/exp-1234example"
]
}
]
}
```
------
如需如何擷取實體識別符的詳細資訊,以及檢視私有市集資源集,請參閱[使用私有市集](https://docs.aws.amazon.com/marketplace-catalog/latest/api-reference/private-marketplace.html)。