All Products
Search
Document Center

ApsaraDB RDS:Grant backup file download permissions to a RAM user with read-only permissions

Last Updated:Jan 08, 2024

This topic describes how to grant backup file download permissions to a RAM user with read-only permissions. For security purposes, a RAM user with read-only permissions cannot download backup files.

Procedure

  1. Log on to the Resource Access Management (RAM) console.

  2. In the left-side navigation pane, choose Permissions > Policies.

  3. Click Create Policy. On the page that appears, click the JSON tab and enter the following policy content:

    {
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "rds:Describe*",
                    "rds:ModifyBackupPolicy",
                    "rds:CheckRegionSupportBackupEncryption"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "dbs:CreateDownload",
                    "dbs:DescribeDBInstanceDownloadSize"
                ],
                "Resource": "*"
            }
        ],
        "Version": "1"
    }
  4. Click Next to edit policy information. Enter a name for the policy and click OK.

  5. In the left-side navigation pane, choose Permissions > Grants.

  6. Click Grant Permission to attach the new policy to the RAM user. For more information, see Method 2: Grant permissions to a RAM user on the Grants page.

  7. Click OK.