This topic describes how to grant backup file download permissions to a RAM user who only has read-only permissions. For security purposes, a typical RAM user cannot download backup files.

Procedure

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. Click Create Policy and set the parameters.

    The policy content is as follows:

    {
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "rds:Describe*",
                    "rds:ModifyBackupPolicy"
                ],
                "Resource": "*"
            }
        ],
        "Version": "1"
    }
  4. Click OK.
  5. In the left-side navigation pane, choose Permissions > Grants.
  6. Click Grant Permission and add the new permission policy to the target RAM user.

  7. Click OK.