All Products
Search
Document Center

Cloud Backup:What can I do if an "insufficient permissions" error occurs when I use a RAM user to back up data from an ECS instance?

Last Updated:Sep 21, 2023

If you are prompted in the ECS console that the RAM user does not have sufficient permissions, you must use your Alibaba Cloud account to authorize the RAM user. After the authorization, you can use the RAM user to access Cloud Backup.

Symptoms

When you use a RAM user to back up an ECS instance, the following message appears: "Insufficient permissions, please contact the cloud account administrator to grant you the corresponding permissions."

Causes

You have not granted the RAM user the permissions to access and manage Cloud Backup.

Solutions

Grant the RAM user the AliyunHBRReadOnlyAccess permission to read data from Cloud Backup or the AliyunHBRFullAccess permission to manage Cloud Backup.

  • AliyunHBRReadOnlyAccess: the read-only permission on Cloud Backup. You cannot use the permission to create or modify files in Cloud Backup. You can use this permission to only read files from Cloud Backup.

  • AliyunHBRFullAccess: the permission that allows the RAM user to have the same full access to Cloud Backup as your Alibaba Cloud account. You can grant this permission to the RAM user. This way, you can assign operations and maintenance tasks to the RAM user.

Note

For data security, we recommend that you follow the principle of least privilege (PoLP) when you grant permissions to the RAM user on Cloud Backup. You can create custom policies to manage permissions in a fine-grained manner. For more information, see Create a custom policy.

  1. Log on to the RAM console by using your Alibaba Cloud account.

  2. In the left-side navigation pane, choose Identities > Users.

  3. On the Users page, find the RAM user, and then click Add Permissions in the Actions column.

  4. In the Add Permissions panel, select the AliyunHBRReadOnlyAccess or AliyunHBRFullAccess permission under System Policy and click OK.

  5. Confirm the authorization result and click Complete.