All Products
Search
Document Center

PolarDB:Use RAM for resource authorization

Last Updated:Oct 11, 2023

This topic describes how to use Resource Access Management (RAM) to authorize PolarDB resources.

Description

All the PolarDB for MySQL clusters that are created by using an Alibaba Cloud account are the resources that are owned by the account. By default, an Alibaba Cloud account has full access permissions on the resources in the account.

You can use RAM to grant RAM users the permissions to access and manage the PolarDB for MySQL resources that are owned by your Alibaba Cloud account. For more information, see Grant permissions to RAM users.

The following table lists the descriptions of PolarDB for MySQL resources when you use RAM to grant permissions.

Request parameters

Resource typeResource description in an authorization policy
dbcluster

acs:polardb:$regionid:$accountid:dbcluster/

acs:polardb:*:*:dbcluster/

The following table describes the parameters.

ParameterDescription
$regionidThe ID of the region where the resource is available. You can specify this parameter as an asterisk (*).
$accountidThe ID of your Alibaba Cloud account. You can specify this parameter as an asterisk (*).

Examples

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "polardb:Describe*"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:polardb:cn-hangzhou:12345678901234:dbcluster/*"
      ]
    },
    {
      "Action": "polardb:Describe*",
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}