Overview

All ApsaraDB for PolarDB clusters created under your Alibaba Cloud account are resources owned by your account. By default, you have full operation permissions on the resources under your account.

Alibaba Cloud Resource Access Management (RAM) allows you to grant RAM users the access and management permissions on PolarDB resources owned by your account. For more information, see RAM authorization.

This topic describes how to grant RAM users the permissions on PolarDB resources.

Request parameters

Resource Description in an authorization policy
dbcluster

acs:polardb:$regionid:$accountid:dbcluster/

acs:polardb:*:*:dbcluster/

Parameter description

Parameter Description
$regionid The ID of the region, which can be replaced by an asterisk (*).
$accountid The ID of your Alibaba Cloud account, which can be replaced by an asterisk (*).

Example

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "polardb:Describe*"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:polardb:cn-hangzhou:12345678901234:dbcluster/*"
      ]
    },
    {
      "Action": "polardb:Describe*",
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}