This topic describes how to use Resource Access Management (RAM) to authorize PolarDB resources.

Description

All the PolarDB clusters that are created by using an Alibaba Cloud account are the resources that are owned by the account. By default, an Alibaba Cloud account has full access permissions on the resources in the account.

You can use RAM to grant RAM users the permissions to access and manage the PolarDB resources that are owned by your Alibaba Cloud account. For more information, see Permission granting in RAM.

The following table lists the descriptions of PolarDB resources when you use RAM to grant permissions.

Request parameters

Resource type Resource description in an authorization policy
dbcluster

acs:polardb:$regionid:$accountid:dbcluster/

acs:polardb:*:*:dbcluster/

The following table describes the parameters.

Parameter Description
$regionid The ID of the region where the resource is available. You can specify this parameter as an asterisk (*).
$accountid The ID of your Alibaba Cloud account. You can specify this parameter as an asterisk (*).

Examples

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "polardb:Describe*"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:polardb:cn-hangzhou:12345678901234:dbcluster/*"
      ]
    },
    {
      "Action": "polardb:Describe*",
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}