This topic describes how to use Resource Access Management (RAM) to authorize PolarDB resources.
Description
All the PolarDB for MySQL clusters that are created by using an Alibaba Cloud account are the resources that are owned by the account. By default, an Alibaba Cloud account has full access permissions on the resources in the account.
You can use RAM to grant RAM users the permissions to access and manage the PolarDB for MySQL resources that are owned by your Alibaba Cloud account. For more information, see Grant permissions to RAM users.
The following table lists the descriptions of PolarDB for MySQL resources when you use RAM to grant permissions.
Request parameters
Resource type | Resource description in an authorization policy |
dbcluster | acs:polardb:$regionid:$accountid:dbcluster/ acs:polardb:*:*:dbcluster/ |
The following table describes the parameters.
Parameter | Description |
$regionid | The ID of the region where the resource is available. You can specify this parameter as an asterisk (*). |
$accountid | The ID of your Alibaba Cloud account. You can specify this parameter as an asterisk (*). |
Examples
{
"Version": "1",
"Statement": [
{
"Action": [
"polardb:Describe*"
],
"Effect": "Allow",
"Resource": [
"acs:polardb:cn-hangzhou:12345678901234:dbcluster/*"
]
},
{
"Action": "polardb:Describe*",
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}