Description

AnalyticDB for MySQL clusters created by using an Alibaba Cloud account are resources of that account. By default, an Alibaba Cloud account has full access permissions on the resources that belong to the account.

The Alibaba Cloud Resource Access Management (RAM) service allows you to grant access and management permissions on your AnalyticDB for MySQL clusters to RAM users.

You can grant RAM users permissions only on AnalyticDB for MySQL clusters but not on finer-grained objects. The following table describes the resource format when you use RAM to grant permissions.

Request parameters

Resource type Resource format
dbcluster acs:adb:$regionid:$accountid:dbcluster/acs:adb:::dbcluster/

Parameters:

  • $regionid: the region ID of the cluster. This parameter can be replaced with an asterisk (*).
  • $accountid: the ID of your Alibaba Cloud account. This parameter can be replaced with an asterisk (*).
Note You can grant permissions on all AnalyticDB for MySQL clusters of your Alibaba Cloud account in a unified manner but cannot on a single cluster. The resource format of acs:adb:::dbcluster/pc-xxxxxxx cannot be used in AnalyticDB for MySQL.

Examples

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "adb:Describe*"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:adb:cn-hangzhou:12345678901234:dbcluster/*"
      ]
    },
    {
      "Action": "adb:Describe*",
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}