Overview

All AnalyticDB for MySQL clusters created by using an Alibaba Cloud account are resources owned by that account. By default, the account has full operation permissions on the resources.

The Alibaba Cloud Resource Access Management (RAM) service allows you to grant access and management permissions on your AnalyticDB for MySQL clusters to RAM users.

Currently, you can only grant RAM users with permissions on AnalyticDB for MySQL clusters but not on finer-grained objects. The following table lists the descriptions of resources when you use RAM to grant access permissions on these resources.

Request parameters

Resource type Resource description in an authorization policy
dbcluster acs:adb:$regionid:$accountid:dbcluster/acs:adb:::dbcluster/

Parameter description

Parameter Description
$regionid The ID of the region where the resource is available, which can be replaced by an asterisk (*).
$accountid The ID of your Alibaba Cloud account, which can be replaced by an asterisk (*).
Note You can only grant permissions on all AnalyticDB for MySQL clusters under your Alibaba Cloud account in a unified manner. You cannot grant permissions on a single cluster. That is, you cannot use the following resource description in an authorization policy: acs:adb:::dbcluster/pc-xxxxxxx.

Sample success responses

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "adb:Describe*"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:adb:cn-hangzhou:12345678901234:dbcluster/*"
      ]
    },
    {
      "Action": "adb:Describe*",
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}