Your Alibaba Cloud account has full access to all resources under the account.

You can grant the access and management permissions to sub-accounts (which are also called RAM users) by creating an authorization policy. In an authorization policy, an Alibaba Cloud Resource Name (ARN) is used as the unique identifier of resources. This topic introduces the format of ARNs.

Note For RDS, the resources are dbinstance.

Request parameters

Resource type ARN format
dbinstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid




Parameter Description
Region ID, which can be replaced with *
Instance ID, which can be replaced with *
Alibaba Cloud account ID, which can be replaced with *

RDS API authenication rules

When you use a RAM user account to access RDS through an API, RDS checks whether the RAM user has permissions.