Use RAM for resource authorization - PolarDB - Alibaba Cloud Documentation Center

This topic summarizes the resource authorization rules for Resource Access Management (RAM) supported by PolarDB-X 1.0 and the regions where RAM services are activated for PolarDB-X 1.0.

Supported resource authorization rules

Note

You must replace $regionId in the table with the corresponding regionId value in Regions that support RAM based on the region where the specified instance resides.
You must replace the parameters that start with $ in the table with the actual parameters based on your business requirements.


Action	Authorization rule	Description
CreateDrdsInstance	acs:drds:$regionid:$accountid:instance/*	Creates an instance.
DescribeDrdsInstanceList	acs:drds:$regionid:$accountid:instance/*	Queries the instance list.
UpgradeDrdsInstance	acs:drds:$regionid:$accountid:instance/$instanceid	Changes the instance configurations.
RemoveDRDSInstance	acs:drds:$regionid:$accountid:instance/$instanceid	Releases the instance.
DescribeDrdsInstance	acs:drds:$regionid:$accountid:instance/$instanceid	Queries the instance details.
VersionChanage	acs:drds:$regionid:$accountid:instance/$instanceid	Upgrades or rolls back the version of the PolarDB-X 1.0 instance.
CreateInternetAddress	acs:drds:$regionid:$accountid:instance/$instanceid	Creates a public IP address for the PolarDB-X 1.0 instance.
ReleaseInternetAddress	acs:drds:$regionid:$accountid:instance/$instanceid	Releases the public IP address for the PolarDB-X 1.0 instance.
CreateDrdsDB	acs:drds:$regionid:$accountid:instance/$instanceid/db/*	Creates a PolarDB-X 1.0 database.
DescribeDrdsDbList	acs:drds:$regionid:$accountid:instance/$instanceid/db/*	Queries the database list in the PolarDB-X 1.0 instance.
DescribeDrdsDb	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Queries the details about the PolarDB-X 1.0 database.
DeleteDrdsDb	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Deletes the PolarDB-X 1.0 database.
ModifyReadWriteWeight	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Modifies the read policy.
DescribeLogicTableList	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Queries the data table list in the PolarDB-X 1.0 database.
ExecuteDDL	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Executes the data definition language (DDL) statement in the PolarDB-X 1.0 console.
ModifyDrdsIpWhiteList	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Modifies the IP address whitelist of the PolarDB-X 1.0 database.
DrdsDataImport	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Imports data.
DrdsSmoothExpand	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Performs smooth scale-out.
CreateReadOnlyAccount	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Creates a read-only account.
ModifyReadOnlyAccountPassword	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Changes the password of the read-only account.
RemoveReadOnlyAccount	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Deletes the read-only account.
DescribeAlarmContacts	acs:drds:$regionid:$accountid:contacts/*	Queries the list of alert contacts.
AddAlarmContacts	acs:drds:$regionid:$accountid:contacts/*	Adds an alert contact.
ModifyAlarmContacts	acs:drds:$regionid:$accountid:contacts/*	Modifies the alert contact.
RemoveAlarmContacts	acs:drds:$regionid:$accountid:contacts/*	Deletes the alert contact.
DescribeAlarmGroup	acs:drds:$regionid:$accountid:contacts/*	Queries the list of alert contact groups.
AddAlarmGroup	acs:drds:$regionid:$accountid:contacts/*	Adds an alert contact group.
ModifyAlarmGroup	acs:drds:$regionid:$accountid:contacts/*	Modifies the alert contact group.
RemoveAlarmGroup	acs:drds:$regionid:$accountid:contacts/*	Deletes the alert contact group.
DescribeInstanceMonitor	acs:drds:$regionid:$accountid:instance/$instanceid	Queries the monitoring information about the instance.
DescribeAlarmRule	acs:drds:$regionid:$accountid:instance/$instanceid	Queries the list of alert rules.
CreateAlarmRule	acs:drds:$regionid:$accountid:instance/$instanceid	Creates an alert rule. Note The permission to create alert rules depends on the permission to query contact groups.
ModifyAlarmRule	acs:drds:$regionid:$accountid:instance/$instanceid	Modifies an alert rule. Note The permission to modify alert rules depends on the permission to query contact groups.
RemoveAlarmRule	acs:drds:$regionid:$accountid:instance/$instanceid	Deletes the alert rule.
DescribeAlarmHistory	acs:drds:$regionid:$accountid:instance/$instanceid	Queries alert history.
DescribeSlowSql	acs:drds:$regionid:$accountid:instance/$instanceid	Queries the slow SQL statement in PolarDB-X 1.0.
DrdsShardTool	acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname	Uses the shard change tool.

Regions that support RAM

The following table lists the regions where RAM services are activated for PolarDB-X 1.0 and the corresponding regionId values.


regionId	Region name
cn-hangzhou	China (Hangzhou)
cn-shenzhen	China (Shenzhen)
cn-shanghai	China (Shanghai)
cn-qingdao	China (Qingdao)
cn-beijing	China (Beijing)