This topic summarizes the resource authorization rules for Resource Access Management (RAM) supported by DRDS and the regions where RAM services are activated for DRDS.

Supported resource authorization rules

Note
  • You must replace $regionId in the table with the corresponding regionId value in Regions that support RAM based on the region where the specified instance resides.
  • You must replace the parameters that start with $ in the table with the actual parameters based on your business requirements.
Action Authorization rule Description
CreateDrdsInstance acs:drds:$regionid:$accountid:instance/* Creates an instance.
DescribeDrdsInstanceList acs:drds:$regionid:$accountid:instance/* Queries the instance list.
UpgradeDrdsInstance acs:drds:$regionid:$accountid:instance/$instanceid Changes the instance configurations.
RemoveDRDSInstance acs:drds:$regionid:$accountid:instance/$instanceid Releases the instance.
DescribeDrdsInstance acs:drds:$regionid:$accountid:instance/$instanceid Queries the instance details.
VersionChanage acs:drds:$regionid:$accountid:instance/$instanceid Upgrades or rolls back the version of the DRDS instance.
CreateInternetAddress acs:drds:$regionid:$accountid:instance/$instanceid Creates a public IP address for the DRDS instance.
ReleaseInternetAddress acs:drds:$regionid:$accountid:instance/$instanceid Releases the public IP address for the DRDS instance.
CreateDrdsDB acs:drds:$regionid:$accountid:instance/$instanceid/db/* Creates a DRDS database.
DescribeDrdsDbList acs:drds:$regionid:$accountid:instance/$instanceid/db/* Queries the database list in the DRDS instance.
DescribeDrdsDb acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Queries the details about the DRDS database.
DeleteDrdsDb acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Deletes the DRDS database.
ModifyReadWriteWeight acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Modifies the read policy.
DescribeLogicTableList acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Queries the data table list in the DRDS database.
ExecuteDDL acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Executes the data definition language (DDL) statement in the DRDS console.
ModifyDrdsIpWhiteList acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Modifies the IP address whitelist of the DRDS database.
DrdsDataImport acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Imports data.
DrdsSmoothExpand acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Performs smooth scale-out.
CreateReadOnlyAccount acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Creates a read-only account.
ModifyReadOnlyAccountPassword acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Changes the password of the read-only account.
RemoveReadOnlyAccount acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Deletes the read-only account.
DescribeAlarmContacts acs:drds:$regionid:$accountid:contacts/* Queries the list of alert contacts.
AddAlarmContacts acs:drds:$regionid:$accountid:contacts/* Adds an alert contact.
ModifyAlarmContacts acs:drds:$regionid:$accountid:contacts/* Modifies the alert contact.
RemoveAlarmContacts acs:drds:$regionid:$accountid:contacts/* Deletes the alert contact.
DescribeAlarmGroup acs:drds:$regionid:$accountid:contacts/* Queries the list of alert contact groups.
AddAlarmGroup acs:drds:$regionid:$accountid:contacts/* Adds an alert contact group.
ModifyAlarmGroup acs:drds:$regionid:$accountid:contacts/* Modifies the alert contact group.
RemoveAlarmGroup acs:drds:$regionid:$accountid:contacts/* Deletes the alert contact group.
DescribeInstanceMonitor acs:drds:$regionid:$accountid:instance/$instanceid Queries the monitoring information about the instance.
DescribeAlarmRule acs:drds:$regionid:$accountid:instance/$instanceid Queries the list of alert rules.
CreateAlarmRule acs:drds:$regionid:$accountid:instance/$instanceid Creates an alert rule.
Note The permission to create alert rules depends on the permission to query contact groups.
ModifyAlarmRule acs:drds:$regionid:$accountid:instance/$instanceid Modifies an alert rule.
Note The permission to modify alert rules depends on the permission to query contact groups.
RemoveAlarmRule acs:drds:$regionid:$accountid:instance/$instanceid Deletes the alert rule.
DescribeAlarmHistory acs:drds:$regionid:$accountid:instance/$instanceid Queries alert history.
DescribeSlowSql acs:drds:$regionid:$accountid:instance/$instanceid Queries the slow SQL statement in DRDS.
DrdsShardTool acs:drds:$regionid:$accountid:instance/$instanceid/db/$dbname Uses the shard change tool.

Regions that support RAM

The following table lists the regions where RAM services are activated for DRDS and the corresponding regionId values.

regionId Region name
cn-hangzhou China (Hangzhou)
cn-shenzhen China (Shenzhen)
cn-shanghai China (Shanghai)
cn-qingdao China (Qingdao)
cn-beijing China (Beijing)