When you call API operations to access ApsaraDB for MongoDB resources as a Resource Access Management (RAM) user, ApsaraDB for MongoDB checks with RAM whether the RAM user is granted the required permissions.

The permissions to be checked are determined by the resources used by the API operation. The following table describes the authentication rules for each API operation.

API operation Authorization rule
dds:CreateDBInstance acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ModifyDBInstanceSpec acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DeleteDBInstance acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:RenewDBInstance acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:CreateShardingDBInstance acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DeleteNode acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:CreateNode acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ModifyNodeSpec acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeDBInstances acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:RestartDBInstance acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ModifyDBInstanceMaintainTime acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ModifyDBInstanceDescription acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeDBInstanceAttribute acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeReplicaSetRole acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeShardingNetworkAddress acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ModifyDBInstanceNetworkType acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ModifyDBInstanceNetExpireTime acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeDBInstancePerformance acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeAccounts acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ResetAccountPassword acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeSecurityIps acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ModifySecurityIps acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeAuditRecords acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeAuditFiles acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeBackupPolicy acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:ModifyBackupPolicy acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:CreateBackup acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:RestoreDBInstance acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeBackups acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
dds:DescribeDBInstancePerformance acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid