This topic describes how to grant backup file download permissions to a RAM user who only has read permissions. For security purposes, a RAM user with read-only permissions cannot download backup files.

Procedure

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. Click Create Policy and specify the parameters:

    The policy contains the following content:

    {
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "rds:Describe*",
                "rds:ModifyBackupPolicy",
                "rds:CheckRegionSupportBackupEncryption"
            ],
            "Resource": "*"
        }
    ],
    "Version": "1"
}
  4. Click OK.
  5. In the left-side navigation pane, choose Permissions > Grants.
  6. Click Add Authorization to attach the new permission policy to the RAM user.
  7. Click OK.