All Products
Search
Document Center

Database Backup:Service-linked role for DBS

Last Updated:Nov 14, 2023

This topic describes the AliyunServiceRoleForDBS service-linked role for Database Backup (DBS) and how to create, view, and delete the service-linked role.

Background information

AliyunServiceRoleForDBS is a Resource Access Management (RAM) role that allows DBS to access other cloud services. Before DBS accesses your Alibaba Cloud databases such as ApsaraDB RDS, ApsaraDB for MongoDB, ApsaraDB for Redis, and PolarDB databases or self-managed databases hosted on Elastic Compute Service (ECS), DBS must assume the AliyunServiceRoleForDBS role to obtain the required permissions.

For more information, see Service-linked roles.

Create the service-linked role

When you use DBS for the first time, the system automatically creates the AliyunServiceRoleForDBS role. Before you use DBS, you must assign the AliyunServiceRoleForDBS role to DBS to ensure that DBS has the permissions to access your databases.

You can assign the AliyunServiceRoleForDBS role to DBS by using the DBS console or calling an API operation. For more information, see How do I activate DBS? or InitializeDbsServiceLinkedRole.

View the service-linked role

After the AliyunServiceRoleForDBS role is created, you can view the role in the RAM console. You can view the basic information, trust policy, and permission policy of the role.

  1. Log on to the RAM console.

  2. In the left-side navigation pane, choose Identities > Roles.

  3. On the Roles page, search for the AliyunServiceRoleForDBS role and click its name.

  4. View the basic information about the role.

    In the Basic Information section of the role details page, view the role information including the role name, creation time, and Alibaba Cloud Resource Name (ARN).

  5. View the trust policy of the role.

    On the role details page, click the Trust Policy Management tab to view the value of the Service field. The value indicates the cloud service that can assume the role. Example: "Service": ["dbs.aliyuncs.com"].

  6. View the permission policy of the role.

    1. On the role details page, click the Permissions tab.

    2. Find the AliyunServiceRolePolicyForDBS policy and click its name.

    3. On the Policy Document tab of the page that appears, view the policy content.

    Note

    You cannot directly view the policy of a service-linked role on the Policies page of the RAM console.

Delete the service-linked role

You can manually delete the AliyunServiceRoleForDBS role in the RAM console. For more information, see Delete a RAM role.