Resource Access Management (RAM) lets you grant RAM users access to the PolarDB clusters owned by your Alibaba Cloud account. By default, the account owner has full access to all resources. Use RAM to control what individual RAM users can access and manage.
For instructions on attaching a policy to a RAM user, see Grant permissions to a RAM user.
PolarDB resource type
PolarDB exposes one authorizable resource type: dbcluster.
| Resource type | Description |
|---|---|
dbcluster |
A PolarDB cluster |
Resource ARN format
Use the following ARN format to identify a PolarDB cluster in a policy statement:
acs:polardb:$regionid:$accountid:dbcluster/| Parameter | Description | Example |
|---|---|---|
$regionid |
The region where the cluster resides. Use * to match any region. |
cn-hangzhou |
$accountid |
Your Alibaba Cloud account ID. Use * to match any account. |
12345678901234 |
To match all clusters in a specific account and region, replace the cluster ID with a wildcard:
acs:polardb:cn-hangzhou:12345678901234:dbcluster/*To match all PolarDB resources regardless of region or account:
acs:polardb:*:*:dbcluster/Example policy
The following policy grants read-only access to PolarDB clusters. It contains two statements:
-
Statement 1: Allows
polardb:Describe*actions on all clusters in thecn-hangzhouregion under account12345678901234. -
Statement 2: Allows the same read-only actions on any PolarDB resource.
{
"Version": "1",
"Statement": [
{
"Action": [
"polardb:Describe*"
],
"Effect": "Allow",
"Resource": [
"acs:polardb:cn-hangzhou:12345678901234:dbcluster/*"
]
},
{
"Action": "polardb:Describe*",
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}