當您使用資源群組對資源進行分組管理時,可以結合存取控制(RAM),在單個阿里雲帳號內實現資源的隔離和精微調權限管理。本文總結了雲原生資料倉儲 AnalyticDB PostgreSQL 版對資源群組的支援情況,以及資源群組層級的授權操作步驟。
-
只有支援資源群組的資源類型和支援資源群組層級授權的操作,資源群組層級授權才會生效。
-
對於不支援資源群組的資源類型,授予資源群組範圍的許可權將無效。在選擇資源範圍時,請選擇帳號層級,進行帳號層級授權。具體操作,請參見不支援資源群組層級授權的操作。
資源群組授權的工作原理
您可以使用資源群組(Resource Group)對阿里雲帳號內的資源進行分組管理。例如,為不同的專案建立對應的資源群組,並將資源轉移到對應的組中,以便集中管理各專案的資源。更多資訊,請參見什麼是資源群組。
在完成資源分組後,您可以為不同的RAM授權主體(RAM使用者、RAM使用者組或RAM角色)授予指定資源群組範圍的許可權,從而限定這個授權主體只能管理該資源群組內的資源。更多資訊,請參見資源分組和授權。
這種授權方式的優點有:
-
許可權精細化:確保每個身份能獲得最準確的資源存取權限,避免帳號下的多重專案的資源混合管理。
-
良好的擴充性:後續新增資源時,只需將其加入該資源群組,RAM身份便會自動獲得新資源的相應許可權,無需再次授權。
為RAM使用者授予資源群組層級的許可權
下面以RAM使用者為例,介紹授予指定資源群組內雲原生資料倉儲 AnalyticDB PostgreSQL 版資源許可權的操作步驟。
1. 前置步驟
2. 進行資源群組層級授權
您可以通過以下任一方式進行資源群組層級授權。
方式一:在資源管理主控台中授權
通過資源群組的許可權管理功能為指定 RAM 使用者授權。詳情操作可參見為RAM身份授予資源群組範圍的許可權。
方式二:在 RAM 控制台中授權
通過RAM控制台為指定 RAM 使用者進行資源群組層級授權。詳細操作可參見為RAM使用者授權。
支援資源群組的資源類型
雲原生資料倉儲 AnalyticDB PostgreSQL 版支援資源群組的資源類型如下表所示:
|
雲端服務 |
雲端服務代碼 |
資源類型 |
|
雲原生資料倉儲 AnalyticDB PostgreSQL 版 |
gpdb |
instance : 執行個體 |
對於暫不支援資源群組的資源類型,如有需要,您可以在資源群組控制台提交反饋。
不支援資源群組層級授權的操作
雲原生資料倉儲 AnalyticDB PostgreSQL 版中不支援資源群組層級授權的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
gpdb:AddAINode |
- |
|
gpdb:AllocateInstancePublicConnection |
- |
|
gpdb:BindDBResourceGroupWithRole |
- |
|
gpdb:BindToVirtualCluster |
- |
|
gpdb:CancelActiveOperationTasks |
- |
|
gpdb:ChatWithKnowledgeBase |
- |
|
gpdb:ChatWithKnowledgeBaseStream |
- |
|
gpdb:CheckHadoopDataSource |
- |
|
gpdb:CheckHadoopNetConnection |
- |
|
gpdb:CheckJDBCSourceNetConnection |
- |
|
gpdb:CheckServiceLinkedRole |
- |
|
gpdb:CloneDBInstance |
- |
|
gpdb:CreateAccount |
- |
|
gpdb:CreateBackup |
- |
|
gpdb:CreateDBInstance |
- |
|
gpdb:CreateDBInstanceIPArray |
- |
|
gpdb:CreateDBInstancePlan |
- |
|
gpdb:CreateDBResourceGroup |
- |
|
gpdb:CreateDatabase |
- |
|
gpdb:CreateExtensions |
- |
|
gpdb:CreateExternalDataService |
- |
|
gpdb:CreateHadoopDataSource |
- |
|
gpdb:CreateJDBCDataSource |
- |
|
gpdb:CreateModelService |
- |
|
gpdb:CreateOrder |
- |
|
gpdb:CreateRemoteADBDataSource |
- |
|
gpdb:CreateSampleData |
- |
|
gpdb:CreateServiceLinkedRole |
- |
|
gpdb:CreateStreamingDataService |
- |
|
gpdb:CreateStreamingDataSource |
- |
|
gpdb:CreateStreamingJob |
- |
|
gpdb:CreateSupabaseProject |
- |
|
gpdb:CreateVirtualCluster |
- |
|
gpdb:DeleteAINode |
- |
|
gpdb:DeleteBackup |
- |
|
gpdb:DeleteDBInstance |
- |
|
gpdb:DeleteDBInstanceIPArray |
- |
|
gpdb:DeleteDBInstancePlan |
- |
|
gpdb:DeleteDBResourceGroup |
- |
|
gpdb:DeleteDatabase |
- |
|
gpdb:DeleteExtension |
- |
|
gpdb:DeleteExternalDataService |
- |
|
gpdb:DeleteHadoopDataSource |
- |
|
gpdb:DeleteJDBCDataSource |
- |
|
gpdb:DeleteModelService |
- |
|
gpdb:DeletePrivateRAGService |
- |
|
gpdb:DeleteRemoteADBDataSource |
- |
|
gpdb:DeleteStreamingDataService |
- |
|
gpdb:DeleteStreamingDataSource |
- |
|
gpdb:DeleteStreamingJob |
- |
|
gpdb:DeleteSupabaseProject |
- |
|
gpdb:DeleteVirtualCluster |
- |
|
gpdb:DeployPrivateRAGService |
- |
|
gpdb:DescribeAccounts |
- |
|
gpdb:DescribeActiveSQLRecords |
- |
|
gpdb:DescribeAvailableResources |
- |
|
gpdb:DescribeBackupJob |
- |
|
gpdb:DescribeBackupPolicy |
- |
|
gpdb:DescribeDBClusterNode |
- |
|
gpdb:DescribeDBClusterPerformance |
- |
|
gpdb:DescribeDBInstanceAttribute |
- |
|
gpdb:DescribeDBInstanceDataBloat |
- |
|
gpdb:DescribeDBInstanceDataSkew |
- |
|
gpdb:DescribeDBInstanceDiagnosisSummary |
- |
|
gpdb:DescribeDBInstanceErrorLog |
- |
|
gpdb:DescribeDBInstanceIPArrayList |
- |
|
gpdb:DescribeDBInstanceIndexUsage |
- |
|
gpdb:DescribeDBInstanceNetInfo |
- |
|
gpdb:DescribeDBInstancePerformance |
- |
|
gpdb:DescribeDBInstancePlans |
- |
|
gpdb:DescribeDBInstanceSQLPatterns |
- |
|
gpdb:DescribeDBInstanceSSL |
- |
|
gpdb:DescribeDBInstanceSupportMaxPerformance |
- |
|
gpdb:DescribeDBInstances |
- |
|
gpdb:DescribeDBResourceGroup |
- |
|
gpdb:DescribeDBResourceManagementMode |
- |
|
gpdb:DescribeDBVersion |
- |
|
gpdb:DescribeDBVersionInfos |
- |
|
gpdb:DescribeDataBackups |
- |
|
gpdb:DescribeDataReDistributeInfo |
- |
|
gpdb:DescribeDataShareInstances |
- |
|
gpdb:DescribeDataSharePerformance |
- |
|
gpdb:DescribeDatabase |
- |
|
gpdb:DescribeDiagnosisDimensions |
- |
|
gpdb:DescribeDiagnosisMonitorPerformance |
- |
|
gpdb:DescribeDiagnosisRecords |
- |
|
gpdb:DescribeDiagnosisSQLInfo |
- |
|
gpdb:DescribeDownloadRecords |
- |
|
gpdb:DescribeDownloadSQLLogs |
- |
|
gpdb:DescribeExtension |
- |
|
gpdb:DescribeExternalDataService |
- |
|
gpdb:DescribeHadoopClustersInSameNet |
- |
|
gpdb:DescribeHadoopConfigs |
- |
|
gpdb:DescribeHadoopDataSource |
- |
|
gpdb:DescribeHealthStatus |
- |
|
gpdb:DescribeHistoryEvents |
- |
|
gpdb:DescribeHistoryEventsStat |
- |
|
gpdb:DescribeIMVInfos |
- |
|
gpdb:DescribeJDBCDataSource |
- |
|
gpdb:DescribeLogBackups |
- |
|
gpdb:DescribeModelService |
- |
|
gpdb:DescribeModifyParameterLog |
- |
|
gpdb:DescribeParameters |
- |
|
gpdb:DescribePrivateRAGService |
- |
|
gpdb:DescribeRayCluster |
- |
|
gpdb:DescribeRebalanceStatus |
- |
|
gpdb:DescribeRegions |
- |
|
gpdb:DescribeRoles |
- |
|
gpdb:DescribeSQLCollectorPolicy |
- |
|
gpdb:DescribeSQLLogCount |
- |
|
gpdb:DescribeSQLLogRecords |
- |
|
gpdb:DescribeSQLLogs |
- |
|
gpdb:DescribeSampleData |
- |
|
gpdb:DescribeSpecification |
- |
|
gpdb:DescribeStreamingDataService |
- |
|
gpdb:DescribeStreamingDataSource |
- |
|
gpdb:DescribeStreamingJob |
- |
|
gpdb:DescribeSupportFeatures |
- |
|
gpdb:DescribeTags |
- |
|
gpdb:DescribeUserEncryptionKeyList |
- |
|
gpdb:DescribeWaitingSQLInfo |
- |
|
gpdb:DescribeWaitingSQLRecords |
- |
|
gpdb:DescribeZonesPrivateRAGService |
- |
|
gpdb:DisableDBResourceGroup |
- |
|
gpdb:DownloadDiagnosisRecords |
- |
|
gpdb:DownloadSQLLogsRecords |
- |
|
gpdb:DownloadSlowSQLRecords |
- |
|
gpdb:EnableDBResourceGroup |
- |
|
gpdb:GetAINode |
- |
|
gpdb:GetAccount |
- |
|
gpdb:GetPrice |
- |
|
gpdb:GetSupabaseDashboardAccount |
- |
|
gpdb:GetSupabaseProject |
- |
|
gpdb:GetSupabaseProjectApiKeys |
- |
|
gpdb:GetSupabaseProjectDashboardAccount |
- |
|
gpdb:GetSupabaseProjectSpec |
- |
|
gpdb:GetSupabaseUpdateVersion |
- |
|
gpdb:HandleActiveSQLRecord |
- |
|
gpdb:ListAINodePools |
- |
|
gpdb:ListBackupJobs |
- |
|
gpdb:ListDatabaseExtensions |
- |
|
gpdb:ListExternalDataServices |
- |
|
gpdb:ListHeadNodeSpec |
- |
|
gpdb:ListInstanceDatabases |
- |
|
gpdb:ListInstanceExtensions |
- |
|
gpdb:ListModelServices |
- |
|
gpdb:ListRemoteADBDataSources |
- |
|
gpdb:ListSlowSQLRecords |
- |
|
gpdb:ListStreamingDataServices |
- |
|
gpdb:ListStreamingJobs |
- |
|
gpdb:ListSupabaseProjects |
- |
|
gpdb:ListSupportModels |
- |
|
gpdb:ListTagResources |
- |
|
gpdb:ListVirtualClusters |
- |
|
gpdb:ModifyAccountDescription |
- |
|
gpdb:ModifyActiveOperationMaintainConf |
- |
|
gpdb:ModifyActiveOperationTasks |
- |
|
gpdb:ModifyBackupPolicy |
- |
|
gpdb:ModifyDBInstanceConfig |
- |
|
gpdb:ModifyDBInstanceConnectionMode |
- |
|
gpdb:ModifyDBInstanceConnectionString |
- |
|
gpdb:ModifyDBInstanceDeploymentMode |
- |
|
gpdb:ModifyDBInstanceDescription |
- |
|
gpdb:ModifyDBInstanceMaintainTime |
- |
|
gpdb:ModifyDBInstanceNetworkType |
- |
|
gpdb:ModifyDBInstancePayType |
- |
|
gpdb:ModifyDBInstanceResourceGroup |
- |
|
gpdb:ModifyDBInstanceSSL |
- |
|
gpdb:ModifyDBResourceGroup |
- |
|
gpdb:ModifyExternalDataService |
- |
|
gpdb:ModifyHadoopDataSource |
- |
|
gpdb:ModifyJDBCDataSource |
- |
|
gpdb:ModifyMasterSpec |
- |
|
gpdb:ModifyModelServicePublicConnection |
- |
|
gpdb:ModifyModelServiceSecurityIps |
- |
|
gpdb:ModifyParameters |
- |
|
gpdb:ModifyRemoteADBDataSource |
- |
|
gpdb:ModifySQLCollectorPolicy |
- |
|
gpdb:ModifySecurityIps |
- |
|
gpdb:ModifyStreamingDataService |
- |
|
gpdb:ModifyStreamingDataSource |
- |
|
gpdb:ModifyStreamingJob |
- |
|
gpdb:ModifySupabaseProjectSecurityIps |
- |
|
gpdb:ModifyVectorConfiguration |
- |
|
gpdb:PauseDataRedistribute |
- |
|
gpdb:PauseInstance |
- |
|
gpdb:RebalanceDBInstance |
- |
|
gpdb:ReleaseInstancePublicConnection |
- |
|
gpdb:ResetAccountPassword |
- |
|
gpdb:ResetIMVMonitorData |
- |
|
gpdb:ResetSupabaseProjectPassword |
- |
|
gpdb:RestartDBInstance |
- |
|
gpdb:RestartSupabaseProject |
- |
|
gpdb:ResumeDataRedistribute |
- |
|
gpdb:ResumeInstance |
- |
|
gpdb:SetDBInstancePlanStatus |
- |
|
gpdb:SetDataShareInstance |
- |
|
gpdb:SwitchAINodeZone |
- |
|
gpdb:SwitchDBInstanceNetType |
- |
|
gpdb:TagResources |
- |
|
gpdb:UnbindDBResourceGroupWithRole |
- |
|
gpdb:UnloadSampleData |
- |
|
gpdb:UntagResources |
- |
|
gpdb:UpdateDBInstancePlan |
- |
|
gpdb:UpdateSupabaseVersion |
- |
|
gpdb:UpgradeDBInstance |
- |
|
gpdb:UpgradeDBVersion |
- |
|
gpdb:UpgradeExtensions |
- |
對於不支援資源群組授權的操作,授權時資源範圍選取資源群組層級將無效。如果仍需要RAM使用者有上述操作許可權,您需要建立自訂權限原則,授權時資源範圍選取帳號層級。
以下是兩個自訂權限原則樣本,您可以根據實際需要調整策略內容。
-
允許不支援資源群組層級授權的全部唯讀操作:
Action中列舉不支援資源群組層級授權的所有隻讀操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "gpdb:ChatWithKnowledgeBaseStream", "gpdb:CheckHadoopDataSource", "gpdb:CheckHadoopNetConnection", "gpdb:CheckJDBCSourceNetConnection", "gpdb:CheckServiceLinkedRole", "gpdb:CreateDBInstancePlan", "gpdb:CreateSampleData", "gpdb:DeleteDBInstancePlan", "gpdb:DescribeAccounts", "gpdb:DescribeActiveSQLRecords", "gpdb:DescribeAvailableResources", "gpdb:DescribeBackupJob", "gpdb:DescribeBackupPolicy", "gpdb:DescribeDBClusterNode", "gpdb:DescribeDBClusterPerformance", "gpdb:DescribeDBInstanceAttribute", "gpdb:DescribeDBInstanceDataBloat", "gpdb:DescribeDBInstanceDataSkew", "gpdb:DescribeDBInstanceDiagnosisSummary", "gpdb:DescribeDBInstanceErrorLog", "gpdb:DescribeDBInstanceIPArrayList", "gpdb:DescribeDBInstanceIndexUsage", "gpdb:DescribeDBInstanceNetInfo", "gpdb:DescribeDBInstancePerformance", "gpdb:DescribeDBInstancePlans", "gpdb:DescribeDBInstanceSQLPatterns", "gpdb:DescribeDBInstanceSSL", "gpdb:DescribeDBInstanceSupportMaxPerformance", "gpdb:DescribeDBInstances", "gpdb:DescribeDBResourceGroup", "gpdb:DescribeDBResourceManagementMode", "gpdb:DescribeDBVersion", "gpdb:DescribeDBVersionInfos", "gpdb:DescribeDataBackups", "gpdb:DescribeDataReDistributeInfo", "gpdb:DescribeDataShareInstances", "gpdb:DescribeDataSharePerformance", "gpdb:DescribeDatabase", "gpdb:DescribeDiagnosisDimensions", "gpdb:DescribeDiagnosisMonitorPerformance", "gpdb:DescribeDiagnosisRecords", "gpdb:DescribeDiagnosisSQLInfo", "gpdb:DescribeDownloadRecords", "gpdb:DescribeDownloadSQLLogs", "gpdb:DescribeExtension", "gpdb:DescribeExternalDataService", "gpdb:DescribeHadoopClustersInSameNet", "gpdb:DescribeHadoopConfigs", "gpdb:DescribeHadoopDataSource", "gpdb:DescribeHealthStatus", "gpdb:DescribeHistoryEvents", "gpdb:DescribeHistoryEventsStat", "gpdb:DescribeIMVInfos", "gpdb:DescribeJDBCDataSource", "gpdb:DescribeLogBackups", "gpdb:DescribeModelService", "gpdb:DescribeModifyParameterLog", "gpdb:DescribeParameters", "gpdb:DescribePrivateRAGService", "gpdb:DescribeRebalanceStatus", "gpdb:DescribeRoles", "gpdb:DescribeSQLCollectorPolicy", "gpdb:DescribeSQLLogCount", "gpdb:DescribeSQLLogRecords", "gpdb:DescribeSQLLogs", "gpdb:DescribeSampleData", "gpdb:DescribeSpecification", "gpdb:DescribeStreamingDataSource", "gpdb:DescribeSupportFeatures", "gpdb:DescribeTags", "gpdb:DescribeUserEncryptionKeyList", "gpdb:DescribeWaitingSQLInfo", "gpdb:DescribeWaitingSQLRecords", "gpdb:DescribeZonesPrivateRAGService", "gpdb:DownloadSQLLogsRecords", "gpdb:DownloadSlowSQLRecords", "gpdb:GetAINode", "gpdb:GetAccount", "gpdb:GetPrice", "gpdb:GetSupabaseProject", "gpdb:GetSupabaseProjectApiKeys", "gpdb:GetSupabaseProjectDashboardAccount", "gpdb:GetSupabaseProjectSpec", "gpdb:GetSupabaseUpdateVersion", "gpdb:HandleActiveSQLRecord", "gpdb:ListAINodePools", "gpdb:ListBackupJobs", "gpdb:ListDatabaseExtensions", "gpdb:ListExternalDataServices", "gpdb:ListInstanceDatabases", "gpdb:ListInstanceExtensions", "gpdb:ListModelServices", "gpdb:ListRemoteADBDataSources", "gpdb:ListSlowSQLRecords", "gpdb:ListSupabaseProjects", "gpdb:ListSupportModels", "gpdb:ListTagResources", "gpdb:ListVirtualClusters", "gpdb:ModifyDBInstanceConfig", "gpdb:ModifyVectorConfiguration", "gpdb:PauseInstance", "gpdb:RebalanceDBInstance", "gpdb:ResetIMVMonitorData", "gpdb:SetDBInstancePlanStatus", "gpdb:UnloadSampleData", "gpdb:UpdateDBInstancePlan" ], "Resource": "*" } ] } -
允許不支援資源群組層級授權的全部操作:
Action中列舉不支援資源群組層級授權的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "gpdb:AddAINode", "gpdb:AllocateInstancePublicConnection", "gpdb:BindDBResourceGroupWithRole", "gpdb:BindToVirtualCluster", "gpdb:CancelActiveOperationTasks", "gpdb:ChatWithKnowledgeBase", "gpdb:ChatWithKnowledgeBaseStream", "gpdb:CheckHadoopDataSource", "gpdb:CheckHadoopNetConnection", "gpdb:CheckJDBCSourceNetConnection", "gpdb:CheckServiceLinkedRole", "gpdb:CloneDBInstance", "gpdb:CreateAccount", "gpdb:CreateBackup", "gpdb:CreateDBInstance", "gpdb:CreateDBInstanceIPArray", "gpdb:CreateDBInstancePlan", "gpdb:CreateDBResourceGroup", "gpdb:CreateDatabase", "gpdb:CreateExtensions", "gpdb:CreateExternalDataService", "gpdb:CreateHadoopDataSource", "gpdb:CreateJDBCDataSource", "gpdb:CreateModelService", "gpdb:CreateOrder", "gpdb:CreateRemoteADBDataSource", "gpdb:CreateSampleData", "gpdb:CreateServiceLinkedRole", "gpdb:CreateStreamingDataService", "gpdb:CreateStreamingDataSource", "gpdb:CreateStreamingJob", "gpdb:CreateSupabaseProject", "gpdb:CreateVirtualCluster", "gpdb:DeleteAINode", "gpdb:DeleteBackup", "gpdb:DeleteDBInstance", "gpdb:DeleteDBInstanceIPArray", "gpdb:DeleteDBInstancePlan", "gpdb:DeleteDBResourceGroup", "gpdb:DeleteDatabase", "gpdb:DeleteExtension", "gpdb:DeleteExternalDataService", "gpdb:DeleteHadoopDataSource", "gpdb:DeleteJDBCDataSource", "gpdb:DeleteModelService", "gpdb:DeletePrivateRAGService", "gpdb:DeleteRemoteADBDataSource", "gpdb:DeleteStreamingDataService", "gpdb:DeleteStreamingDataSource", "gpdb:DeleteStreamingJob", "gpdb:DeleteSupabaseProject", "gpdb:DeleteVirtualCluster", "gpdb:DeployPrivateRAGService", "gpdb:DescribeAccounts", "gpdb:DescribeActiveSQLRecords", "gpdb:DescribeAvailableResources", "gpdb:DescribeBackupJob", "gpdb:DescribeBackupPolicy", "gpdb:DescribeDBClusterNode", "gpdb:DescribeDBClusterPerformance", "gpdb:DescribeDBInstanceAttribute", "gpdb:DescribeDBInstanceDataBloat", "gpdb:DescribeDBInstanceDataSkew", "gpdb:DescribeDBInstanceDiagnosisSummary", "gpdb:DescribeDBInstanceErrorLog", "gpdb:DescribeDBInstanceIPArrayList", "gpdb:DescribeDBInstanceIndexUsage", "gpdb:DescribeDBInstanceNetInfo", "gpdb:DescribeDBInstancePerformance", "gpdb:DescribeDBInstancePlans", "gpdb:DescribeDBInstanceSQLPatterns", "gpdb:DescribeDBInstanceSSL", "gpdb:DescribeDBInstanceSupportMaxPerformance", "gpdb:DescribeDBInstances", "gpdb:DescribeDBResourceGroup", "gpdb:DescribeDBResourceManagementMode", "gpdb:DescribeDBVersion", "gpdb:DescribeDBVersionInfos", "gpdb:DescribeDataBackups", "gpdb:DescribeDataReDistributeInfo", "gpdb:DescribeDataShareInstances", "gpdb:DescribeDataSharePerformance", "gpdb:DescribeDatabase", "gpdb:DescribeDiagnosisDimensions", "gpdb:DescribeDiagnosisMonitorPerformance", "gpdb:DescribeDiagnosisRecords", "gpdb:DescribeDiagnosisSQLInfo", "gpdb:DescribeDownloadRecords", "gpdb:DescribeDownloadSQLLogs", "gpdb:DescribeExtension", "gpdb:DescribeExternalDataService", "gpdb:DescribeHadoopClustersInSameNet", "gpdb:DescribeHadoopConfigs", "gpdb:DescribeHadoopDataSource", "gpdb:DescribeHealthStatus", "gpdb:DescribeHistoryEvents", "gpdb:DescribeHistoryEventsStat", "gpdb:DescribeIMVInfos", "gpdb:DescribeJDBCDataSource", "gpdb:DescribeLogBackups", "gpdb:DescribeModelService", "gpdb:DescribeModifyParameterLog", "gpdb:DescribeParameters", "gpdb:DescribePrivateRAGService", "gpdb:DescribeRayCluster", "gpdb:DescribeRebalanceStatus", "gpdb:DescribeRegions", "gpdb:DescribeRoles", "gpdb:DescribeSQLCollectorPolicy", "gpdb:DescribeSQLLogCount", "gpdb:DescribeSQLLogRecords", "gpdb:DescribeSQLLogs", "gpdb:DescribeSampleData", "gpdb:DescribeSpecification", "gpdb:DescribeStreamingDataService", "gpdb:DescribeStreamingDataSource", "gpdb:DescribeStreamingJob", "gpdb:DescribeSupportFeatures", "gpdb:DescribeTags", "gpdb:DescribeUserEncryptionKeyList", "gpdb:DescribeWaitingSQLInfo", "gpdb:DescribeWaitingSQLRecords", "gpdb:DescribeZonesPrivateRAGService", "gpdb:DisableDBResourceGroup", "gpdb:DownloadDiagnosisRecords", "gpdb:DownloadSQLLogsRecords", "gpdb:DownloadSlowSQLRecords", "gpdb:EnableDBResourceGroup", "gpdb:GetAINode", "gpdb:GetAccount", "gpdb:GetPrice", "gpdb:GetSupabaseDashboardAccount", "gpdb:GetSupabaseProject", "gpdb:GetSupabaseProjectApiKeys", "gpdb:GetSupabaseProjectDashboardAccount", "gpdb:GetSupabaseProjectSpec", "gpdb:GetSupabaseUpdateVersion", "gpdb:HandleActiveSQLRecord", "gpdb:ListAINodePools", "gpdb:ListBackupJobs", "gpdb:ListDatabaseExtensions", "gpdb:ListExternalDataServices", "gpdb:ListHeadNodeSpec", "gpdb:ListInstanceDatabases", "gpdb:ListInstanceExtensions", "gpdb:ListModelServices", "gpdb:ListRemoteADBDataSources", "gpdb:ListSlowSQLRecords", "gpdb:ListStreamingDataServices", "gpdb:ListStreamingJobs", "gpdb:ListSupabaseProjects", "gpdb:ListSupportModels", "gpdb:ListTagResources", "gpdb:ListVirtualClusters", "gpdb:ModifyAccountDescription", "gpdb:ModifyActiveOperationMaintainConf", "gpdb:ModifyActiveOperationTasks", "gpdb:ModifyBackupPolicy", "gpdb:ModifyDBInstanceConfig", "gpdb:ModifyDBInstanceConnectionMode", "gpdb:ModifyDBInstanceConnectionString", "gpdb:ModifyDBInstanceDeploymentMode", "gpdb:ModifyDBInstanceDescription", "gpdb:ModifyDBInstanceMaintainTime", "gpdb:ModifyDBInstanceNetworkType", "gpdb:ModifyDBInstancePayType", "gpdb:ModifyDBInstanceResourceGroup", "gpdb:ModifyDBInstanceSSL", "gpdb:ModifyDBResourceGroup", "gpdb:ModifyExternalDataService", "gpdb:ModifyHadoopDataSource", "gpdb:ModifyJDBCDataSource", "gpdb:ModifyMasterSpec", "gpdb:ModifyModelServicePublicConnection", "gpdb:ModifyModelServiceSecurityIps", "gpdb:ModifyParameters", "gpdb:ModifyRemoteADBDataSource", "gpdb:ModifySQLCollectorPolicy", "gpdb:ModifySecurityIps", "gpdb:ModifyStreamingDataService", "gpdb:ModifyStreamingDataSource", "gpdb:ModifyStreamingJob", "gpdb:ModifySupabaseProjectSecurityIps", "gpdb:ModifyVectorConfiguration", "gpdb:PauseDataRedistribute", "gpdb:PauseInstance", "gpdb:RebalanceDBInstance", "gpdb:ReleaseInstancePublicConnection", "gpdb:ResetAccountPassword", "gpdb:ResetIMVMonitorData", "gpdb:ResetSupabaseProjectPassword", "gpdb:RestartDBInstance", "gpdb:RestartSupabaseProject", "gpdb:ResumeDataRedistribute", "gpdb:ResumeInstance", "gpdb:SetDBInstancePlanStatus", "gpdb:SetDataShareInstance", "gpdb:SwitchAINodeZone", "gpdb:SwitchDBInstanceNetType", "gpdb:TagResources", "gpdb:UnbindDBResourceGroupWithRole", "gpdb:UnloadSampleData", "gpdb:UntagResources", "gpdb:UpdateDBInstancePlan", "gpdb:UpdateSupabaseVersion", "gpdb:UpgradeDBInstance", "gpdb:UpgradeDBVersion", "gpdb:UpgradeExtensions" ], "Resource": "*" } ] }
獲得帳號層級許可權的RAM使用者或RAM角色,能夠操作整個帳號範圍內的相關資源。請務必確認所授與權限是否符合預期,遵從最小授權原則謹慎分配許可權。
常見問題
如何查看當前資源屬於哪個資源群組?
-
方式一:單擊資源名稱,進入資源的詳情頁面,即可查看到當前資源的資源群組。
-
方式二:登入資源管理主控台,單擊,在左側選擇目標資源所屬帳號(預設為當前帳號),通過篩選條件定位目標資源,即可查看其所屬資源群組。
如何查看當前產品在某個資源群組下的所有資源?
如何批量修改多個資源的資源群組?
登入資源管理主控台,單擊,在目標資源群組所在行的操作列下,單擊資源管理以進入資源管理頁面。通過篩選條件定位多個目標資源,批量勾選第一列的複選框後單擊下方轉移資源群組,並按頁面提示完成資源群組修改。