API参考 - API参考 - RAM资源授权

描述


您通过云账号创建的RDS实例，都是该账号自己拥有的资源。默认情况下，账号对自己的资源拥有完整的操作权限。
通过使用阿里云的RAM（Resource Access Management）服务，您可以将您云账号下RDS资源的访问及管理权限授予RAM中的子用户。
目前，可以在RAM中进行授权的资源类型只有dbinstance。在通过RAM进行授权时，资源的描述方式如下：

请求参数

[tr=rgb(51, 205, 229)][td]资源类型 授权策略中的资源描述方式dbinstanceacs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
acs:rds:$regionid:$accountid:dbinstance/
acs:rds:::dbinstance/
参数说明： [tr=rgb(51, 205, 229)][td]参数名称 说明

$regionid地域的ID，可以用*代替。

$dbinstanceid实例的名称，可以用*代替。

$accountid云账号的数字ID，可以用*代替。

RDS API的鉴权规则


当子用户通过API访问RDS时，RDS后台会向RAM进行权限检查，以确保调用者拥有相应权限。每个API会根据涉及到的资源以及API的语义来确定需要检查哪些资源的权限。每个API的鉴权规则如下表所示： [tr=rgb(51, 205, 229)][td]API 鉴权规则CreateDBInstanceacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDeleteDBInstanceacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeDBInstancesacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidSwitchDBInstanceNetTypeacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidModifyDBInstanceDescriptionacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidModifyDBInstanceMaintainTimeacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidPurgeDBInstanceLogacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDeleteDatabaseacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidModifyDBDescriptionacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeFilesForSQLServeracs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeImportsForSQLServeracs:rds:$regionid:$accountid:dbinstance/$dbinstanceidCancelImportacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidResetAccountPasswordacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidRevokeAccountPrivilegeacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDeleteAccountacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidCreateBackupacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidCreateTempDBInstanceacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidModifyBackupPolicyacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeDBInstancePerformanceacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeSlowLogRecordsacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeBinlogFilesacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeSQLLogRecordsacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeOptimizeAdviceOnMissPKacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeOptimizeAdviceOnMissIndexacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeParametersacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidCreatePrepaidDBInstanceForChannelacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidModifyPrepaidDBInstanceSpecacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidCreatePostpaidDBInstanceForChannelacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidModifyPostpaidDBInstanceSpecacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeDBInstanceAttributeacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidRestartDBInstanceacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidModifySecurityIpsacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidUpgradeDBInstanceEngineVersionacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidCreateDatabaseacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeDatabasesacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidCreateUploadPathForSQLServeracs:rds:$regionid:$accountid:dbinstance/$dbinstanceidImportDataBaseBetweenInstancesacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidCreateAccountacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidGrantAccountPrivilegeacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeAccountsacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidModifyAccountDescriptionacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeBackupsacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeBackupPolicyacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeResourceUsageacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeSlowLogsacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeErrorLogsacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeSQLLogReportsacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeOptimizeAdviceOnStorageacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeOptimizeAdviceOnExcessIndexacs:rds:$regionid:$accountid:dbinstance/$dbinstanceidDescribeOptimizeAdviceByDBAacs:rds:$regionid:$accountid:dbinstance/$dbinstanceid[tr=rgb(239, 251, 255)][td]ModifyeParameter acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid