DocsICP FilingConsole
官方文档
首页

Set up permissions

更新时间:
复制 MD 格式
产品详情
我的收藏

A RAM user must have the AliyunClickHouseFullAccess permission to create clusters and accounts in the ApsaraDB for ClickHouse console. If you use your Alibaba Cloud account (root account), skip this topic.

Prerequisites

Procedure

  1. Sign in to the RAM console as a RAM administrator.

  2. On the Users page, find the target RAM user and click Add Permissions in the Actions column.

    You can also select multiple RAM users and click Add Permissions below the user list to grant permissions in bulk.

  3. In the Add Authorization panel, grant permissions to the RAM user as described in the following table.

    Parameter

    Description

    Example

    Resource Range

    Account: The permissions apply to all resources within the current Alibaba Cloud account.

    Note

    ApsaraDB for ClickHouse does not support specifying resource groups.

    Entire Alibaba Cloud account

    Principal

    The RAM user to grant permissions to. This field is automatically populated with the current RAM user, but you can add others.

    ClickHouse***@1648821913965368.onaliyun.com

    Policy

    Policies are categorized into system policies and custom policies.

    • System policies: Alibaba Cloud provides default policies for various management purposes. The system policies for ApsaraDB for ClickHouse are as follows.

      • AliyunClickHouseFullAccess: Grants full permissions on all ApsaraDB for ClickHouse resources, including cluster and account management.

      • AliyunClickHouseReadOnlyAccess: Grants read-only access to ApsaraDB for ClickHouse resources, such as clusters and database accounts.

      The policies for dependent products are as follows.

      • AliyunVPCFullAccess: Grants permissions to manage VPCs.

        Creating an ApsaraDB for ClickHouse cluster requires a VPC and a vSwitch. If no VPC or vSwitch is available in your account, you must create one. We recommend attaching this policy.

      • AliyunARMSFullAccess: Grants permissions to manage ARMS.

        ApsaraDB for ClickHouse uses ARMS for alert management. We recommend attaching this policy.

    • Custom policies: Fine-grained policies for users familiar with Alibaba Cloud APIs who require granular access control.

    Note

    You can attach up to five policies at a time. To attach more, repeat the operation.

    • AliyunClickHouseFullAccess

    • AliyunVPCFullAccess

    • AliyunARMSFullAccess

  4. Click OK.

Next steps

Create a cluster

Previous:ProcessNext:Create a cluster