If system policies do not meet your requirements, you can create custom policies to achieve least privilege. Custom policies provide fine-grained permission control and are an effective way to improve resource access security. This topic describes scenarios and provides policy examples of using custom policies with ApsaraDB for MyBase.
What are custom policies?
In Resource Access Management (RAM), custom policies are policies that you can create, update, and delete in addition to system policies. You are responsible for the version management of custom policies.
After you create a custom policy, you can attach it to a RAM user, user group, or RAM role. The RAM identity then gains the access permissions specified in the policy.
You can delete a custom policy. Before you delete it, make sure the policy is not referenced. If the policy is referenced, you must remove the authorization from the reference records.
Custom policies support versioning. You can manage the versions of your custom policies using the version management features in RAM.
Operation document
Authorization information
To use custom policies, you must understand your permission control requirements and the authorization information for ApsaraDB RDS. For more information, see Authorization information.