当您使用资源组对资源进行分组管理时,可以结合访问控制(RAM),在单个阿里云账号内实现资源的隔离和精细化权限管理。本文总结了云数据库RDS对资源组的支持情况,以及资源组级别的授权操作步骤。
-
只有支持资源组的资源类型和支持资源组级别授权的操作,资源组级别授权才能生效。
-
对于不支持资源组的资源类型,授予资源组范围的权限将无效。在选择资源范围时,请选择账号级别,进行账号级别授权。具体操作,请参见不支持资源组级别授权的操作。
资源组授权的工作原理
您可以使用资源组(Resource Group)对阿里云账号内的资源进行分组管理。例如,为不同的项目创建对应的资源组,并将资源转移到对应的组中,以便集中管理各项目的资源。更多信息,请参见什么是资源组。
在完成资源分组后,您可以为不同的RAM授权主体(RAM用户、RAM用户组或RAM角色)授予指定资源组范围的权限,从而限定这个授权主体只能管理该资源组内的资源。更多信息,请参见资源分组和授权。
这种授权方式的优点有:
-
权限精细化:确保每个身份能获得最准确的资源访问权限,避免账号下的多个项目的资源混合管理。
-
良好的扩展性:后续新增资源时,只需将其加入该资源组,RAM身份便会自动获得新资源的相应权限,无需再次授权。
为RAM用户授予资源组级别的权限
下面以RAM用户为例,介绍授予指定资源组内云数据库RDS资源权限的操作步骤。
1. 前置步骤
2. 进行资源组级别授权
您可以通过以下任一方式进行资源组级别授权。
方式一:在资源管理控制台中授权
通过资源组的权限管理功能为指定 RAM 用户授权。详情操作可参见为RAM身份授予资源组范围的权限。
方式二:在 RAM 控制台中授权
通过RAM控制台为指定 RAM 用户进行资源组级别授权。详细操作可参见为RAM用户授权。
支持资源组的资源类型
云数据库RDS支持资源组的资源类型如下表所示:
|
云服务 |
云服务代码 |
资源类型 |
|
云数据库RDS |
rds |
dbinstance : 实例 |
对于暂不支持资源组的资源类型,如有需要,您可以在资源组控制台提交反馈。
不支持资源组级别授权的操作
云数据库RDS中不支持资源组级别授权的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
rds:AcceptRCInquiredSystemEvent |
- |
|
rds:AssociateEipAddressWithRCInstance |
该接口用于为Custom实例绑定弹性公网IP EIP(Elastic IP Address)。 |
|
rds:AttachRCDisk |
调用AttachRCDisk接口为RDS Custom实例挂载一块按量付费数据盘,或者挂载一块系统盘。实例和磁盘必须在同一个可用区。 |
|
rds:AttachRCInstances |
该接口用于添加RDS Custom实例到ACK集群。 |
|
rds:AttachRCInstancesToNodePool |
- |
|
rds:AuthorizeBackupEncryption |
- |
|
rds:AuthorizeRCSecurityGroupPermission |
用于在指定安全组中新增规则。 |
|
rds:BatchExecuteStatement |
- |
|
rds:BeginTransaction |
- |
|
rds:CancelActiveOperationTasks |
- |
|
rds:CheckBackupEncryptionAuthorized |
- |
|
rds:CheckCreateDdrDBInstance |
该接口用于预检查某RDS实例是否可以用跨地域备份集进行跨地域恢复。 |
|
rds:CheckRdsCustomInit |
- |
|
rds:CheckUserIfAuthoriseMyBaseSystemRole |
- |
|
rds:CloneParameterGroup |
该接口用于复制RDS参数模板到当前地域或其他地域内。 |
|
rds:CommitTransaction |
- |
|
rds:ConfirmNotify |
该接口用于确认主账号下RDS控制台的轮播消息。 |
|
rds:CreateDBInstances |
- |
|
rds:CreateDdrInstance |
该接口用于跨地域恢复数据到新实例。 |
|
rds:CreateDedicatedHost |
- |
|
rds:CreateDedicatedHostAccount |
- |
|
rds:CreateDedicatedHostGroup |
- |
|
rds:CreateGADInstance |
该接口用于创建RDS全球多活数据库集群。 |
|
rds:CreateGadInstanceMember |
该接口用于在RDS全球多活数据库集群中添加节点。 |
|
rds:CreateMigrationTask |
- |
|
rds:CreateMyBase |
- |
|
rds:CreateOrderForResourcePack |
- |
|
rds:CreateRCClusterNodePool |
- |
|
rds:CreateRCDeploymentSet |
- |
|
rds:CreateRCImage |
- |
|
rds:CreateRCNodePool |
在RDS Custom的ACK Edge集群中创建边缘节点池。 |
|
rds:CreateRCVCluster |
- |
|
rds:CreateServiceLinkedRole |
该接口用于创建服务关联角色(SLR)。 |
|
rds:CreateYaoChiAgentSession |
- |
|
rds:CreateYouhuiForOrder |
该接口用于领取优惠券。 |
|
rds:Delete |
- |
|
rds:DeleteDedicatedHostAccount |
- |
|
rds:DeleteDedicatedHostGroup |
- |
|
rds:DeleteGadInstance |
该接口用于删除RDS全球多活数据库集群。 |
|
rds:DeleteParameterGroup |
该接口用于删除RDS参数模板。 |
|
rds:DeleteRCClusterNodePool |
- |
|
rds:DeleteRCClusterNodes |
该接口用于删除ACK集群中的RDS Custom节点。 |
|
rds:DeleteRCDeploymentSet |
调用DeleteRCDeploymentSet接口,并指定RegionId、DeploymentSetId等参数,删除一个RDS Custom部署集。 |
|
rds:DeleteRCInstanceTimedScheduleTask |
- |
|
rds:DeleteRCNodePool |
- |
|
rds:DeleteRCVCluster |
- |
|
rds:DeleteSecret |
调用DeleteSecret接口删除Data API用户凭证。 |
|
rds:DeleteUserBackupFile |
该接口用于删除RDS MySQL的目标用户备份。 |
|
rds:DescibeImportsFromDatabase |
该接口用于查看实例迁移状态列表。 |
|
rds:DescribeAccountCompleteProgress |
- |
|
rds:DescribeActionEventPolicy |
该接口用于查询RDS的历史事件功能是否开启。 |
|
rds:DescribeActiveOperationMaintainConf |
- |
|
rds:DescribeActiveOperationTask |
- |
|
rds:DescribeActiveOperationTaskType |
- |
|
rds:DescribeActiveOperationTasks |
该接口用于查看RDS实例的计划内运维任务详情。 |
|
rds:DescribeApplyResource |
- |
|
rds:DescribeAvailableCrossRegion |
该接口用于查询所选地域当前可以进行跨地域备份的目的地域。 |
|
rds:DescribeAvailableDedicatedHostZones |
- |
|
rds:DescribeAvailableInstanceClass |
- |
|
rds:DescribeAvailableRecoveryTime |
|
|
rds:DescribeAvailableResource |
- |
|
rds:DescribeAvailableResource |
- |
|
rds:DescribeBatchTask |
- |
|
rds:DescribeClassList |
- |
|
rds:DescribeClassList |
- |
|
rds:DescribeControlEventConfig |
- |
|
rds:DescribeCrossBackupMetaList |
该接口用于查询RDS实例跨地域备份的库表信息。 |
|
rds:DescribeDBInstancePerformanceDup |
- |
|
rds:DescribeDBInstancePromoteActivity |
该接口已停止维护:可以正常调用,但不再维护。 |
|
rds:DescribeDBInstanceUpgradeActivity |
- |
|
rds:DescribeDBInstancesByExpireTime |
该接口用于通过包年包月实例的剩余可用时间查询RDS实例信息。 |
|
rds:DescribeDbInstances |
- |
|
rds:DescribeDedicatedHostAttribute |
- |
|
rds:DescribeDedicatedHostByTags |
- |
|
rds:DescribeDedicatedHostDisks |
- |
|
rds:DescribeDedicatedHostDistribution |
- |
|
rds:DescribeDedicatedHostGroups |
查询RDS专属集群信息。 |
|
rds:DescribeDedicatedHostMetric |
- |
|
rds:DescribeDedicatedHostTags |
- |
|
rds:DescribeDedicatedHosts |
查询专属集群内的主机信息。 |
|
rds:DescribeDedicatedInstanceDistribution |
- |
|
rds:DescribeDtsJob |
- |
|
rds:DescribeEncryptionKeyList |
- |
|
rds:DescribeEvaluateDedicatedHosts |
- |
|
rds:DescribeEventMetaInfo |
- |
|
rds:DescribeEvents |
该接口用于查询RDS历史事件记录列表。 |
|
rds:DescribeGetScene |
- |
|
rds:DescribeHistoryEventsStat |
统计事件中心的历史事件。 |
|
rds:DescribeHostAdInfo |
- |
|
rds:DescribeHostEcsLevelInfo |
- |
|
rds:DescribeHostGroupElasticStrategyParameters |
- |
|
rds:DescribeHostInstanceMonitorInfo |
- |
|
rds:DescribeInstanceKeywords |
该接口用于查询RDS实例的保留关键字,即创建数据库或账号时禁用的关键字。 |
|
rds:DescribeKmsAssociateResources |
该接口用于查询KMS的指定资源是否关联了RDS实例。 |
|
rds:DescribeListUserBackupFileRecord |
- |
|
rds:DescribeMarketingActivity |
获取RDS营销项目中待升级实例信息 |
|
rds:DescribeMarketingActivityForInner |
- |
|
rds:DescribeMyBaseHostOverView |
- |
|
rds:DescribeMyBaseInstanceOverView |
- |
|
rds:DescribeParameterGroup |
该接口用于查询指定的RDS参数模板信息。 |
|
rds:DescribeRCAvailableResource |
- |
|
rds:DescribeRCCloudAssistantStatus |
- |
|
rds:DescribeRCClusterConfig |
查询RDS Custom ACK集群KubeConfig。 |
|
rds:DescribeRCClusterNodePoolDetail |
- |
|
rds:DescribeRCClusterNodePools |
- |
|
rds:DescribeRCClusterNodes |
查询ACK集群中的节点(即RDS Custom实例)列表。 |
|
rds:DescribeRCClusters |
- |
|
rds:DescribeRCDeploymentSets |
- |
|
rds:DescribeRCElasticScaling |
- |
|
rds:DescribeRCImageList |
调用DescribeRCImageList接口,并可以指定RegionId等参数,查询创建RDS Custom可以使用的自定义镜像列表。 |
|
rds:DescribeRCInstanceDdosCount |
该接口用于查询RDS Custom for SQL Server实例被DDos攻击的数量,实时监控数据库实例的安全状态,以便评估潜在的安全风险。 |
|
rds:DescribeRCInstanceHistoryEvents |
- |
|
rds:DescribeRCInstanceIpAddress |
该接口用于查询RDS Custom for SQL Server实例的DDos防护信息及所属原生防护实例的详情。 |
|
rds:DescribeRCInstanceTimedScheduleTask |
- |
|
rds:DescribeRCInstanceTypeFamilies |
- |
|
rds:DescribeRCInstanceTypes |
- |
|
rds:DescribeRCInstanceVncUrl |
该接口用于查询一台RDS Custom实例的VNC登录地址。 |
|
rds:DescribeRCInvocationResults |
- |
|
rds:DescribeRCMetricList |
该接口用于查询目标RDS Custom指定监控指标的监控数据。 |
|
rds:DescribeRCNodePool |
该接口用于查询RDS Custom边缘节点池配置信息。 |
|
rds:DescribeRCResourcesModification |
- |
|
rds:DescribeRCSecurityGroupList |
- |
|
rds:DescribeRCSecurityGroupPermission |
- |
|
rds:DescribeRCVCluster |
- |
|
rds:DescribeRdsResourceSettings |
该接口用于获取实例资源的通知设置信息,已停止维护:可以正常调用,但不再维护。 |
|
rds:DescribeRdsVSwitchs |
- |
|
rds:DescribeRdsVpcs |
- |
|
rds:DescribeRdsVpcs |
- |
|
rds:DescribeRegions |
- |
|
rds:DescribeRegions |
- |
|
rds:DescribeSqlLogInstances |
- |
|
rds:DescribeSqlLogTemplatesList |
- |
|
rds:DescribeSqlLogTemplatesTimeDistribution |
- |
|
rds:DescribeSqlLogTimeDistribution |
- |
|
rds:DescribeSqlTemplatesConsumeAndScanRows |
- |
|
rds:DescribeUserBackupFiles |
- |
|
rds:DescribeUserEncryptionKeyList |
- |
|
rds:DescribeUserInfo |
- |
|
rds:DescribeVSwitchList |
- |
|
rds:DescribeVpcZoneNos |
- |
|
rds:DescribeWhitelistTemplate |
该接口用于获取指定的白名单模板信息。 |
|
rds:DescribeYaoChiAgentAuthorizationStatus |
- |
|
rds:DescribeYaoChiAgentTopQuestions |
- |
|
rds:DescribeYaoChiAgentUserSessions |
- |
|
rds:DetachGadInstanceMember |
该接口用于移除RDS全球多活数据库集群中的单元节点。 |
|
rds:DetachRCDisk |
调用DetachRCDisk接口,从RDS Custom实例上卸载一块按量付费数据盘,或者卸载一块系统盘。 |
|
rds:DiscountAuthenticate |
- |
|
rds:ExecuteStatement |
- |
|
rds:GetYaoChiAgent |
- |
|
rds:Insert |
- |
|
rds:InsertList |
- |
|
rds:InstallRCCloudAssistant |
- |
|
rds:ListRCVClusters |
- |
|
rds:ListUserBackupFiles |
该接口用于查询所有已导入至RDS的用户备份的详情。 |
|
rds:ModifyActionEventPolicy |
该接口用于开启或关闭RDS的历史事件功能。 |
|
rds:ModifyActiveOperationMaintainConf |
- |
|
rds:ModifyActiveOperationTasks |
该接口用于修改RDS实例计划内运维任务的切换时间。 |
|
rds:ModifyCustinsResource |
该接口用于修改RDS实例资源。 |
|
rds:ModifyDedicatedHostAccount |
- |
|
rds:ModifyDedicatedHostAttribute |
- |
|
rds:ModifyDedicatedHostClass |
- |
|
rds:ModifyDedicatedHostGroupAttribute |
- |
|
rds:ModifyEventInfo |
修改事件中心的事件信息。 |
|
rds:ModifyRCClusterNodePool |
- |
|
rds:ModifyRCDiskAttribute |
- |
|
rds:ModifyRCDiskChargeType |
- |
|
rds:ModifyRCDiskSpec |
- |
|
rds:ModifyRCElasticScaling |
- |
|
rds:ModifyRCInstanceAttribute |
- |
|
rds:ModifyRCInstanceChargeType |
用于修改RDS Custom实例或者云盘的计费方式。您可以通过此接口实现按量付费实例和包年包月实例之间的相互转换。 |
|
rds:ModifyRCInstanceDescription |
本接口用于修改RDS Custom实例的名称。 |
|
rds:ModifyRCInstanceKeyPair |
- |
|
rds:ModifyRCInstanceNetworkSpec |
- |
|
rds:ModifyRCInstanceTimedScheduleTask |
- |
|
rds:ModifyRCInstanceVpcAttribute |
- |
|
rds:ModifyRCSecurityGroupPermission |
- |
|
rds:ModifyRCVCluster |
- |
|
rds:ModifyTaskInfo |
修改任务中心的历史任务信息。 |
|
rds:QueryHostInstanceConsoleInfo |
- |
|
rds:QueryNotify |
该接口用于查询RDS的通知。 |
|
rds:QueryPriceForResourcePack |
- |
|
rds:QueryRecommendByCode |
该接口用于查询RDS机器人热点问题。 |
|
rds:RdsCustomInit |
- |
|
rds:RebootRCInstance |
- |
|
rds:RebootRCInstances |
- |
|
rds:RebuildDBInstance |
调用RebuildDBInstance接口重建专属集群中的RDS备实例。 |
|
rds:ReceiveDBInstance |
该接口用于将RDS MySQL主实例切换成灾备实例,将灾备实例切换成主实例。 |
|
rds:RedeployRCInstance |
- |
|
rds:RefreshYaoChiAgentUserToken |
- |
|
rds:RemoveRCNodePoolNodes |
- |
|
rds:RemoveTagsFromResource |
该接口用于解绑标签。 |
|
rds:RenewRCInstance |
该接口用于续费一台包年包月的RDS Custom实例。 |
|
rds:ReplaceRCInstanceSystemDisk |
重装一台RDS Custom实例的操作系统。 |
|
rds:RevokeRCSecurityGroupPermission |
- |
|
rds:RollbackTransaction |
- |
|
rds:RunRCCommand |
- |
|
rds:Select |
- |
|
rds:StartRCInstances |
- |
|
rds:StartSqlLogTrail |
- |
|
rds:StopRCInstances |
- |
|
rds:SwitchOverMajorVersionUpgrade |
用于RDS PostgreSQL的零停机大版本升级流量切换。 |
|
rds:SyncRCKeyPair |
- |
|
rds:SyncRCSecurityGroup |
- |
|
rds:UnassociateEipAddressWithRCInstance |
- |
|
rds:Update |
- |
|
rds:UpdateUserBackupFile |
该接口用于变更用户备份的备注信息和保留时长。 |
|
rds:UpgradeDBInstanceMajorVersion |
该接口用于发起RDS PostgreSQL实例大版本升级任务。 |
对于不支持资源组授权的操作,授权时资源范围选择资源组级别将无效。如果仍需要RAM用户有上述操作权限,您需要创建自定义权限策略,授权时资源范围选择账号级别。
以下是两个自定义权限策略示例,您可以根据实际需要调整策略内容。
-
允许不支持资源组级别授权的全部只读操作:
Action中列举不支持资源组级别授权的所有只读操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "rds:DescribeAccountCompleteProgress", "rds:DescribeActionEventPolicy", "rds:DescribeActiveOperationMaintainConf", "rds:DescribeActiveOperationTask", "rds:DescribeActiveOperationTaskType", "rds:DescribeActiveOperationTasks", "rds:DescribeApplyResource", "rds:DescribeAvailableCrossRegion", "rds:DescribeAvailableDedicatedHostZones", "rds:DescribeAvailableInstanceClass", "rds:DescribeAvailableRecoveryTime", "rds:DescribeAvailableResource", "rds:DescribeAvailableResource", "rds:DescribeBatchTask", "rds:DescribeClassList", "rds:DescribeClassList", "rds:DescribeControlEventConfig", "rds:DescribeCrossBackupMetaList", "rds:DescribeDBInstancePerformanceDup", "rds:DescribeDBInstancePromoteActivity", "rds:DescribeDBInstanceUpgradeActivity", "rds:DescribeDBInstancesByExpireTime", "rds:DescribeDbInstances", "rds:DescribeDedicatedHostAttribute", "rds:DescribeDedicatedHostByTags", "rds:DescribeDedicatedHostDisks", "rds:DescribeDedicatedHostDistribution", "rds:DescribeDedicatedHostGroups", "rds:DescribeDedicatedHostMetric", "rds:DescribeDedicatedHostTags", "rds:DescribeDedicatedHosts", "rds:DescribeDedicatedInstanceDistribution", "rds:DescribeDtsJob", "rds:DescribeEncryptionKeyList", "rds:DescribeEvaluateDedicatedHosts", "rds:DescribeEventMetaInfo", "rds:DescribeEvents", "rds:DescribeGetScene", "rds:DescribeHistoryEventsStat", "rds:DescribeHostAdInfo", "rds:DescribeHostEcsLevelInfo", "rds:DescribeHostGroupElasticStrategyParameters", "rds:DescribeHostInstanceMonitorInfo", "rds:DescribeInstanceKeywords", "rds:DescribeKmsAssociateResources", "rds:DescribeListUserBackupFileRecord", "rds:DescribeMarketingActivity", "rds:DescribeMarketingActivityForInner", "rds:DescribeMyBaseHostOverView", "rds:DescribeMyBaseInstanceOverView", "rds:DescribeParameterGroup", "rds:DescribeRCAvailableResource", "rds:DescribeRCCloudAssistantStatus", "rds:DescribeRCClusterConfig", "rds:DescribeRCClusterNodePoolDetail", "rds:DescribeRCClusterNodePools", "rds:DescribeRCClusterNodes", "rds:DescribeRCClusters", "rds:DescribeRCDeploymentSets", "rds:DescribeRCElasticScaling", "rds:DescribeRCImageList", "rds:DescribeRCInstanceDdosCount", "rds:DescribeRCInstanceHistoryEvents", "rds:DescribeRCInstanceIpAddress", "rds:DescribeRCInstanceTimedScheduleTask", "rds:DescribeRCInstanceTypeFamilies", "rds:DescribeRCInstanceTypes", "rds:DescribeRCInstanceVncUrl", "rds:DescribeRCInvocationResults", "rds:DescribeRCMetricList", "rds:DescribeRCNodePool", "rds:DescribeRCResourcesModification", "rds:DescribeRCSecurityGroupList", "rds:DescribeRCSecurityGroupPermission", "rds:DescribeRCVCluster", "rds:DescribeRdsResourceSettings", "rds:DescribeRdsVSwitchs", "rds:DescribeRdsVpcs", "rds:DescribeRdsVpcs", "rds:DescribeRegions", "rds:DescribeRegions", "rds:DescribeSqlLogInstances", "rds:DescribeSqlLogTemplatesList", "rds:DescribeSqlLogTemplatesTimeDistribution", "rds:DescribeSqlLogTimeDistribution", "rds:DescribeSqlTemplatesConsumeAndScanRows", "rds:DescribeUserBackupFiles", "rds:DescribeUserEncryptionKeyList", "rds:DescribeUserInfo", "rds:DescribeVSwitchList", "rds:DescribeVpcZoneNos", "rds:DescribeWhitelistTemplate", "rds:DescribeYaoChiAgentAuthorizationStatus", "rds:DescribeYaoChiAgentTopQuestions", "rds:DescribeYaoChiAgentUserSessions" ], "Resource": "*" } ] } -
允许不支持资源组级别授权的全部操作:
Action中列举不支持资源组级别授权的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "rds:AcceptRCInquiredSystemEvent", "rds:AssociateEipAddressWithRCInstance", "rds:AttachRCDisk", "rds:AttachRCInstances", "rds:AttachRCInstancesToNodePool", "rds:AuthorizeBackupEncryption", "rds:AuthorizeRCSecurityGroupPermission", "rds:BatchExecuteStatement", "rds:BeginTransaction", "rds:CancelActiveOperationTasks", "rds:CheckBackupEncryptionAuthorized", "rds:CheckCreateDdrDBInstance", "rds:CheckRdsCustomInit", "rds:CheckUserIfAuthoriseMyBaseSystemRole", "rds:CloneParameterGroup", "rds:CommitTransaction", "rds:ConfirmNotify", "rds:CreateDBInstances", "rds:CreateDdrInstance", "rds:CreateDedicatedHost", "rds:CreateDedicatedHostAccount", "rds:CreateDedicatedHostGroup", "rds:CreateGADInstance", "rds:CreateGadInstanceMember", "rds:CreateMigrationTask", "rds:CreateMyBase", "rds:CreateOrderForResourcePack", "rds:CreateRCClusterNodePool", "rds:CreateRCDeploymentSet", "rds:CreateRCImage", "rds:CreateRCNodePool", "rds:CreateRCVCluster", "rds:CreateServiceLinkedRole", "rds:CreateYaoChiAgentSession", "rds:CreateYouhuiForOrder", "rds:Delete", "rds:DeleteDedicatedHostAccount", "rds:DeleteDedicatedHostGroup", "rds:DeleteGadInstance", "rds:DeleteParameterGroup", "rds:DeleteRCClusterNodePool", "rds:DeleteRCClusterNodes", "rds:DeleteRCDeploymentSet", "rds:DeleteRCInstanceTimedScheduleTask", "rds:DeleteRCNodePool", "rds:DeleteRCVCluster", "rds:DeleteSecret", "rds:DeleteUserBackupFile", "rds:DescibeImportsFromDatabase", "rds:DescribeAccountCompleteProgress", "rds:DescribeActionEventPolicy", "rds:DescribeActiveOperationMaintainConf", "rds:DescribeActiveOperationTask", "rds:DescribeActiveOperationTaskType", "rds:DescribeActiveOperationTasks", "rds:DescribeApplyResource", "rds:DescribeAvailableCrossRegion", "rds:DescribeAvailableDedicatedHostZones", "rds:DescribeAvailableInstanceClass", "rds:DescribeAvailableRecoveryTime", "rds:DescribeAvailableResource", "rds:DescribeAvailableResource", "rds:DescribeBatchTask", "rds:DescribeClassList", "rds:DescribeClassList", "rds:DescribeControlEventConfig", "rds:DescribeCrossBackupMetaList", "rds:DescribeDBInstancePerformanceDup", "rds:DescribeDBInstancePromoteActivity", "rds:DescribeDBInstanceUpgradeActivity", "rds:DescribeDBInstancesByExpireTime", "rds:DescribeDbInstances", "rds:DescribeDedicatedHostAttribute", "rds:DescribeDedicatedHostByTags", "rds:DescribeDedicatedHostDisks", "rds:DescribeDedicatedHostDistribution", "rds:DescribeDedicatedHostGroups", "rds:DescribeDedicatedHostMetric", "rds:DescribeDedicatedHostTags", "rds:DescribeDedicatedHosts", "rds:DescribeDedicatedInstanceDistribution", "rds:DescribeDtsJob", "rds:DescribeEncryptionKeyList", "rds:DescribeEvaluateDedicatedHosts", "rds:DescribeEventMetaInfo", "rds:DescribeEvents", "rds:DescribeGetScene", "rds:DescribeHistoryEventsStat", "rds:DescribeHostAdInfo", "rds:DescribeHostEcsLevelInfo", "rds:DescribeHostGroupElasticStrategyParameters", "rds:DescribeHostInstanceMonitorInfo", "rds:DescribeInstanceKeywords", "rds:DescribeKmsAssociateResources", "rds:DescribeListUserBackupFileRecord", "rds:DescribeMarketingActivity", "rds:DescribeMarketingActivityForInner", "rds:DescribeMyBaseHostOverView", "rds:DescribeMyBaseInstanceOverView", "rds:DescribeParameterGroup", "rds:DescribeRCAvailableResource", "rds:DescribeRCCloudAssistantStatus", "rds:DescribeRCClusterConfig", "rds:DescribeRCClusterNodePoolDetail", "rds:DescribeRCClusterNodePools", "rds:DescribeRCClusterNodes", "rds:DescribeRCClusters", "rds:DescribeRCDeploymentSets", "rds:DescribeRCElasticScaling", "rds:DescribeRCImageList", "rds:DescribeRCInstanceDdosCount", "rds:DescribeRCInstanceHistoryEvents", "rds:DescribeRCInstanceIpAddress", "rds:DescribeRCInstanceTimedScheduleTask", "rds:DescribeRCInstanceTypeFamilies", "rds:DescribeRCInstanceTypes", "rds:DescribeRCInstanceVncUrl", "rds:DescribeRCInvocationResults", "rds:DescribeRCMetricList", "rds:DescribeRCNodePool", "rds:DescribeRCResourcesModification", "rds:DescribeRCSecurityGroupList", "rds:DescribeRCSecurityGroupPermission", "rds:DescribeRCVCluster", "rds:DescribeRdsResourceSettings", "rds:DescribeRdsVSwitchs", "rds:DescribeRdsVpcs", "rds:DescribeRdsVpcs", "rds:DescribeRegions", "rds:DescribeRegions", "rds:DescribeSqlLogInstances", "rds:DescribeSqlLogTemplatesList", "rds:DescribeSqlLogTemplatesTimeDistribution", "rds:DescribeSqlLogTimeDistribution", "rds:DescribeSqlTemplatesConsumeAndScanRows", "rds:DescribeUserBackupFiles", "rds:DescribeUserEncryptionKeyList", "rds:DescribeUserInfo", "rds:DescribeVSwitchList", "rds:DescribeVpcZoneNos", "rds:DescribeWhitelistTemplate", "rds:DescribeYaoChiAgentAuthorizationStatus", "rds:DescribeYaoChiAgentTopQuestions", "rds:DescribeYaoChiAgentUserSessions", "rds:DetachGadInstanceMember", "rds:DetachRCDisk", "rds:DiscountAuthenticate", "rds:ExecuteStatement", "rds:GetYaoChiAgent", "rds:Insert", "rds:InsertList", "rds:InstallRCCloudAssistant", "rds:ListRCVClusters", "rds:ListUserBackupFiles", "rds:ModifyActionEventPolicy", "rds:ModifyActiveOperationMaintainConf", "rds:ModifyActiveOperationTasks", "rds:ModifyCustinsResource", "rds:ModifyDedicatedHostAccount", "rds:ModifyDedicatedHostAttribute", "rds:ModifyDedicatedHostClass", "rds:ModifyDedicatedHostGroupAttribute", "rds:ModifyEventInfo", "rds:ModifyRCClusterNodePool", "rds:ModifyRCDiskAttribute", "rds:ModifyRCDiskChargeType", "rds:ModifyRCDiskSpec", "rds:ModifyRCElasticScaling", "rds:ModifyRCInstanceAttribute", "rds:ModifyRCInstanceChargeType", "rds:ModifyRCInstanceDescription", "rds:ModifyRCInstanceKeyPair", "rds:ModifyRCInstanceNetworkSpec", "rds:ModifyRCInstanceTimedScheduleTask", "rds:ModifyRCInstanceVpcAttribute", "rds:ModifyRCSecurityGroupPermission", "rds:ModifyRCVCluster", "rds:ModifyTaskInfo", "rds:QueryHostInstanceConsoleInfo", "rds:QueryNotify", "rds:QueryPriceForResourcePack", "rds:QueryRecommendByCode", "rds:RdsCustomInit", "rds:RebootRCInstance", "rds:RebootRCInstances", "rds:RebuildDBInstance", "rds:ReceiveDBInstance", "rds:RedeployRCInstance", "rds:RefreshYaoChiAgentUserToken", "rds:RemoveRCNodePoolNodes", "rds:RemoveTagsFromResource", "rds:RenewRCInstance", "rds:ReplaceRCInstanceSystemDisk", "rds:RevokeRCSecurityGroupPermission", "rds:RollbackTransaction", "rds:RunRCCommand", "rds:Select", "rds:StartRCInstances", "rds:StartSqlLogTrail", "rds:StopRCInstances", "rds:SwitchOverMajorVersionUpgrade", "rds:SyncRCKeyPair", "rds:SyncRCSecurityGroup", "rds:UnassociateEipAddressWithRCInstance", "rds:Update", "rds:UpdateUserBackupFile", "rds:UpgradeDBInstanceMajorVersion" ], "Resource": "*" } ] }
获得账号级别权限的RAM用户或RAM角色,能够操作整个账号范围内的相关资源。请务必确认所授予的权限是否符合预期,遵从最小授权原则谨慎分配权限。
常见问题
如何查看当前资源属于哪个资源组?
-
方式一:单击资源名称,进入资源的详情页面,即可查看到当前资源的资源组。
-
方式二:登录资源管理控制台,单击,在左侧选择目标资源所属账号(默认为当前账号),通过筛选条件定位目标资源,即可查看其所属资源组。
如何查看当前产品在某个资源组下的所有资源?
如何批量修改多个资源的资源组?
登录资源管理控制台,单击,在目标资源组所在行的操作列下,单击资源管理以进入资源管理页面。通过筛选条件定位多个目标资源,批量勾选第一列的复选框后单击下方转移资源组,并按页面提示完成资源组修改。