Resource Access Management (RAM) is a permission management system provided by Alibaba Cloud. You can use RAM to create RAM users within the permissions of an Alibaba Cloud account. Different RAM users can be granted different permissions to allow or deny access to specific cloud resources.
Background information
By default, when you use an Alibaba Cloud account to create an ApsaraDB for ClickHouse cluster, the cluster becomes the resource that the account owns. An Alibaba Cloud account has full permissions on its resources.
RAM allows you to grant RAM users access and management permissions on ApsaraDB for ClickHouse clusters that are created within your Alibaba Cloud account.
Prerequisites
A RAM user is created. For more information about how to create a RAM user, see Create a RAM user.
Procedure
Log on to the RAM console by using an Alibaba Cloud account or a RAM user that has administrative rights.
In the left-side navigation pane, choose .
On the Users page, find the required RAM user and click Add Permissions in the Actions column.
In the Add Permissions panel, grant permissions to the RAM user.
Select the authorization scope.
Alibaba Cloud Account: The authorization takes effect on the current Alibaba Cloud account.
Specific Resource Group: The authorization takes effect on a specific resource group.
NoteIf you select Specific Resource Group for Authorized Scope, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group.
Specify the principal.
The principal is the RAM user to which you want to grant permissions.
Select policies.
RAM supports the following types of policies: system policies and custom policies. You can choose policies based on your business requirements.
NoteYou can attach a maximum of five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.
Click OK.
Click Complete.
References
For information about API operations supported by ApsaraDB for ClickHouse, see List of operations by function.
For information about the basic elements of a policy, see Policy elements.