A Resource Access Management (RAM) user must be granted the AliyunClickHouseFullAccess and AliyunHBaseFullAccess permissions before the RAM user follows instructions in the Quick Start tutorial to perform operations in the ApsaraDB for ClickHouse console, such as creating a cluster and creating an account. This topic describes how to use an Alibaba Cloud account to grant permissions to a RAM user. If you use an Alibaba Cloud account to log on to ApsaraDB for ClickHouse, skip this topic.
Prerequisites
An Alibaba Cloud account is created. If you do not have an Alibaba Cloud account, visit the Alibaba Cloud official website to create an account.
A RAM user is created. For more information, see Create a RAM user.
Procedure
Log on to the RAM console as a RAM administrator.
On the Users page, find the required RAM user, and click Add Permissions in the Actions column.
You can also select multiple RAM users and click Add Permissions in the lower part of the page to grant permissions to the RAM users at a time.
In the Add Permissions panel, grant the required permissions to the RAM user. The following table describes the parameters.
Parameter
Description
Example
Authorized Scope
Alibaba Cloud Account: The permissions take effect on all resources of the current Alibaba Cloud account.
NoteApsaraDB for ClickHouse does not support Specific Resource Group.
Alibaba Cloud Account
Principal
The RAM user to which you want to grant permissions. The system automatically sets this parameter to the current RAM user. You can also specify a different RAM user.
te**@cores.onaliyun.com
Select Policy
Policies are categorized into system policies and custom policies.
System Policy: Alibaba Cloud provides various default policies for different management purposes. ApsaraDB for ClickHouse uses the following system policies:
AliyunClickHouseFullAccess: the permission to manage ApsaraDB for ClickHouse. The account that is granted this permission can perform all operations on all resources in ApsaraDB for ClickHouse.
AliyunHBaseFullAccess: the permission to manage ApsaraDB for HBase. The account that is granted this permission can perform all operations on all resources in ApsaraDB for HBase.
AliyunClickHouseReadOnlyAccess: the read-only permission of ApsaraDB for ClickHouse resources. The account that is granted this permission can view a list of ApsaraDB for ClickHouse clusters and view database accounts.
Custom Policy: You can customize policies based on your business requirements. Custom policies are suitable for users who are familiar with the APIs of Alibaba Cloud services and require fine-grained control.
NoteYou can attach up to five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.
AliyunClickHouseFullAccess
AliyunHBaseFullAccess
Click OK.
Click Close.
In the left-side navigation pane, choose .