Grant backup file download permissions to a RAM user with read-only permissions - ApsaraDB RDS

This topic describes how to grant backup file download permissions to a RAM user with read-only permissions. For security purposes, a RAM user with read-only permissions cannot download backup files.

Procedure

Log on to the Resource Access Management (RAM) console.
In the left-side navigation pane, choose Permissions > Policies.

Click Create Policy. On the page that appears, click the JSON tab and enter the following policy content:

{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "rds:Describe*",
                "rds:ModifyBackupPolicy",
                "rds:CheckRegionSupportBackupEncryption"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "dbs:CreateDownload",
                "dbs:DescribeDBInstanceDownloadSize"
            ],
            "Resource": "*"
        }
    ],
    "Version": "1"
}

Click Next to edit policy information. Enter a name for the policy and click OK.
In the left-side navigation pane, choose Permissions > Grants.
Click Grant Permission to attach the new policy to the RAM user. For more information, see Method 2: Grant permissions to a RAM user on the Grants page.
Click Grant permissions.