Relational Database ServiceRelational Database Service

Elastic Cloud Server
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
Domain Name Service
VPC Endpoint
Cloud Connect
Enterprise Switch
Security & Compliance
Web Application Firewall
Host Security Service
Data Encryption Workshop
Database Security Service
Advanced Anti-DDoS
Data Security Center
Container Guard Service
Situation Awareness
Managed Threat Detection
Cloud Certificate Manager
Anti-DDoS Service
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GaussDB(for MySQL)
Distributed Database Middleware
GaussDB(for openGauss)
Developer Services
Distributed Cache Service
Simple Message Notification
Application Performance Management
Application Operations Management
Blockchain Service
API Gateway
Cloud Performance Test Service
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Cloud Communications
Message & SMS
Cloud Ecosystem
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP License Service
Support Plans
Customer Operation Capabilities
Partner Support Plans
Professional Services
Intelligent EdgeFabric
SDK Developer Guide
API Request Signing Guide
Koo Command Line Interface
Updated at: Apr 02, 2022 GMT+08:00

RDS Custom Policies

Custom policies can be created as a supplement to the system policies of RDS. For the actions supported for custom policies, see Permissions Policies and Supported Actions.

You can create custom policies in either of the following two ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions without the need to know policy syntax.
  • JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Creating a Custom Policy. The following section contains examples of common RDS custom policies.

Example Custom Policies

  • Example 1: Allowing users to create RDS DB instances
    	"Version": "1.1",
    	"Statement": [{
    		"Effect": "Allow",
    		"Action": ["rds:instance:create"]
  • Example 2: Denying RDS DB instance deletion

    A policy with only "Deny" permissions must be used in conjunction with other policies to take effect. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

    The following method can be used if you need to assign permissions of the RDS FullAccess policy to a user but you want to prevent the user from deleting RDS DB instances. Create a custom policy for denying RDS DB instance deletion, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on RDS DB instances except deleting RDS DB instances. The following is an example deny policy:

    	"Version": "1.1",
    	"Statement": [{
    		"Action": ["rds:instance:delete"],
    		"Effect": "Deny"

Did you find this page helpful?

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel