Relational Database ServiceRelational Database Service

Elastic Cloud Server
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
Domain Name Service
VPC Endpoint
Cloud Connect
Enterprise Switch
Security & Compliance
Web Application Firewall
Host Security Service
Data Encryption Workshop
Database Security Service
Advanced Anti-DDoS
Data Security Center
Container Guard Service
Situation Awareness
Managed Threat Detection
Cloud Certificate Manager
Anti-DDoS Service
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GaussDB(for MySQL)
Distributed Database Middleware
GaussDB(for openGauss)
Developer Services
Distributed Cache Service
Simple Message Notification
Application Performance Management
Application Operations Management
Blockchain Service
API Gateway
Cloud Performance Test Service
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Cloud Communications
Message & SMS
Cloud Ecosystem
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP License Service
Support Plans
Customer Operation Capabilities
Partner Support Plans
Professional Services
Intelligent EdgeFabric
SDK Developer Guide
API Request Signing Guide
Koo Command Line Interface
Updated at: Apr 02, 2022 GMT+08:00

Creating a User and Granting Permissions

This chapter describes how to use IAM to implement fine-grained permissions control for your RDS resources. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing RDS resources.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust a HUAWEI CLOUD account or cloud service to perform efficient O&M on your RDS resources.

If your HUAWEI CLOUD account does not require individual IAM users, skip this chapter.

This section describes the procedure for granting permissions (see Figure 1).


Learn about the permissions (see Permissions Management) supported by RDS and choose policies or roles according to your requirements. For the system policies of other services, see System Permissions.

Process Flow

Figure 1 Process for granting RDS permissions
  1. Create a user group and assign permissions to it.

    Create a user group on the IAM console, and attach the RDS ReadOnlyAccess policy to the group.

  2. Create an IAM user

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the RDS console by using the created user, and verify that the user only has read permissions for RDS.

    • Choose Service List > Relational Database Service and click Buy DB Instance. If a message appears indicating that you have insufficient permissions to perform the operation, the RDS ReadOnlyAccess policy has already taken effect.
    • Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the RDS ReadOnlyAccess policy has already taken effect.

Did you find this page helpful?

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel