Differences Between IAM Permissions and Database Permissions
As a management plane service, DAS does not directly add, delete, or modify customers' DB instances. Only adding, deleting, and modifying database login information are allowed on the DAS console.
IAM permission control applies to DAS only before you log in to an instance. After you log in to the instance, the permission verification is performed by database permissions.
DAS allows you to control whether IAM users can add, delete, and modify data connections and log in to an instance. For details, see Custom Permissions Policies. After a user logs in to the database, IAM cannot interfere with the user to run SQL commands. In this case, only the database account permissions take effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot