PrevNext
search by keyword

Recent Pages

Documentation
Cloud Native Database TDSQL-C
    Documentation
    Download PDF

    Authorizable Resource Types

    Last updated: 2021-06-25 18:52:18
    Download PDF

    Resource-Level permission can be used to specify which resources a user can manipulate. TDSQL-C supports certain resource-level permissions. This means that for TDSQL-C operations that support resource-level permission, you can control the time when a user is allowed to perform operations or to use specified resources. The following table describes the types of resources that can be authorized in CAM.

    Resource Type Resource Description Method in Authorization Policy
    TDSQL-C cluster APIs qcs::cynosdb:$region::instance/*
    qcs::cynosdb:$region:$account:instanceId/$clusterId

    The table below lists the TDSQL-C API operations which currently support resource-level permission control as well as the resources supported by each operation. When specifying a resource path, you can use the * wildcard in the path.

    Note:

    TDSQL-C API operations not listed here do not support resource-level permissions. You can still authorize a user to perform such an API operation, but you must specify * as the resource element of the policy statement.

    TDSQL-C Cluster APIs

    API Operation Resource Path
    DescribeBackupConfig qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeBackupList qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeRollbackTimeRange qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeRollbackTimeValidity qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ModifyBackupConfig qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ActivateCluster qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeClusterDetail qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    IsolateCluster qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ModifyClusterName qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ModifyClusterProject qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    OfflineCluster qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DeleteAccounts qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeAccounts qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ModifyAccountDescription qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ResetAccountPassword qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeClusterInstanceGrps qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ActivateInstance qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeInstanceDetail qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    IsolateInstance qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    UpgradeInstance qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ModifyInstanceName qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    OfflineInstance qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeClusterAddr qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeClusterNetService qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeClusterParams qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeClusterServerInfo qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeErrorLogs qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeMaintainPeriod qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeSlowLogs qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ModifyClusterParam qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ModifyMaintainPeriodConfig qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeDBSecurityGroups qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    ModifyDBInstanceSecurityGroups qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    CloseWan qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    OpenWan qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeClusters qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeInstances qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    DescribeIsolatedInstances qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
    tencent
    Copyright © 2013-2022 Tencent Cloud. All Rights Reserved.
    Privacy PolicyLegalCookie Policy