Authorizable Resource Types

Recent Pages

Authorizable Resource Types

Last updated: 2020-03-27 17:24:03

Resource-level permission can be used to specify which resources a user can manipulate. TencentDB for SQL Server supports certain resource-level permissions. This means that for TencentDB for SQL Server operations that support resource-level permission, you can control the time when a user is allowed to perform operations or to use specified resources. The following table describes the types of resources that can be authorized in CAM.

Resource Type	Resource Description Method in Authorization Policy
TencentDB instance-related resource	`qcs::sqlserver:$region:$account:instance/*` `qcs::sqlserver:$region:$account:instance/$instanceId`

TencentDB for SQL Server supports resource-level authorization. You can allow a sub-account to have API permissions for specific resources. The table below lists the TencentDB API operations which currently support resource-level permission control as well as the resources and condition keys supported by each operation. When specifying a resource path, you can use the "*" wildcard in the path.

Any TencentDB API operation not listed in the table does not support resource-level permission. For such an operation, you can still authorize a user to perform it, but you must specify * as the resource element in the policy statement.

API Name	Description	Six-segment Example of Resource
CreateAccount	Creates an account	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
CreateBackup	Creates a backup	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
CreateDB	Creates a database	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DeleteAccount	Deletes an account	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DeleteDB	Drops a database	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DescribeAccounts	Queries the account list	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DescribeBackups	Queries the backup list	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DescribeDatabaseNames	Queries database names	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DescribeDBInstances	Queries the instance list	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DescribeDBs	Queries the database list	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DescribeInstanceTasks	Queries instance tasks	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DescribeRollbackTime	Queries the time range available for rollback	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
DescribeSlowlogs	Queries the slow log list	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
InquiryPriceRenewDBInstance	Queries the renewal price of an instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
InquiryPriceUpgradeDBInstance	Queries the upgrade price of an instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ModifyAccountPrivilege	Modifies account permissions	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ModifyAccountRemark	Modifies account remarks	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ModifyBackupStrategy	Modifies the time for cold backup	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ModifyDatabasePrivilege	Modifies database permissions	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ModifyDBInstanceName	Renames an instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ModifyDBInstanceProject	Modifies an instance project	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ModifyDBName	Renames a database	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ModifyDBRemark	Modifies database remarks	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
RenewDBInstance	Renews an instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
ResetAccountPassword	Resets an account password	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
RestartDBInstance	Restarts an instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
RestoreInstance	Restores a cold backup instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
RollbackInstance	Rolls back an instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
TerminateDBInstance	Terminates an instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`
UpgradeDBInstance	Upgrades an instance	`qcs::sqlserver:$region:$account:instance/$instanceId` `qcs::sqlserver:$region:$account:instance/*`

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

tencent cloud

Tencent Cloud Partner Network

Become a Partner

International Partner Academy

Recent Pages

Authorizable Resource Types

Was this page helpful?

Was this page helpful?

About Tencent Cloud

Help & Support

Resources

User Center

tencent cloud

Become a Partner

Tencent Cloud Partner Network

Become a Partner

Training & Support

International Partner Academy

Sign Up

Log in

Recent Pages

Authorizable Resource Types

Was this page helpful?

Was this page helpful?

About Tencent Cloud

Help & Support

Resources

User Center