Authorizable Resource Types

Recent Pages

Authorizable Resource Types

Last updated: 2024-01-18 17:20:33

Resource-level permission can be used to specify which resources a user can manipulate. TencentDB for SQL Server supports certain resource-level permissions. This means that for TencentDB for SQL Server operations that support resource-level permission, you can control the time when a user is allowed to perform operations or to use specified resources. The following table describes the types of resources that can be authorized in CAM.
Resource Type
Resource Description Method in Authorization Policy
TencentDB instance-related resource
qcs::sqlserver:$region:$account:instance/*
qcs::sqlserver:$region:$account:instance/$instanceId
TencentDB for SQL Server supports resource-level authorization. You can allow a sub-account to have API permissions for specific resources. The table below lists the TencentDB API operations which currently support resource-level permission control as well as the resources and condition keys supported by each operation. When specifying a resource path, you can use the "*" wildcard in the path.
Any TencentDB API operation not listed in the table does not support resource-level permission. For such an operation, you can still authorize a user to perform it, but you must specify * as the resource element in the policy statement.
API Name
Description
Six-segment Example of Resource
CreateAccount
Creates an account
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
CreateBackup
Creates a backup
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
CreateDB
Creates a database
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DeleteAccount
Deletes an account
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DeleteDB
Drops a database
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DescribeAccounts
Queries the account list
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DescribeBackups
Queries the backup list
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DescribeDatabaseNames
Queries database names
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DescribeDBInstances
Queries the instance list
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DescribeDBs
Queries the database list
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DescribeInstanceTasks
Queries instance tasks
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DescribeRollbackTime
Queries the time range available for rollback
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
DescribeSlowlogs
Queries the slow log list
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
InquiryPriceRenewDBInstance
Queries the renewal price of an instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
InquiryPriceUpgradeDBInstance
Queries the upgrade price of an instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ModifyAccountPrivilege
Modifies account permissions
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ModifyAccountRemark
Modifies account remarks
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ModifyBackupStrategy
Modifies the time for cold backup
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ModifyDatabasePrivilege
Modifies database permissions
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ModifyDBInstanceName
Renames an instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ModifyDBInstanceProject
Modifies an instance project
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ModifyDBName
Renames a database
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ModifyDBRemark
Modifies database remarks
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
RenewDBInstance
Renews an instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
ResetAccountPassword
Resets an account password
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
RestartDBInstance
Restarts an instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
RestoreInstance
Restores a cold backup instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
RollbackInstance
Rolls back an instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
TerminateDBInstance
Terminates an instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
UpgradeDBInstance
Upgrades an instance
``qcs::sqlserver:$region:$account:instance/$instanceId``
``qcs::sqlserver:$region:$account:instance/*``
﻿

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

tencent cloud

Recent Pages

Authorizable Resource Types

Was this page helpful?

Was this page helpful?

Resource Type	Resource Description Method in Authorization Policy
TencentDB instance-related resource	`qcs::sqlserver:$region:$account:instance/*` `qcs::sqlserver:$region:$account:instance/$instanceId`

API Name	Description	Six-segment Example of Resource
CreateAccount	Creates an account	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
CreateBackup	Creates a backup	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
CreateDB	Creates a database	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DeleteAccount	Deletes an account	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DeleteDB	Drops a database	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DescribeAccounts	Queries the account list	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DescribeBackups	Queries the backup list	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DescribeDatabaseNames	Queries database names	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DescribeDBInstances	Queries the instance list	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DescribeDBs	Queries the database list	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DescribeInstanceTasks	Queries instance tasks	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DescribeRollbackTime	Queries the time range available for rollback	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
DescribeSlowlogs	Queries the slow log list	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
InquiryPriceRenewDBInstance	Queries the renewal price of an instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
InquiryPriceUpgradeDBInstance	Queries the upgrade price of an instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ModifyAccountPrivilege	Modifies account permissions	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ModifyAccountRemark	Modifies account remarks	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ModifyBackupStrategy	Modifies the time for cold backup	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ModifyDatabasePrivilege	Modifies database permissions	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ModifyDBInstanceName	Renames an instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ModifyDBInstanceProject	Modifies an instance project	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ModifyDBName	Renames a database	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ModifyDBRemark	Modifies database remarks	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
RenewDBInstance	Renews an instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
ResetAccountPassword	Resets an account password	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
RestartDBInstance	Restarts an instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
RestoreInstance	Restores a cold backup instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
RollbackInstance	Rolls back an instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
TerminateDBInstance	Terminates an instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``
UpgradeDBInstance	Upgrades an instance	``qcs::sqlserver:$region:$account:instance/$instanceId`` ``qcs::sqlserver:$region:$account:instance/*``

tencent cloud

Sign Up

Log in

Recent Pages

Authorizable Resource Types

Was this page helpful?

Was this page helpful?