- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Changing External Network Links
- Interface Authentication Upgrade Announcement
- Maintenance Time Change from Local Time to Beijing Time
- Account Type and Permission Changes
- Product Architecture Name Change
- Disk Storage Space Composition Change
- Ending Support for Classic Network [2022.12.31]
- Backup Billing Start [2022.07.10]
- Ending Sale for Basic Edition 1-Core Specification [2022.03.07]
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Constraints and Limits
- Usage Specifications and Suggestions
- Maintaining Instance
- Renaming Instance
- Setting Instance Remarks
- Setting Instance Tag
- Setting Instance Project
- Modify Instance-level Character Set Collation
- Modify System Time Zone
- Setting Instance Maintenance Information
- Multi-AZ Disaster Recovery
- Restarting Instance
- Terminating Instance
- Migrating Across AZs
- Manual Primary-Secondary Switching
- Recycle Bin
- Adjusting Instance Configuration
- Read-Only Instance
- Network and Security
- Account Management
- Database Management
- Data Security
- Parameter Configuration
- Monitoring and Alarms
- Backup and Restoration
- Log Management
- Publish-Subscribe
- SSIS
- Data Migration (New)
- Data Migration (Legacy)
- Best Practice
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance Management APIs
- CreateCloudDBInstances
- CreateCloudReadOnlyDBInstances
- ModifyInstanceEncryptAttributes
- UpgradeDBInstance
- RollbackInstance
- RestoreInstance
- RestartDBInstance
- ResetAccountPassword
- ModifyDBRemark
- ModifyDBName
- ModifyDBInstanceProject
- ModifyDBInstanceName
- ModifyAccountPrivilege
- InquiryPriceUpgradeDBInstance
- InquiryPriceCreateDBInstances
- DescribeZones
- DescribeRollbackTime
- DescribeRegions
- DescribeProductConfig
- DescribeFlowStatus
- DescribeDBs
- DescribeDBInstances
- DescribeAccounts
- DeleteDB
- DeleteAccount
- CreateDBInstances
- CreateDB
- CreateAccount
- TerminateDBInstance
- RecycleDBInstance
- CloneDB
- DescribeDBCharsets
- ModifyDatabaseMdf
- ModifyDatabaseCT
- ModifyDatabaseCDC
- DescribeDBsNormal
- ModifyInstanceParam
- DescribeInstanceParams
- DescribeInstanceParamRecords
- OpenInterCommunication
- DescribeDBInstanceInter
- DescribeBusinessIntelligenceFile
- DeleteBusinessIntelligenceFile
- CreateBusinessIntelligenceFile
- CreateBusinessDBInstances
- CloseInterCommunication
- Network Management APIs
- Backup APIs
- RunMigration
- ModifyMigration
- DescribeMigrations
- DescribeMigrationDetail
- DescribeBackups
- DeleteMigration
- CreateMigration
- CreateBackup
- ModifyBackupStrategy
- StartIncrementalMigration
- StartBackupMigration
- ModifyIncrementalMigration
- ModifyBackupMigration
- DescribeUploadBackupInfo
- DescribeIncrementalMigration
- DescribeBackupUploadSize
- DescribeBackupMigration
- DescribeBackupCommand
- DeleteIncrementalMigration
- DeleteBackupMigration
- CreateIncrementalMigration
- CreateBackupMigration
- DescribeBackupFiles
- Extended Event APIs
- Database APIs
- Other APIs
- Data Types
- Error Codes
- FAQs
- Overview
- Model Selection
- Pricing and Selection
- Connection and Network
- Account and Permission
- Backup and Rollback
- Data Migration
- Publish/Subscribe
- Read-Only Instance
- Version and Architecture Upgrade
- Disk Space and Specification Adjustment
- Monitoring and Alarms
- Log
- Parameter Modification
- Features
- Performance/Space/Memory
- Service Agreement
- Performance Evaluation
- Glossary
- Contact Us
- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Changing External Network Links
- Interface Authentication Upgrade Announcement
- Maintenance Time Change from Local Time to Beijing Time
- Account Type and Permission Changes
- Product Architecture Name Change
- Disk Storage Space Composition Change
- Ending Support for Classic Network [2022.12.31]
- Backup Billing Start [2022.07.10]
- Ending Sale for Basic Edition 1-Core Specification [2022.03.07]
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Constraints and Limits
- Usage Specifications and Suggestions
- Maintaining Instance
- Renaming Instance
- Setting Instance Remarks
- Setting Instance Tag
- Setting Instance Project
- Modify Instance-level Character Set Collation
- Modify System Time Zone
- Setting Instance Maintenance Information
- Multi-AZ Disaster Recovery
- Restarting Instance
- Terminating Instance
- Migrating Across AZs
- Manual Primary-Secondary Switching
- Recycle Bin
- Adjusting Instance Configuration
- Read-Only Instance
- Network and Security
- Account Management
- Database Management
- Data Security
- Parameter Configuration
- Monitoring and Alarms
- Backup and Restoration
- Log Management
- Publish-Subscribe
- SSIS
- Data Migration (New)
- Data Migration (Legacy)
- Best Practice
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance Management APIs
- CreateCloudDBInstances
- CreateCloudReadOnlyDBInstances
- ModifyInstanceEncryptAttributes
- UpgradeDBInstance
- RollbackInstance
- RestoreInstance
- RestartDBInstance
- ResetAccountPassword
- ModifyDBRemark
- ModifyDBName
- ModifyDBInstanceProject
- ModifyDBInstanceName
- ModifyAccountPrivilege
- InquiryPriceUpgradeDBInstance
- InquiryPriceCreateDBInstances
- DescribeZones
- DescribeRollbackTime
- DescribeRegions
- DescribeProductConfig
- DescribeFlowStatus
- DescribeDBs
- DescribeDBInstances
- DescribeAccounts
- DeleteDB
- DeleteAccount
- CreateDBInstances
- CreateDB
- CreateAccount
- TerminateDBInstance
- RecycleDBInstance
- CloneDB
- DescribeDBCharsets
- ModifyDatabaseMdf
- ModifyDatabaseCT
- ModifyDatabaseCDC
- DescribeDBsNormal
- ModifyInstanceParam
- DescribeInstanceParams
- DescribeInstanceParamRecords
- OpenInterCommunication
- DescribeDBInstanceInter
- DescribeBusinessIntelligenceFile
- DeleteBusinessIntelligenceFile
- CreateBusinessIntelligenceFile
- CreateBusinessDBInstances
- CloseInterCommunication
- Network Management APIs
- Backup APIs
- RunMigration
- ModifyMigration
- DescribeMigrations
- DescribeMigrationDetail
- DescribeBackups
- DeleteMigration
- CreateMigration
- CreateBackup
- ModifyBackupStrategy
- StartIncrementalMigration
- StartBackupMigration
- ModifyIncrementalMigration
- ModifyBackupMigration
- DescribeUploadBackupInfo
- DescribeIncrementalMigration
- DescribeBackupUploadSize
- DescribeBackupMigration
- DescribeBackupCommand
- DeleteIncrementalMigration
- DeleteBackupMigration
- CreateIncrementalMigration
- CreateBackupMigration
- DescribeBackupFiles
- Extended Event APIs
- Database APIs
- Other APIs
- Data Types
- Error Codes
- FAQs
- Overview
- Model Selection
- Pricing and Selection
- Connection and Network
- Account and Permission
- Backup and Rollback
- Data Migration
- Publish/Subscribe
- Read-Only Instance
- Version and Architecture Upgrade
- Disk Space and Specification Adjustment
- Monitoring and Alarms
- Log
- Parameter Modification
- Features
- Performance/Space/Memory
- Service Agreement
- Performance Evaluation
- Glossary
- Contact Us
Resource-level permissions refer to the ability to specify which resources users are allowed to perform operations on. Some operations of SQL Server support resource-level permissions, meaning you can control when a user is allowed to perform operations or what specific resources they are permitted to use. The types of resources that can be authorized through Cloud Access Management (CAM) are as follows:
Resource Type | Resource Description Method in Authorization Policies |
TencentDB instance-related | qcs::sqlserver:$region:$account:instance/*qcs::sqlserver:$region:$account:instance/$instanceId |
TencentDB for SQL Server supports resource-level authorization, allowing you to allocate specified sub-accounts with API permissions for specified resources. The following table presents TencentDB API operations currently supporting resource-level permissions, along with the supported resources and conditional keys for each operation. When specifying a resource path, you can utilize an * wildcard in the path.
Note:
Any TencentDB API operation not listed in the table does not support resource-level permissions. You can still authorize a user to perform these operations, but you must specify the * as the resource element in the policy statement. The table below showcases only a portion of the resource types. For more information, please refer to Authorizable Resource Types for SQL Server.
API Name | API Description | Six-Segment Example of Resource |
CreateAccount | Creating an account | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
CreateBackup | Creating a backup | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
CreateDB | Creating a database | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DeleteAccount | Deleting an account | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DeleteDB | Deleting a database | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DescribeAccounts | Querying an account list | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DescribeBackups | Querying a backup list | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DescribeDatabaseNames | Querying a database name | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DescribeDBInstances | Querying instance lists | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DescribeDBs | Querying a database list | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DescribeInstanceTasks | Querying instance tasks | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DescribeRollbackTime | Querying the time range available for rollback | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
DescribeSlowlogs | Querying slow log lists | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
InquiryPriceRenewDBInstance | Querying the price of renewed instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
InquiryPriceUpgradeDBInstance | Querying the price of upgraded instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ModifyAccountPrivilege | Modifying account permissions | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ModifyAccountRemark | Modifying account remarks | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ModifyBackupStrategy | Modifying the time for cold backup | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ModifyDatabasePrivilege | Modifying database permissions | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ModifyDBInstanceName | Renaming instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ModifyDBInstanceProject | Modifying instance project | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ModifyDBName | Renaming a database | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ModifyDBRemark | Modifying database remarks | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
RenewDBInstance | Renewing instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
ResetAccountPassword | Resetting account password | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
RestartDBInstance | Restarting instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
RestoreInstance | Restoring cold backup instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
RollbackInstance | Rolling back instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
TerminateDBInstance | Terminating instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
UpgradeDBInstance | Upgrading Instances | qcs::sqlserver:$region:$account:instance/$instanceIdqcs::sqlserver:$region:$account:instance/* |
Yes
No
Was this page helpful?