search by keyword

Recent Pages

Documentation
TencentDB for MongoDB
    Documentation

    Authorizable Resource Types

    Last updated: 2019-12-02 11:18:32

    Resource-level permission can be used to specify which resources a user can manipulate. MongoDB supports certain resource-level permission. This means that for MongoDB operations that support resource-level permission, you can control the time when a user is allowed to perform operations or to use specified resources. The following table describes the types of resources that can be authorized in CAM.

    Resource Type Resource Description Method in Authorization Policy
    MongoDB instance qcs::mongodb:$region::instance/*
    qcs::mongodb:$region:$account:instanceId/$instanceId

    The table below lists the MongoDB API operations which currently support resource-level permission control as well as the resources supported by each operation. When specifying a resource path, you can use the "*" wildcard in the path.

    Any TencentDB API operation not listed in the table does not support resource-level permission. For such an operation, you can still authorize a user to perform it, but you must specify * as the resource element in the policy statement.

    MongoDB instance

    API Operation Resource Path
    BackupDBInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    CreateAccountUser qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    CreateDBInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    CreateDBInstanceHour qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DeleteAccountUser qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeAccountUsers qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeBackupAccess qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeBackupRules qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeClientConnections qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeDBBackups qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeDBInstances qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeInstanceDB qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeInstanceTaskInfo qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeSlowLog qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeSlowLogPattern qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    DescribeSpecInfo qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    ExchangeInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    IsolateDBInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    ModifyDBInstanceSpec qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    OfflineIsolatedDBInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    RemoveCloneInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    RenameInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    RenewInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    ResizeOplog qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    RestartInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    RestoreDBInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    SetAccountUserPrivilege qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    SetAutoRenew qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    SetBackupRules qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    SetInstanceFormal qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    SetInstanceMaintenance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    SetPassword qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    SetReadOnlyToNormal qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    TerminateDBInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    TerminateDBInstanceHour qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    UpgradeDBInstance qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId
    UpgradeDBInstanceHour qcs::mongodb:$region:$account:instanceId/* qcs::mongodb:$region:$account:instanceId/$instanceId

    Was this page helpful?

    Confirm

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Hide
    Submit a TicketContact Sales
    Help
    tencent
    Copyright © 2013-2020 Tencent Cloud. All Rights Reserved.
    Terms of ServicePrivacy PolicyCookie Policy