tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Data Transfer Service
    Documentation
    Download PDF

    Authorizing Sub-User to Use DTS SDK

    Last updated: 2023-07-05 16:11:33
    Download PDF

      Overview

      You can use a sub-user to create and manage subscription tasks. You can also use the AccessKey and AccessKeySecret of a sub-user in the SDK demo for data subscription.

      When using Cloud Access Management (CAM), you can associate a policy with a user or user group to allow or forbid them to use specified resources to complete specified tasks. For more information on CAM policies, see Syntax Logic.

      Authorizing Sub-user

      1. Log in to the CAM console.
      2. On the User > User List page, find the sub-user whom you want to authorize and click Authorize in the Operation column on the right as shown below:
      3. In the pop-up window, search for "DTS" and select the permission to be granted.
        • QcloudDTSFullAccess: it indicates to grant the read and write permissions.
        • QcloudDTSReadOnlyAccess: it indicates to grant the read-only permissions.
      4. Click OK to complete authorization.

      Policy Syntax

      The CAM policy for DTS is described as follows:

       {     
        "version":"2.0", 
        "statement": 
        [ 
           { 
              "effect":"effect", 
              "action":["action"], 
              "resource":["resource"]
           } 
       ] 
}

      • version is required. Currently, only the value "2.0" is allowed.

      • statement describes the details of one or more permissions. It contains a permission or permission set of multiple other elements such as effect, action, and resource. One policy has only one statement.

        Note:

        As DTS needs to manipulate your database, you need to grant the sub-account access to the database resources involved in DTS tasks separately (the read permission, i.e., Describe\* is required). This authorization operation is not included in this document.

      • effect is required. It describes the result of a statement. The result can be "allow" or an "explicit deny".

        "effect": "allow"

      • action is required. It describes the allowed or denied action (operation). An operation can be an API (prefixed with "name") or a feature set (a set of specific APIs prefixed with "permid").

      • resource is required. It describes the details of authorization.

      DTS Operations

      In a CAM policy statement, you can specify any API operation from any service that supports CAM. APIs prefixed with name/dts: should be used for DTS. To specify multiple operations in a single statement, separate them with commas as shown below:

      "action":["name/dts:action1","name/dts:action2"]

      You can also specify multiple operations by using a wildcard. For example, you can specify all operations beginning with "Describe" in the name as shown below:

      "action":["name/dts:Describe*"]

      If you want to specify all operations in DTS, use the * wildcard as shown below:

      "action":["name/dts:*"]

      DTS Resource Path

      Resource paths are generally in the following format:

       qcs::service_type::account:resource
      • service_type: describes the product abbreviation, such as dts here.
      • account: describes the root account of the resource owner, such as uin/32xxx546.
      • resource: describes the detailed resource information of the specific service. Each DTS task (task) is a resource.

      Below is a sample:

       "resource": ["qcs::dts::uin/32xxx546:task/dts-kf291vh3"]

      Here, dts-kf291vh3 is the ID of the DTS task, i.e., the resource in the CAM policy statement.

      Sample

      Note:

      The following example only shows the usage of CAM. For the complete process of a DTS task and the corresponding APIs, see Introduction.

      {
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "name/dts:DescribeAccessKeys"
            ],
            "resource": [
                "*"
            ]
        },
        {
            "effect": "allow",
            "action": [
                "name/dts:CreateAccess*"
            ],
            "resource": [
                "*"
            ]
        },
        {
            "effect": "allow",
            "action": [
                "name/dts:DescribeMigrateJobs"
            ],
            "resource": [
                "qcs::dts::uin/32xxx546:task/dts-kf291vh3"
            ]
        },
        {
            "effect": "allow",
            "action": [
                "name/dts:CreateMigrateCheckJob"
            ],
            "resource": [
                "qcs::dts::uin/32xxx546:task/dts-kf291vh3"
            ]
        }
    ]
}
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy