tencent cloud

PrevNext

フィードバック

キーワードで検索してください

Recent Pages

ドキュメント
Cloud Access Management
    ドキュメント

    Database Management Center

    最終更新日:2024-05-02 09:05:46

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      Database Management Console dmc Supported not supported Resource level Partially supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      BindRuleTemplate BindRuleTemplate Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} not supported
      CancelWorkOrder Cancel-Work-Order Operation level * Supported
      CheckWorkOrder Check-Work-Order Operation level * Supported
      CloseSql CloseSql Operation level * Supported
      CreateAITaskFeedback CreateAITaskFeedback Operation level * Supported
      CreateDataSource CreateDataSource Operation level * Supported
      CreateExportTask This interface (CreateExportTask) is used for create export task. Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      CreateFavoriteDatabase CreateFavoriteDatabase Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      CreateFavoriteTable CreateFavoriteTable Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      CreateImportTask This interface (CreateImportTask) is used for create import task. Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      CreateInstanceAIInsightTask CreateInstanceAIInsightTask Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} not supported
      CreateManagedResource Create Managed Resource Operation level * Supported
      CreateMetaResource Create MetaResource Resource level qcs::dmc:${Region}:uin/${uin}:resource/${ResourceId} Supported
      CreatePermissionApplyOrder This interface (CreatePermissionApplyOrder) is used to create permission application work orders Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      CreateQuickLogin Create QuickLogin Operation level * Supported
      CreateQuickLoginFromManagedResource Create Quick Login From Managed Resource Operation level * Supported
      CreateQuickLoginFromMetaResource Create Quick Login From MetaResource Resource level qcs::dmc:${Region}:uin/${uin}:resource/${ResourceId} Supported
      CreateResourceMark Create Resource Mark Operation level * Supported
      CreateRuleTemplate Create-Rule-Template Operation level * Supported
      CreateSQLModifyOrder Create-SQL-Modify-Order Operation level * Supported
      CreateSqlAITask CreateSqlAITask Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      CreateUserSql CreateUserSql Operation level * Supported
      DeleteFavoriteDatabase DeleteFavoriteDatabase Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DeleteFavoriteTable DeleteFavoriteTable Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DeletePermissionFromUsers This interface (DeletePermissionFromUsers) is used for revoke DB auth. Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DeleteResourceMark Delete Resource Mark Operation level * Supported
      DeleteRuleTemplate Delete-Rule-Template Operation level * Supported
      DeleteUserSql DeleteUserSql Operation level * Supported
      DestroyDataSources DestroyDataSources Operation level * Supported
      DestroyManagedResources Destroy Managed Resources Operation level * Supported
      DestroyMetaResources Destroy MetaResources Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DestroyQuickLogin Destroy QuickLogin Operation level * Supported
      DuplicateRuleTemplate Duplicate-Rule-Template Operation level * Supported
      ExecuteSessionSql ExecuteSessionSql Operation level * Supported
      ExecuteSql ExecuteSql Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      ExecuteWorkOrder Execute-Work-Order Operation level * Supported
      GrantPermissionsToUsers This interface (GrantPermissionsToUsers) is used to grant user permissions Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      ImportSamplesForVectorDB ImportSamplesForVectorDB Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      LoginDMCSession LoginDMCSession Operation level * not supported
      LoginResource LoginResource Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      ModifyDataSource ModifyDataSource Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      ModifyExportTaskOrder This interface (ModifyExportTaskOrder) is used for modify export order information. Operation level * Supported
      ModifyImportTaskOrder This interface (ModifyImportTaskOrder) is used for modify import order information. Operation level * Supported
      ModifyManagedResource Modify Managed Resource Operation level * Supported
      ModifyMetaResource Modify MetaResource Resource level qcs::dmc:${Region}:uin/${uin}:resource/${ResourceId} Supported
      ModifyQuickLogin Modify QuickLogin Operation level * Supported
      ModifyResourceMark Modify Resource Mark Operation level * Supported
      ModifyRuleTemplate Modify-Rule-Template Operation level * Supported
      ModifySQLWorkOrder Modify-SQL-Work-Order Operation level * Supported
      ModifyUserSql ModifyUserSql Operation level * Supported
      ModifyWorkOrder Modify-Work-Order Operation level * Supported
      OpenSql OpenSql Resource level qcs::dmc::uin/${uin}:resource/${ResourceId} Supported
      RunSessionHeartbeat RunSessionHeartbeat Operation level * Supported
      TerminateImportExportTask This interface (TerminateImportExportTask) is used for terminate export and import task Operation level * Supported
      TerminateWorkOrderExecute Terminate-Work-Order-Execute Operation level * Supported
      UnbindRuleTemplate Unbind-Rule-Template Operation level * not supported
      UndoDestroyMetaResources Undo delete meta resource Resource level qcs::dmc:${Region}:uin/${uin}:resource/${ResourceId} Supported

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      CheckCamGrantStatus CheckCamGrantStatus Operation level * Supported
      CheckConnection CheckConnection Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      CheckPrivilegesAndConnection Check Privileges And Connection Operation level * Supported
      DescribeAsyncSql This interface (DescribeAsyncSql) is used to obtain asynchronous execution Sql results Operation level * Supported
      DescribeAutoCheckedRuleTemplate Describe-Auto-Checked-Rule-Template Operation level * Supported
      DescribeBoundResource Describe-Bound-Resource Operation level * Supported
      DescribeCheckStaffTemplate Describe-Check-Staff-Template Operation level * Supported
      DescribeCosConfig DescribeCosConfig Operation level * Supported
      DescribeCosDownloadUrl This interface (DescribeCosDownloadUrl) is used for get cos-file download address. Operation level * Supported
      DescribeDataSources DescribeDataSources Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DescribeExecuteInfo Describe-Execute-Info Operation level * Supported
      DescribeExecuteProgress Describe-Execute-Progress Operation level * Supported
      DescribeExportTaskAnalysisInfo This interface (DescribeExportTaskAnalysisInfo) is used for get export order analysis information. Operation level * Supported
      DescribeExportTaskInfo This interface (DescribeExportTaskInfo) is used for get export task information. Operation level * Supported
      DescribeFavoriteDatabases DescribeFavoriteDatabases Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DescribeFavoriteTables DescribeFavoriteTables Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DescribeHistoryExecInfoList Describe History Exec InfoL ist Operation level * Supported
      DescribeImportExportTaskInfoList This interface (DescribeImportExportTaskInfoList) is used for get export and import task list Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DescribeImportTaskAnalysisInfo This interface (DescribeImportTaskAnalysisInfo) is used for get import order analysis information. Operation level * Supported
      DescribeImportTaskInfo This interface (DescribeImportTaskInfo) is used for get import task information. Operation level * Supported
      DescribeInceptionRuleTemplate Describe-Inception-Rule-Template Operation level * Supported
      DescribeInstanceAIInsightHistory DescribeInstanceAIInsightHistory Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} not supported
      DescribeInstanceAIInsightTask DescribeInstanceAIInsightTask Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} not supported
      DescribeManagedResourceDetail Describe Managed Resource Detail Operation level * Supported
      DescribeManagedResourcePackageInfo Describe Managed Resource PackageInfo Operation level * Supported
      DescribeManagedResources Describe Managed Resources Operation level * Supported
      DescribeMetaResource Describe MetaResource Resource level qcs::dmc::uin/${uin}:resource/${ResourceId} not supported
      DescribeMetaResources Describe MetaResources Operation level * Supported
      DescribeOperationLogs DescribeOperationLogs Operation level * Supported
      DescribePermissionApplyOrder This interface (DescribePermissionApplyOrder) is used for get order information that auth to DB. Operation level * Supported
      DescribePermissionsOfUser This interface (DescribePermissionsOfUser) is used to obtain direct permissions for all instances/DB owned by the user Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} Supported
      DescribeQuickLogin Describe QuickLogin Operation level * Supported
      DescribeResourceMarks Describe Resource Marks Operation level * Supported
      DescribeRuleTemplateBaseInfo Describe-Rule-Template-Base-Info Operation level * Supported
      DescribeSQLSemanticCheckResult Describe-SQL-Semantic-Check-Result Operation level * Supported
      DescribeSQLSyntaxCheckResult Describe-SQL-Syntax-Check-Result Operation level * Supported
      DescribeSQLWorkOrder Describe-SQL-Work-Order Operation level * Supported
      DescribeSqlAITask DescribeSqlAITask Operation level * Supported
      DescribeSqlWindowHistory This interface (DescribeSqlWindowHistory) is used to obtain SQL window history Resource level qcs::dmc:${region}:uin/${uin}:resource/${ResourceId} not supported
      DescribeUserSql DescribeUserSql Operation level * Supported
      DescribeUserSqlList DescribeUserSqlList Operation level * Supported
      DescribeWorkOrder Describe-Work-Order Operation level * Supported
      DescribeWorkOrderCheckInfo Describe-Work-Order-Check-Info Operation level * Supported

      List Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      DescribeApplyWorkOrderList Describe-Apply-Work-Order-List Operation level * Supported
      DescribeDoneWorkOrderList Describe-Done-Work-Order-List Operation level * Supported
      DescribeExecInfoList Describe-Exec-Info-List Operation level * Supported
      DescribeHistoryWorkOrderList Describe-History-Work-Order-List Operation level * Supported
      DescribeRuleTemplateList Describe-Rule-Template-List Operation level * Supported
      DescribeTodoWorkOrderList Describe-Todo-Work-Order-List Operation level * Supported
      DescribeWindowRuleTemplate Describe-Window-Rule-Template Operation level * Supported
      お問い合わせ

      カスタマーサービスをご提供できるため、ぜひお気軽にお問い合わせくださいませ。

      お問い合わせ
      テクニカルサポート

      さらにサポートが必要な場合は、サポートチケットを送信して弊社サポートチームにお問い合わせください。24時間365日のサポートをご提供します。

      チケットを送信
      電話サポート(24 時間365日対応)
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      個人情報保護方針利用規約クッキーポリシー