可授权的资源类型

最近更新时间:2021-01-19 17:08:05

资源级权限指的是能够指定用户对哪些资源具有执行操作的能力。TDSQL-C 部分支持资源级权限,即表示针对支持资源级权限的 TDSQL-C 操作,您可以控制何时允许用户执行操作或是允许用户使用特定资源。访问管理(Cloud Access Management,CAM)中可授权的资源类型如下:

资源类型 授权策略中的资源描述方法
TDSQL-C 集群相关 qcs::cynosdb:$region::instance/*
qcs::cynosdb:$region:$account:instanceId/$clusterId

下表将介绍当前支持资源级权限的 TDSQL-C API 操作,以及每个操作支持的资源。指定资源路径的时候,您可以在路径中使用 * 通配符。

说明:

表中未列出的云数据库 API 操作,即表示该云数据库 API 操作不支持资源级权限。针对不支持资源级权限的云数据库 API 操作,您仍可以向用户授予使用该操作的权限,但策略语句的资源元素必须指定为 *。

TDSQL-C 集群相关

API 操作 资源路径
DescribeBackupConfig qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeBackupList qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeRollbackTimeRange qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeRollbackTimeValidity qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ModifyBackupConfig qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ActivateCluster qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeClusterDetail qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
IsolateCluster qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ModifyClusterName qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ModifyClusterProject qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
OfflineCluster qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DeleteAccounts qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeAccounts qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ModifyAccountDescription qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ResetAccountPassword qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeClusterInstanceGrps qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ActivateInstance qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeInstanceDetail qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
IsolateInstance qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
UpgradeInstance qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ModifyInstanceName qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
OfflineInstance qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeClusterAddr qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeClusterNetService qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeClusterParams qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeClusterServerInfo qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeErrorLogs qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeMaintainPeriod qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeSlowLogs qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ModifyClusterParam qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ModifyMaintainPeriodConfig qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeDBSecurityGroups qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
ModifyDBInstanceSecurityGroups qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
CloseWan qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
OpenWan qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeClusters qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeInstances qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId
DescribeIsolatedInstances qcs::cynosdb:$region:$account:instanceId/* qcs::cynosdb:$region:$account:instanceId/$clusterId