资源级权限指的是能够指定用户对哪些资源具有执行操作的能力。TDSQL-C MySQL 版部分支持资源级权限,即表示针对支持资源级权限的 TDSQL-C MySQL 版操作,您可以控制何时允许用户执行操作或是允许用户使用特定资源。访问管理(Cloud Access Management,CAM)中可授权的资源类型如下:
资源类型 | 授权策略中的资源描述方法 |
qcs::cynosdb:$region::instance/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
下表将介绍当前支持资源级权限的 TDSQL-C MySQL 版 API 操作,以及每个操作支持的资源。指定资源路径的时候,您可以在路径中使用 * 通配符。
说明
表中未列出的云数据库 API 操作,即表示该云数据库 API 操作不支持资源级权限。针对不支持资源级权限的云数据库 API 操作,您仍可以向用户授予使用该操作的权限,但策略语句的资源元素必须指定为 *。
集群相关
集群相关
API 操作 | 资源路径 |
DescribeBackupConfig | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeBackupList | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeRollbackTimeRange | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeRollbackTimeValidity | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ModifyBackupConfig | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ActivateCluster | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeClusterDetail | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
IsolateCluster | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ModifyClusterName | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ModifyClusterProject | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
OfflineCluster | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DeleteAccounts | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeAccounts | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ModifyAccountDescription | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ResetAccountPassword | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeClusterInstanceGrps | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ActivateInstance | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeInstanceDetail | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
IsolateInstance | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
UpgradeInstance | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ModifyInstanceName | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
OfflineInstance | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeClusterAddr | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeClusterNetService | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeClusterParams | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeClusterServerInfo | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeErrorLogs | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeMaintainPeriod | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeSlowLogs | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ModifyClusterParam | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ModifyMaintainPeriodConfig | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeDBSecurityGroups | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
ModifyDBInstanceSecurityGroups | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
CloseWan | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
OpenWan | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeClusters | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeInstances | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
DescribeIsolatedInstances | qcs::cynosdb:$region:$account:instanceId/*qcs::cynosdb:$region:$account:instanceId/$clusterId |
