tencent cloud

All product documents
TencentDB for TcaplusDB
DocumentationTencentDB for TcaplusDBOperation GuideAccess ManagementAuthorizable Resource Types
Authorizable Resource Types
Download PDF
Last updated: 2024-12-04 10:12:05
Authorizable Resource Types
Last updated: 2024-12-04 10:12:05
Download PDF

Resource-Level Permission Overview

Resource-level permission can be used to specify which resources a user can manipulate. TcaplusDB supports certain resource-level permissions, i.e., allowing the user to perform operations or use specified resources.
In Cloud Access Management (CAM), the types of TcaplusDB resources that can be authorized are as follows:
Resource Type
Resource Description Method in Authorization Policy
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId
qcs::tcaplusdb:$region:$account:table/$tableId
The TcaplusDB cluster APIs, TcaplusDB table group APIs, and TcaplusDB table APIs sections below describe the TcaplusDB API operations which currently support resource-level permission control as well as the resources and condition keys supported by each operation. When setting the resource path, you need to replace the variable parameters such as $region and $account with your real parameter information. You can also use the \\* wildcard in the path. For related operation examples, please see TcaplusDB Access Control Examples.
For a TcaplusDB API operation that does not support authorization at the resource level, you can still authorize a user to perform it, but you must specify \\* as the resource element in the policy statement.

List of APIs Not Supporting Resource-Level Permission

API Operation
API Description
CreateBackup
Creates backup
CompareIdlFiles
Uploads and verifies table modification file
VerifyIdlFiles
Uploads and verifies table creation file
DescribeUinInWhitelist
Queries whether the current user is in the allowlist
DescribeRegions
Queries region list
DeleteIdlFiles
Deletes IDL description file
DescribeIdlFileInfos
Queries table description file details
DescribeIdlFileInfos
Queries task list

List of APIs Supporting Resource-Level Permission

TcaplusDB cluster APIs

API Operation
Resource Path
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId

TcaplusDB table group APIs

API Operation
Resource Path
qcs::tcaplusdb:$region:$account:tablegroup/*
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId
qcs::tcaplusdb:$region:$account:tablegroup/*
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId
qcs::tcaplusdb:$region:$account:tablegroup/*
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId
qcs::tcaplusdb:$region:$account:tablegroup/*
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId

TcaplusDB table APIs

API Operation
Resource Path
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support