{"version":"2.0","statement":[{"effect":"effect","action":["action"],"resource":["resource"],"condition": {"key":{"value"}}}]}
effect
, action
, resource
, and condition
. One policy has only one statement.cynosdb:
are used for TDSQL-C for MySQL, such as cynosdb:DescribeClusters
or cynosdb:ResetAccountPassword
.
To specify multiple operations in a single statement, separate them by comma."action":["cynosdb:action1","cynosdb:action2"]
"action":["cynosdb:Describe*"]
*
wildcard."action":["cynosdb:*"]
qcs:project_id:service_type:region:account:resource
cynosdb
.bj
.uin/12xxx8
.instance/clusterId
or instance/*
."resource":[ "qcs::cynosdb:bj:uin/12xxx8:instance/cynosdbmysql-123abc"]
*
wildcard to specify it for all clusters that belong to a specific account."resource":[ "qcs::cynosdb:bj:uin/12xxx8:instance/*"]
resource
element."resource": ["*"]
"resource":["resource1","resource2"]
$
are placeholders, region
refers to a region, and account
refers to an account ID.Resource | Resource Description Method in Authorization Policy |
Cluster | qcs::cynosdb:$region:$account:instance/$clusterId |
VPC | qcs::vpc:$region:$account:vpc/$vpcId |
Security group | qcs::cvm:$region:$account:sg/$sgId |
Was this page helpful?