tencent cloud

Feedback

Authorizable Resource Types

Last updated: 2024-01-24 11:16:51

    Resource-Level Permission Overview

    Resource-level permissions specify resources a user can operate. TencentDB for PostgreSQL supports specific resource-level permissions, i.e., allowing the user to perform operations or use specific resources. In Cloud Access Management (CAM), the types of PostgreSQL resources that can be authorized are as follows:
    Resource Type
    Resource Description Method in Access Policies
    qcs::postgres:$region:$account:DBInstanceId/$DBInstanceId
    qcs::postgres:$region:$account:DBInstanceId/*
    The PostgreSQL instance APIs section in this document describes PostgreSQL API operations that currently support resource-level permissions as well as resources and condition keys supported by each operation. When configuring the resource path, you need to replace values of the parameters such as $region and $account with your actual values. You can also use the wildcard (*) in the path. For more information, please see Console Examples.
    Note:
    For a PostgreSQL API operation that does not support authorization at the resource level, you can still authorize a user to perform the operation. In this case, you must specify * as the resource element in the policy statement.

    List of APIs Not Supporting Resource-Level Permissions

    API Operation
    API Description
    CreateDBInstances
    Creates an instance
    CreateServerlessDBInstance
    Creates a PostgreSQL for Serverless instance
    DescribeOrders
    Obtains order information
    DescribeRegions
    Queries available regions
    DescribeZones
    Queries available availability zones
    DescribeProductConfig
    Queries product specifications
    InquiryPriceCreateDBInstances
    Queries prices
    DescribeServerlessDBInstances
    Queries the list of PostgreSQL for Serverless instances

    List of APIs Supporting Resource-Level Permissions

    [PostgreSQL instance APIs]

    PostgreSQL for Serverless instance APIs
    API Name
    API Description
    CloseServerlessDBExtranetAccess
    Disables the public network access for a PostgreSQL for Serverless instance
    DeleteServerlessDBInstance
    Deletes a PostgreSQL for Serverless instance
    OpenServerlessDBExtranetAccess
    Enables the public network access for a PostgreSQL for Serverless instance
    Backup and restoration APIs
    API Name
    API Description
    DescribeDBBackups
    Queries the list of instance backups
    DescribeDBErrlogs
    Obtains error logs
    DescribeDBSlowlogs
    Obtains slow query logs
    DescribeDBXlogs
    Obtains the Xlog list
    Instance APIs
    API Name
    API Description
    CloseDBExtranetAccess
    Disables the public network address for an instance
    DescribeDBInstanceAttribute
    Queries instance details
    DescribeDatabases
    Pulls the instance list
    DestroyDBInstance
    Terminates an instance
    InitDBInstances
    Initializes an instance
    InquiryPriceRenewDBInstance
    Queries the instance renewal price
    InquiryPriceUpgradeDBInstance
    Queries the instance upgrade price
    ModifyDBInstanceName
    Modifies the instance name
    ModifyDBInstancesProject
    Transfers an instance to another project
    OpenDBExtranetAccess
    Enables public network access
    RenewInstance
    Renews an instance
    RestartDBInstance
    Restarts an instance
    SetAutoRenewFlag
    Sets auto-renewal
    UpgradeDBInstance
    Upgrades an instance
    DescribeDBInstances
    Queries the instance list
    Account APIs
    API Name
    API Description
    DescribeAccounts
    Obtains the list of instance users
    ModifyAccountRemark
    Modifies the account password
    ResetAccountPassword
    Resets the account password
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support