Cloud Access Management
- Product Introduction
- Getting Started
- User Guide
- Users
- Sub-Users
- Sub-User Security Credentials
- Collaborators
- Collaborator Security Credentials
- Message Recipients
- User Settings
- User Groups
- Role
- Identity Provider
- User-Based SSO
- Role-Based SSO
- Policies
- Definition
- Authorization Guide
- Syntax Logic
- Element Reference
- CAM-Enabled Role
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Compute
- Edge Computing
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- Database SaaS Tool
- CDN and Acceleration
- Network Security
- Endpoint Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- Practical Tutorial
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- API Documentation
- User APIs
- Role APIs
- Making API Requests
- Identity Provider APIs
- Policy APIs
TDSQL for MySQL
Last updated: 2025-03-26 09:58:30
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| TDSQL for MySQL | dcdb | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| ActivateFromPolaris | activate instance from polaris service. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ActiveDedicatedDBInstance | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| AssociateSecurityGroups | Associate security groups | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| BindPolarisForDcn | bind polaris service for DCN instances. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| CancelDcnJob | stop the DCN sync connection。 | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| CancelOnlineDDLJob | Cancel online DDL job | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| CreateDedicatedClusterDCDBInstance | Create instance in dedicated cluster | Resource level | qcs::dcdb::uin/${uin}:instance/* qcs::vpc::uin/${uin}:vpc/${vpcId} qcs::vpc::uin/${uin}:subnet/${subnetId} qcs::cvm::uin/${uin}:sg/${sgId} |
Supported |
| CreateOnlineDDLJob | Create online DDL job | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| CreateTmpDCDBInstance | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| DeleteAccount | DeleteAccount | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DeleteTmpInstance | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| DestroyDCDBInstance | - | Resource level | qcs::dcdb:region:uin/account:instance/instanceId | Supported |
| DestroyHourDCDBInstance | - | Resource level | qcs::dcdb:region:uin/account:instance/instanceId | Supported |
| DisassociateSecurityGroups | Disassociate instance security groups | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| FlushBinlog | FlushBinlog | Resource level | qcs::dcdb:region:uin/account:instance/instanceId | Supported |
| InitDCDBInstances | This API is used to initialize instances, including setting the default character set and table name case sensitivity. | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported |
| IsolateDCDBInstance | IsolateDCDBInstance | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| IsolateDedicatedDBInstance | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| IsolateFromPolaris | isolate instance from polaris service. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| KillSession | - | Resource level | qcs::dcdb:region:uin/account:instance/instanceId | Supported |
| ModifyAccount | ModifyAccount | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| ModifyAccountConfig | Modify some user configurations, such as max_ user_ connections | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifyAccountDescription | ModifyAccountDescription | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifyAccountPrivileges | - | Resource level | qcs::dcdb:region:uin/account:instance/instanceId | Supported |
| ModifyAutoRenewFlag | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| ModifyBackupConfigs | modify backup configs | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| ModifyBackupDownloadRestriction | - | Operation level | * | Supported |
| ModifyBackupTime | - | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| ModifyDBEncryptAttributes | This interface is used for modify DB encryption attributes. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| ModifyDBInstanceSecurityGroups | Modify instance security groups | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| ModifyDBInstancesProject | This API is used to modify the project to which TencentDB instances belong. | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported |
| ModifyDBParameters | ModifyDBParameters | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifyInstanceNetwork | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| ModifyInstanceProxyConfig | Modify Instance Proxy Config | Resource level | qcs::dcdb::uin/${uin}:instance/${instanceId} | Supported |
| ModifyInstanceRemark | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| ModifyInstanceSSLAttributes | This interface is used to modify instance ssl attributes. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| ModifyInstanceVport | - | Resource level | qcs::dcdb:region:uin/account:instance/instanceId | Supported |
| ModifyLogFileRetentionPeriod | This API is used to modify the number of days for retention of database backup logs. | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported |
| ModifyRealServerAccessStrategy | - | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| OpenDBExtranetAccess | This API is used to enable public network access for a TencentDB instance. After that, you can access the instance with the public domain name and port obtained through the DescribeDCDBInstances API. |
Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported |
| ReleaseNetResource | Release reserved network resources | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| ResetAccountPassword | Reset Password | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| RestartDBInstances | - | Resource level | qcs::dcdb:region:uin/account:instance/instanceId | Supported |
| StartSmartDBA | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| SwitchDBInstanceHA | This API enables dynamic switching of database node availability zones | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| SwitchDcnJob | switch the master and slave dcn instances. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| SwitchRollbackInstance | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| TerminateDedicatedDBInstance | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| UnbindPolaris | unbind polaris service for DCN instances. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| UpgradeDedicatedDCDBInstance | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| ActiveHourDCDBInstance | activate instance | Operation level | * | Supported |
| CheckIpStatus | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| CloneAccount | Operation level | * | Supported | |
| CloseDBExtranetAccess | Close extranet access | Operation level | * | Supported |
| CopyAccountPrivileges | Copy account privileges | Operation level | * | Supported |
| CreateAccount | Create Account | Operation level | * | Supported |
| CreateDCDBInstance | Create prepaid instance | Resource level | qcs::dcdb::uin/${uin}:instance/* qcs::vpc::uin/${uin}:vpc/${vpcId} qcs::vpc::uin/${uin}:subnet/${subnetId} qcs::cvm::uin/${uin}:sg/${sgId} |
not supported |
| CreateHourDCDBInstance | Create postpaid instance | Resource level | qcs::dcdb::uin/${uin}:instance/* qcs::vpc::uin/${uin}:vpc/${vpcId} qcs::vpc::uin/${uin}:subnet/${subnetId} qcs::cvm::uin/${uin}:sg/${sgId} |
Supported |
| DescribeAccountPrivileges | Describe account privileges | Operation level | * | Supported |
| DescribeAccounts | get use account list | Operation level | * | Supported |
| DescribeBackupConfigs | describe backup configs | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| DescribeBackupDownloadRestriction | - | Operation level | * | Supported |
| DescribeBackupFiles | - | Operation level | * | Supported |
| DescribeBackupMonitorData | - | Operation level | * | Supported |
| DescribeBackupOverview | - | Operation level | * | Supported |
| DescribeBackupSummaries | - | Operation level | * | Supported |
| DescribeBackupTime | - | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| DescribeBatchDCDBRenewalPrice | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| DescribeCommonDBInstances | Get instance list | Operation level | * | Supported |
| DescribeConfigHistories | DescribeConfigHistories | Resource level | qcs::dcdb::uin/${uin}:instance/${instanceId} | Supported |
| DescribeDBCharsets | Get character set information | Operation level | * | Supported |
| DescribeDBDetailMetrics | - | Resource level | qcs::dcdb:region:uin/account:instance/instanceId | Supported |
| DescribeDBEncryptAttributes | This interface is used to describe DB encryption attributes. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| DescribeDBEngines | Get DB engine version list | Operation level | * | Supported |
| DescribeDBInstanceHAInfo | DescribeDBInstanceHAInfo | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| DescribeDBInstanceRsip | Describe instance rsip | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeDBLogFiles | Operation level | * | Supported | |
| DescribeDBMetrics | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| DescribeDBParameters | This API is used to get the current parameter settings of a database. | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported |
| DescribeDBSecurityGroups | Describe instance security groups | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeDBSlowLogAnalysis | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| DescribeDBSlowLogs | Operation level | * | Supported | |
| DescribeDBSyncMode | Operation level | * | Supported | |
| DescribeDBTmpInstances | DescribeDBTmpInstances | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported |
| DescribeDCDBBinlogTime | Query the available time range for rollback | Operation level | * | Supported |
| DescribeDCDBInstanceDetail | Describe instance detail | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeDCDBInstanceNodeInfo | Get instance node info | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeDCDBInstanceShardInfo | DescribeDCDBInstanceShardInfo | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeDCDBInstances | Describe instance list | Operation level | * | Supported |
| DescribeDCDBPrice | Describe price | Operation level | * | Supported |
| DescribeDCDBRenewalPrice | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| DescribeDCDBRollbackInstances | DescribeDCDBRollbackInstances | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| DescribeDCDBSaleInfo | Query available zones for sale | Operation level | * | Supported |
| DescribeDCDBShards | Describe DCDB shards info | Operation level | * | Supported |
| DescribeDCDBUpgradePrice | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| DescribeDatabaseObjects | Describe database objects | Operation level | * | Supported |
| DescribeDatabaseTable | Describe database table columns | Operation level | * | Supported |
| DescribeDatabases | Describe databases | Operation level | * | Supported |
| DescribeDcnDetail | DescribeDcnDetail | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| DescribeDcnRelations | list all DCN instances. | Operation level | * | Supported |
| DescribeErrorLogs | Describe error log details | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeFenceShardSpec | Operation level | * | Supported | |
| DescribeFileDownloadUrl | - | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported |
| DescribeFlow | Describe flow status | Operation level | * | Supported |
| DescribeInstanceProxyConfig | This interface is used to describe instance proxy config. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| DescribeInstanceSSLAttributes | This interface is used to describe DB SSL attributes. | Resource level | qcs::dcdb:${region}:uin/${uin}:instance/instanceId | Supported |
| DescribeInstances | Describe instances | Operation level | * | Supported |
| DescribeLatestCloudDBAReport | Resource level | qcs::dcdb:${Region}:uin/:instance/${InstanceId} | Supported | |
| DescribeLogFileRetentionPeriod | Operation level | * | Supported | |
| DescribeOnlineDDLJob | Describe online DDL job | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeOrders | Operation level | * | Supported | |
| DescribeProjectSecurityGroups | Describe project security groups | Operation level | * | Supported |
| DescribeProjects | This API is used to query the project list. | Operation level | * | Supported |
| DescribePublicKey | Describe public key | Operation level | * | Supported |
| DescribeShardSpec | Describe instance specifications | Operation level | * | Supported |
| DescribeSlowLogs | Describe slow log details | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeUserTasks | DescribeUserTasks | Operation level | * | Supported |
| GrantAccountPrivileges | Grant account privileges | Operation level | * | Supported |
| IsolateHourDCDBInstance | IsolateHourDCDBInstance | Resource level | qcs::dcdb::uin/${uin}:instance/${InstanceId} | Supported |
| ModifyDBSyncMode | Operation level | * | Supported | |
| ModifyInstanceVip | Modify instance vip | Resource level | qcs::dcdb::uin/${uin}:instance/${instanceId} qcs::vpc::uin/${uin}:vpc/${vpcId} qcs::vpc::uin/${uin}:subnet/${subnetId} |
Supported |
| RenewDCDBInstance | Renew instance | Operation level | * | Supported |
| UpgradeDCDBInstance | upgrade instance | Operation level | * | Supported |
| UpgradeHourDCDBInstance | Upgrade instance | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No