tencent cloud

All product documents
Cloud Access Management
DocumentationCloud Access ManagementCAM-Enabled APINoSQL DatabaseTencentDB for MongoDB
TencentDB for MongoDB
Download PDF
Last updated: 2025-03-26 10:01:51
TencentDB for MongoDB
Last updated: 2025-03-26 10:01:51
Download PDF

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
Cloud MongoDB mongodb Supported Supported Resource level Partially supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AddFlashbackFilters Added collections that supports flashback by key Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
AssignProject AssignProject Operation level * Supported
BackupDBInstance Backup DB Instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
CreateAccountUser CreateAccountUser Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
CreateBackupDBInstance CreateBackupDBInstance Operation level * Supported
CreateBackupDownloadTask Create Backup Download Task Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
CreateDBInstance CreateDBInstance Resource level qcs::mongodb::uin/${uin}:instance/*
qcs::vpc::uin/${uin}:vpc/${vpcId}
qcs::vpc::uin/${uin}:subnet/${subnetId}
qcs::cvm::uin/${uin}:sg/${sgId}		 not supported
CreateDBInstanceHour CreateDBInstanceHour Resource level qcs::mongodb::uin/${uin}:instance/*
qcs::vpc::uin/${uin}:vpc/${vpcId}
qcs::vpc::uin/${uin}:subnet/${subnetId}
qcs::cvm::uin/${uin}:sg/${sgId}		 Supported
CreateDBInstanceParamTpl Create database parameter template Operation level * Supported
CreateLogDownloadTask CreateLogDownloadTask Resource level qcs::mongodb:${Region}:uin/${uin}:instance/$instance Supported
DeleteAccountUser Delete Account User Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
DeleteBackupDownloadTask DeleteBackupDownloadTask Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeCreateDBInstancesParam DescribeCreateDBInstancesParam Operation level * not supported
DropDBInstanceParamTpl Drop database parameter template Operation level * Supported
EnableSRVConnectionUrl EnableSRVConnectionUrl Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
EnableTransparentDataEncryption Enable data transparent encryption for mongo instances Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
ExchangeInstance Exchange Instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
FlashBackDBInstance Execute flashback by key Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
FlushInstanceRouterConfig FlushInstanceRouterConfig Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
IsolateDBInstance IsolateDBInstance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
KillOps KillOps Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
MigrateInstanceAdjustReverseRunTime migrate instance to the cloudbase and adjust the reverse runtime Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} not supported
MigrateInstanceSwitchSignal migrate instance to cloudbase and initiate switch Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} not supported
MigrateInstanceToCloudBase migrate instance to cloudbase Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} not supported
ModifyDBInstanceNetworkAddress ModifyDBInstanceNetworkAddress Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
ModifyDBInstanceNodeProperty modify DB instance node property Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
ModifyDBInstanceParamTpl Modify database parameter template Operation level * Supported
ModifyDBInstanceSecurityGroup ModifyDBInstanceSecurityGroup Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
ModifyDBInstanceSpec ModifyDBInstanceSpec Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
ModifyDBInstancesChargeType ModifyDBInstancesChargeType Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
ModifyInstanceParams ModifyInstanceParams Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
ModifySRVConnectionUrl ModifySRVConnectionUrl Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
OfflineIsolatedDBInstance Offline Isolated DB Instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
OpenDBInstanceNodeIp open node Ip Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
OpenTransparentDataEncryption Enable data transparent encryption for mongo instances Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} not supported
PromoteDBInstanceToActive PromoteDBInstanceToActive Resource level qcs::mongodb::uin/${uin}:instance/${instance} Supported
ReleaseIsolatedDBInstances ReleaseIsolatedDBInstances Operation level * Supported
RemoveCloneInstance Remove Clone Instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
RenameCollection RenameCollection Operation level * not supported
RenameInstance RenameInstance Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
RenewDBInstances RenewDBInstances Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
RenewInstance Renew Instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
ResetDBInstancePassword ResetDBInstancePassword Operation level * Supported
ResizeOplog Resize Oplog Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
RestartInstance Restart Instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
RestartNodes restart nodes Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
RestoreDBInstance Restore DB Instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
RestoreDatabases RestoreDatabases Operation level * not supported
SetAccountUserPrivilege SetAccountUserPrivilege Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
SetAutoRenew Set Auto Renew Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
SetBackupRules set backup rules Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
SetInstanceFormal Set Instance Formal Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
SetInstanceMaintenance Set Instance Maintenance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
SetMultiRegionBackup SetMultiRegionBackup Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
SetPassword Set Password Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
SetReadOnlyToNormal Set ReadOnly to Normal Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
SetUserDesc SetUserDesc Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
StartFlashback Enable key flashback log upload Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
SwitchDBInstancePrimary Switch Primary Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
TerminateDBInstance Terminate DB Instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
TerminateDBInstanceHour Terminate DB Instance Hour Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
TerminateDBInstances TerminateDBInstances Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
UpgradeDBInstanceKernelVersion This interface (UpgradeDBInstanceKernelVersion) is used to upgrade the database instance kernel version. Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
UpgradeDbInstanceVersion This interface upgrades the database version. Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckDBInstanceLocalResize Check whether the instance can quickly change spec Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
CheckMigrateInstanceToCloudBase check whether the migration instance can be migrated to the cloudbase Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} not supported
CheckMongoDBLinkedKmsRole Determine whether the current user already has the cam role required by the cloud product mongo to call kms Operation level * Supported
CheckWhiteListRecordExist CheckWhiteListRecordExist Operation level * Supported
DeleteLogDownloadTask DeleteLogDownloadTask Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeAccountUsers Describe Account Users Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeAsyncRequestInfo DescribeAsyncRequestInfo Operation level * Supported
DescribeAuditInstanceList This API (DescribeAuditInstanceList) can query the list of audit instances that are activated and deactivated Operation level * not supported
DescribeBackupAccess Describe Backup Access Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
DescribeBackupDownloadTask Describe Backup Download Task Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeBackupRules DescribeBackupRules Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeClientConnections DescribeClientConnections Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
DescribeConnectionStatus DescribeConnectionStatus Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeCurrentOp DescribeCurrentOp Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
DescribeCustomMasterKeyList Get the master key list of user\\\\\\\'s kms Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
DescribeDBBackups Describe DB Backups Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
DescribeDBInstanceDeal DescribeDBInstanceDeal Operation level * Supported
DescribeDBInstanceNamespace DescribeDBInstanceNamespace Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} not supported
DescribeDBInstanceNodeProperty describe DB instance node property Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
DescribeDBInstanceParamTpl Query all MongoDB database parameter templates under an account Operation level * Supported
DescribeDBInstanceParamTplDetail Query parameter template details Operation level * Supported
DescribeDBInstanceURL describe DB Instance URL Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
DescribeDBInstanceVersion This interface is used to obtain the kernel version information of the MongoDB instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
DescribeDBInstances DescribeDBInstances Resource level qcs::mongodb::uin/${uin}:instance/$instance not supported
DescribeFlashbackFilters Obtain database table information that supports flashback by key Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
DescribeInstanceDB Describe Instance DB Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeInstanceDatabases DescribeInstanceDatabases Operation level * Supported
DescribeInstanceLoginInfo DescribeInstanceLoginInfo Resource level qcs::mongodb::uin/${uin}:instance/${instance} not supported
DescribeInstanceParamRecords DescribeInstanceParamRecords Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
DescribeInstanceParams DescribeInstanceParams Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeInstanceRestoreInfo DescribeInstanceRestoreInfo Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeLogDownloadTasks DescribeLogDownloadTasks Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeMigrateInstanceDetail migrate instance to the cloudbase, describe migration details Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} not supported
DescribeMongoDBLinkedClbRole Describe MongoDB Linked ClbRole Operation level * Supported
DescribeMongodbLogs DescribeMongodbLogs Operation level * Supported
DescribeRenewDBInstancesParam DescribeRenewDBInstancesParam Operation level * not supported
DescribeSecurityGroup DescribeSecurityGroup Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
DescribeSlowLogPatterns DescribeSlowLogPatterns Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeSlowLogs DescribeSlowLogs Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported
DescribeSpecInfo DescribeDBInstanceDeal Operation level * not supported
DescribeTransparentDataEncryptionStatus Get whether transparent data encryption is turned on for the current instance Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
DescribeWanServiceHealth Describe WanService Health Resource level qcs::mongodb:${region}:uin/${uin}:instance/${instance} Supported
DisableSRVConnectionUrl DisableSRVConnectionUrl Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
GetPublicKey GetPublicKey Operation level * Supported
InquirePriceCreateDBInstances Inquire Price Create DBInstances Operation level * Supported
InquirePriceModifyDBInstanceSpec InquirePriceModifyDBInstanceSpec Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
InquirePriceRenewDBInstances InquirePriceRenewDBInstances Resource level qcs::mongodb::uin/${uin}:instance/$instance Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeInstanceTaskInfo Describe Instance Task Infomation Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance not supported
DescribeSlowLog Describe Slow Log Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
DescribeSlowLogPattern Describe SlowLog Parttern Resource level qcs::mongodb:${region}:uin/${uin}:instance/$instance Supported
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon