Cloud Access Management
- Product Introduction
- Getting Started
- User Guide
- Users
- Sub-Users
- Sub-User Security Credentials
- Collaborators
- Collaborator Security Credentials
- Message Recipients
- User Settings
- User Groups
- Role
- Identity Provider
- User-Based SSO
- Role-Based SSO
- Policies
- Definition
- Authorization Guide
- Syntax Logic
- Element Reference
- CAM-Enabled Role
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Compute
- Edge Computing
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- Database SaaS Tool
- CDN and Acceleration
- Network Security
- Endpoint Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- Practical Tutorial
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- API Documentation
- User APIs
- Role APIs
- Making API Requests
- Identity Provider APIs
- Policy APIs
TencentDB for PostgreSQL
Last updated: 2025-03-26 10:02:36
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| TencentDB For PostgreSQL | postgres | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddDBInstanceToReadOnlyGroup | Add Instance to ReadOnlyGroup | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CloneDBInstance | clone instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CloseDBExtranetAccess | Close the instance\\\\\\\\\\\\\\\'s external network | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CloseLog | close log | Resource level | qcs::postgres:${Region}:uin/${uin}:DBInstanceId/${InstanceId} | Supported |
| CloseServerlessDBExtranetAccess | Close serverless instance extranet | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CreateAccount | Create account | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CreateBackupPlan | CreateBackupPlan | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CreateBaseBackup | This interface is used to create a base backup of an instance. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CreateDBInstanceNetworkAccess | You can add a network to the instance. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CreateDBInstances | Create DBInstance | Operation level | * | Supported |
| CreateDatabase | Create database | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CreateInstances | Create DBInstance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| CreateParameterTemplate | Create parameter template. | Operation level | * | Supported |
| CreateReadOnlyDBInstance | Create ReadOnly DBInstance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| CreateReadOnlyGroup | Create ReadOnlyGroup | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CreateReadOnlyGroupNetworkAccess | CreateReadOnlyGroupNetworkAccess | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| CreateServerlessDBInstance | Create ServerlessDB instance | Operation level | * | Supported |
| DeleteAccount | Delete account | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DeleteBackupPlan | DeleteBackupPlan | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DeleteBaseBackup | This interface is used to delete the specified base backup of the instance. | Operation level | * | Supported |
| DeleteDBInstanceNetworkAccess | DeleteDBInstanceNetworkAccess | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DeleteLogBackup | This interface is used to delete the specified log backup of instance. | Operation level | * | Supported |
| DeleteParameterTemplate | Delete a parameter template | Operation level | * | Supported |
| DeleteReadOnlyGroup | Delete ReadOnlyGroup | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DeleteReadOnlyGroupNetworkAccess | DeleteReadOnlyGroupNetworkAccess | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DeleteServerlessDBInstance | Delete ServerlessDB instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DestroyDBInstance | Delete Instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| DisIsolateDBInstances | disIsolate instances | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| InitDBInstances | Initialize the instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| IsolateDBInstances | isolate instances | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| LockAccount | Lock account | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyAccountPrivileges | Modify account privileges | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyAccountRemark | Modify account notes | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyBackupDownloadRestriction | modify backup download restriction | Operation level | * | Supported |
| ModifyBackupPlan | Used to modify the instance backup plan. The default is to start a full backup in the early morning, and the duration of the daily backup is 7 days. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyBaseBackupExpireTime | This interface is used to modify the expire time of the specified base backup of the instance. | Operation level | * | Supported |
| ModifyDBInstanceChargeType | ModifyDBInstanceChargeType | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| ModifyDBInstanceDeployment | Modify instance node availability zone deployment. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyDBInstanceHAConfig | The API ModifyDBInstanceHAConfig is used to modify instance ha config. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyDBInstanceName | Modify instance name | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyDBInstanceParameters | ModifyDBInstanceParameters | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyDBInstanceReadOnlyGroup | change Instance ReadOnlyGroup | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyDBInstanceSecurityGroups | Modify database instance security groups. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyDBInstanceSpec | Modify instance specifications, including memory and disk. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| ModifyDBInstancesProject | Modify the project of instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyDatabaseOwner | Modify database owner | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyLog | modify log | Resource level | qcs::postgres:${Region}:uin/${uin}:DBInstanceId/${InstanceId} | Supported |
| ModifyMaintainTimeWindow | Modify maintain time window of instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifyParameterTemplate | Modify the base infomation and parameters about a parameter template. | Operation level | * | Supported |
| ModifyReadOnlyGroupConfig | Modify ReadOnlyGroup Config value | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| ModifySwitchTimePeriod | When the upgrade requires switching, modify the switching, with the value of 0: switch immediately, and 1: switch at the specified time. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| OpenDBExtranetAccess | Open extranet | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| OpenLog | open log | Resource level | qcs::postgres:${Region}:uin/${uin}:DBInstanceId/${InstanceId} | Supported |
| OpenServerlessDBExtranetAccess | Open serverless instance extranet | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| RebalanceReadOnlyGroup | Rebalance ReadOnlyGroup by ReadOnly instance weight | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| RemoveDBInstanceFromReadOnlyGroup | Remove Instance From ReadOnlyGroup | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| RenewInstance | Renewal | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| ResetAccountPassword | Reset account password | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| RestartDBInstance | Restart instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| RestoreDBInstanceObjects | restore database objects | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| SetAutoRenewFlag | Set automatic renewal | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| SwitchDBInstancePrimary | The API SwitchDBInstancePrimary is used to switch primary. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| UnlockAccount | Unlock account | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| UpgradeDBInstance | Upgrade instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| UpgradeDBInstanceKernelVersion | The API UpgradeDBInstanceKernelVersion is used to upgrade the kernel version. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| UpgradeDBInstanceMajorVersion | Upgrade instance kernel major version. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CreateExportTask | create export task | Resource level | qcs::postgres:${Region}:uin/${uin}:DBInstanceId/${InstanceId} | Supported |
| DeleteExportTask | delete export task | Resource level | qcs::postgres:${Region}:uin/${uin}:DBInstanceId/${InstanceId} | Supported |
| DescribeAccountPrivileges | Describe account privileges | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeAccounts | Get user list | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeAvailableRecoveryTime | query instance available recovery time. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeBackupDownloadRestriction | describe backup download restriction | Operation level | * | Supported |
| DescribeBackupDownloadURL | This interface is used to obtain the backup download URL. | Operation level | * | Supported |
| DescribeBackupOverview | This interface is used to query the user\'s backup overview information(capacity unit is byte). | Operation level | * | Supported |
| DescribeBackupPlans | Query all backup plans of the instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeClasses | The API DescribeClasses is used to query instance available classes. | Operation level | * | Supported |
| DescribeCloneDBInstanceSpec | query clone instance spec. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBBackups | Querying backup list | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBErrlogs | Get error log | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBInstanceAttribute | Query instance details | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBInstanceAvailability | The API DescribeDBInstanceAvailability is used to describe instance availability. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBInstanceHAConfig | The API DescribeDBInstanceHAConfig is used to describe instance HA config. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBInstanceParameters | DescribeDBInstanceParameters | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBInstanceSSLConfig | Query the SSL configuration information for a specific instance. | Resource level | qcs::postgres::uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBInstanceSecurityGroups | Describe database instance security groups. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBInstanceSwitchOverEvents | The API DescribeDBInstanceSwitchOverRecordsis used to describe instance switchover events. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBSlowlogs | Get slow query log | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDBVersions | The API DescribeDBVersions is used to query database versions. | Operation level | * | Supported |
| DescribeDBXlogs | Get xlog list | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDatabaseObjects | Describe database objects | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDatabases | Query database list | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDedicatedClusters | DescribeDedicatedClusters | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeDefaultParameters | Query default parameters. | Operation level | * | Supported |
| DescribeEncryptionKeys | Gets a list of key information for the instance. | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeExportTasks | describe export tasks | Resource level | qcs::postgres:${Region}:uin/${uin}:DBInstanceId/${InstanceId} | Supported |
| DescribeLogInstanceList | Query instance log info list | Resource level | qcs::postgres:${Region}:uin/${uin}:DBInstanceId/$DBInstanceId | not supported |
| DescribeLogs | describe log | Resource level | qcs::postgres:${Region}:uin/${uin}:DBInstanceId/${InstanceId} | Supported |
| DescribeMaintainTimeWindow | Query maintain time window of instance | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeOrders | Get order information | Operation level | * | Supported |
| DescribeParameterTemplateAttributes | Query a parameter-template\\\\\\\\\\\\\\\'s base information and parameters | Operation level | * | Supported |
| DescribeParameterTemplates | Query the list of parameter templates | Operation level | * | Supported |
| DescribeParamsEvent | DescribeParamsEvent | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeProductConfig | Check sales specifications | Operation level | * | Supported |
| DescribeRegions | Query Supported Regions | Operation level | * | Supported |
| DescribeSlowQueryAnalysis | Describe SlowQuery Analysis | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeSlowQueryList | Describe SlowQuery List | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeZones | Querying Availability Zones in Supported Regions | Operation level | * | Supported |
| InquiryPriceCreateDBInstances | Check sale price | Operation level | * | Supported |
| InquiryPriceRenewDBInstance | Query instance renewal price | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| InquiryPriceUpgradeDBInstance | Query upgrade price | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeBackupSummaries | This interface is used to query the statistical information of instance backups(capacity unit is byte). | Operation level | * | Supported |
| DescribeBaseBackups | This interface is used to query the base backup list. | Operation level | * | Supported |
| DescribeDBInstances | Query instance list | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeLogBackups | This interface is used to query the log backup list. | Operation level | * | Supported |
| DescribeReadOnlyGroups | Query ReadOnlyGroup list | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeServerlessDBInstances | Query ServerlessDB instance list | Resource level | qcs::postgres:${region}:uin/${uin}:DBInstanceId/$DBInstanceId | Supported |
| DescribeTasks | This interface (DescribeTasks) is used to query the asynchronous task list and display the execution progress of asynchronous tasks. | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No