tencent cloud

All product documents
Cloud Access Management
DocumentationCloud Access ManagementCAM-Enabled APIRelational DatabaseTencentDB for SQL Server
TencentDB for SQL Server
Download PDF
Last updated: 2025-03-26 10:03:37
TencentDB for SQL Server
Last updated: 2025-03-26 10:03:37
Download PDF

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
TencentDB for SQL Server sqlserver Supported Supported Resource level Partially supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AssociateSecurityGroups Associate Security Groups Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
BalanceROGroup Balancing weights within the RO group Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
BalanceReadOnlyGroup Balance the routing weight of read-only instances Resource level qcs::sqlserver:${region}:uin/${uin}:instance/$instanceId Supported
CloneDB Clone Databases Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
CloseInterCommunication This interface (CloseInterCommunication) is used to close instance intercommunication. Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
CompleteExpansion Complete instance expansion immediately Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
CreateAccount Create account Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
CreateBackup create backup Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
CreateBackupMigration Create Backup Migration Job Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
CreateBasicDBInstances Create Basic Instances Operation level * not supported
CreateBusinessDBInstances This interface (CreateBusinessDBInstances) is used to create business intelligence service instances. Operation level * Supported
CreateBusinessIntelligenceFile This interface (CreateBusinessIntelligenceFile) is used to add a business intelligence service file. Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
CreateCloudDBInstances This interface (CreateCloudDBInstances) is used to create a highly available instance (VM version). Operation level * not supported
CreateCloudReadOnlyDBInstances This interface (CreateCloudReadOnlyDBInstances) is used to add read replica instances (VM version). Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
CreateIncrementalMigration Create Increment Migration Job Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
CreateMigration Create a migration task Operation level * Supported
CreatePublicKey create new public key Operation level * not supported
CreatePublishSubscribe Create a publish subscription relationship Operation level * Supported
CreateROInstances Create a read-only copy Operation level * not supported
CreateReadOnlyDBInstances Create ReadOnly Instances Resource level qcs::sqlserver:$region:$account:instance/$instanceId Supported
CreateSIInstances Create a basic instance Operation level * not supported
CutXEvents Manually splitting blocking logs and deadlock logs Resource level qcs::sqlserver::uin/${uin}:instance/${instanceId} Supported
DeleteAccount Delete account Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteBackupMigration Delete Backup Migration Job Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteBusinessIntelligenceFile This interface (DeleteBusinessIntelligenceFile) is used to delete business intelligence files. Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteDB Delete database Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteDBInstance Delete DB Instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteDBInstanceSet Instantly offline instances in batches Resource level qcs::sqlserver:${region}:uin/${uin}:instance/$instanceId Supported
DeleteIncrementalMigration Delete Increment Migration Job Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteMigration Delete migration task Operation level * Supported
DeletePublishSubscribe Delete publish subscription relationship Operation level * Supported
DeleteRestoreTask Delete the restore task record Resource level qcs::sqlserver:${region}:uin/${uin}:instance/$instanceId Supported
DisassociateSecurityGroups Disassociate Security Groups Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyAccountCam Modify instance account whether switch CAM validation Resource level qcs::sqlserver:${Region}:uin/${uin}:instance/${instance} Supported
ModifyAccountPrivilege Modify account authority Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyBackupMigration Modify Backup Migration Job Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyBackupName Modify backup name Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyBackupStrategy Modify the time the backup was created Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyBusinessIntelligenceFileRemark This interface (ModifyBusinessIntelligenceFileRemark) is used to modify the remarks of the business intelligence service file. Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
ModifyCloseWanIp close wanIp Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyCrossBackupStrategy The command is used to enable or disable a regional backup policy Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDBEncryptAttributes Turn on and off the TDE encryption function of the database Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDBInstanceName Modify instance name Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDBInstanceNetwork Modify Instance Network From VPC To VPC Resource level qcs::sqlserver:$region:$account:instance/$instanceId Supported
ModifyDBInstanceNote Modify instance remark information Resource level qcs::sqlserver:${region}:uin/${uin}:instance/$instanceId Supported
ModifyDBInstanceProject Modify the project name of the instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDBInstanceRenewFlag Modify instance renewal flag Operation level * Supported
ModifyDBInstanceSSL SSL encryption for operational instances Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDBInstanceSecurityGroups Modify the security group of instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDBInstanceZone ModifyDBInstanceZone Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDBRemark Modify database remark Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDReadOnlyWeight Modify the read-only weight of the standby machine in multiple standby and one read mode Resource level qcs::sqlserver::uin/${uin}:instance/${instanceId} Supported
ModifyDReadable Enable/disable read-only on standby machine Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDatabaseCDC Enable or disable database CDC Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDatabaseCT Enable or disable database CT Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDatabaseMdf Shrink database mdf Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDatabasePrivilege Modify database privilege Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyDatabaseShrinkMDF This interface (ModifyDatabaseShrinkDMF) is used to shrink the database MDF file (Shrink MDF). Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyIncrementalMigration Modify Increment Migration Job Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyInstanceEncryptAttributes Enabling the TDE encryption function of an instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyInstanceParam ModifyInstanceParam Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyMaintenanceSpan Modify the maintainable time window Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyMigration Modify the migration task Operation level * Supported
ModifyMultiInstanceDrNumber Modify the number of standby machines for a multi-node instance Resource level qcs::sqlserver::uin/${uin}:instance/${instanceId} Supported
ModifyOpenWanIp open domain Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyPublishSubscribeName Modify publish subscription relationship name Operation level * Supported
ModifyROGroupInfo Modify information for read-only groups Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
ModifyReadOnlyGroupDetails Modify ReadOnly Group Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
OfflineDBInstance Offline instance immediately Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
OpenInterCommunication This interface (OpenInterCommunication) is used to open the intercommunication of instances. Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
RecoveryPostInstance RecoveryPostInstance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
RecycleDBInstance Recycle Instance Immediately Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
RecycleReadOnlyGroup Recycle ReadOnly Group Immediately Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
RefreshCamPassword Manual refresh CAM password Resource level qcs::sqlserver:${Region}:uin/${uin}:instanceId/${instanceId} Supported
ReleaseOldVip Manual release old IP Resource level qcs::sqlserver::uin/${uin}:instance/${instanceId} Supported
RemoveBackups Delete backup files Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
RenewPostpaidDBInstanceSet Restoring Pay-As-You-Go instances in batches Resource level qcs::sqlserver:${region}:uin/${uin}:instance/$instanceId Supported
ResetAccountPassword Reset account password Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
RestartDBInstance Restart instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
RestoreInstance Rollback backup Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
RunMigration Start migration task Operation level * Supported
StartBackupMigration Start Backup Migration Job Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
StartIncrementalMigration Start Incremental Migration Job Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
StartInstanceXEvent Set the extended event threshold Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
SwitchCloudInstanceHA Instance manual master/slave switch Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
TerminateDBInstance Termination instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported

Other Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CompleteMigration Complete incremental migration tasks Operation level * Supported
StartMigrationCheck Check before starting the migration Operation level * Supported
StopMigration Stop migration task Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CreateDB This API (CreateDB) is used to create a database. Operation level * Supported
CreateDBInstances Create a high-availability instance (local disk) Operation level * not supported
DescribeAccountPrivilegeByDB Query the associated account name and permission information according to the database Operation level * Supported
DescribeAccounts This API (DescribeAccounts) is used to pull the instance account list. Operation level * Supported
DescribeBackupByFlowId Describe backup information by flow id Resource level qcs::sqlserver:$region:$account:instance/$instanceId Supported
DescribeBackupCommand Describe Create Backup Job Command Operation level * Supported
DescribeBackupMonitor Query backup space usage details Operation level * Supported
DescribeBackupSummary Query database backup overview information Operation level * Supported
DescribeBackupUploadSize Describe Backup File Size Resource level qcs::sqlserver:$region:$account:instance/$instanceId Supported
DescribeCollationTimeZone Query the system character set collation and system time zone Operation level * Supported
DescribeCrossRegionZone Describe the region and zone of the instance standby machine Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeCrossRegions query cross region backup target regions Operation level * Supported
DescribeDBCharsets DescribeDBCharsets Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeDBInstanceRealServerIp Query instance physical IP and port Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeDBInstanceRsip Query instance physical IP and port Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeDBInstances Query instance list Operation level * not supported
DescribeDBInstancesAttribute Querying instance attribute Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeDBPrivilegeByAccount Query the associated database list name collection and permission information according to the account Operation level * Supported
DescribeDBRestoreTime Query restore databases Operation level * Supported
DescribeDBSecurityGroups Describe the security group of instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeDRRegionZone DescribeDRRegionZone Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeDatabaseNames Query database name Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeDatabases Querying the list of databases. Operation level * Supported
DescribeFlowStatus Query flow status Operation level * Supported
DescribeInquiryPriceParameter This interface (DescribeInquiryPriceParameter) is used to query instance inquiry and charging parameters. The current interface queries the billing pa Operation level * Supported
DescribeInstanceLoginInfo Used for DMC describes instance attribute Resource level qcs::sqlserver::uin/${uin}:InstanceId/${instanceId} not supported
DescribeInstanceTradeParameter This interface (DescribeInstanceTradeParameter) is used to query the billing parameters of an instance. Operation level * Supported
DescribeMaintenanceSpan Query maintainable time window Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeMigrationDetail Query migration task details Operation level * Supported
DescribeMigrations DescribeMigrations Operation level * Supported
DescribeModifySpecSellStatus DescribeModifySpecSellStatus Resource level qcs::sqlserver::uin/${uin}:InstanceId/${instanceId} Supported
DescribeMultiAvailableZones Query the availability zones supported by the standby machines in a multi-node architecture Operation level * Supported
DescribeOrders Query transaction order Operation level * Supported
DescribeProductConfig Query sales specifications and configurations Operation level * Supported
DescribeProductSpec Query the selling specifications configuration for all regions. Operation level * not supported
DescribeProjectSecurityGroups Describe Project Security Groups Operation level * Supported
DescribePublicKey DescribePublicKey Operation level * Supported
DescribeROGroupAutoWeight Query the default value of weight in RO group Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeROGroupInfo Query read-only group details Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeReadOnlyGroupByReadOnlyInstance Describe ReadOnly Group By ReadOnly Instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeReadOnlyGroupDetails Describe ReadOnly Group Details Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeRegions DescribeRegions Operation level * Supported
DescribeResourceJNSGWRoute describe jnsgw address Resource level qcs::sqlserver::uin/${uin}:InstanceId/${InstanceId} not supported
DescribeRestoreTask Query the list of restore tasks Operation level * Supported
DescribeRestoreTimeRange Query the time range that can be rolled back according to time points Operation level * Supported
DescribeRollbackTime Query rollback time range Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeSlowlogs Describe slow logs lists Operation level * Supported
DescribeSpecSellStatus This interface (DescribeSpecSellStatus) is used to query the sales specification status information, including the sales status, reference price, etc. Operation level * Supported
DescribeUpgradeInstanceCheck Describe upgrade instance check Operation level * Supported
DescribeUploadBackupInfo Describe Upload Backup Info Resource level qcs::sqlserver:$region:$account:instance/$instanceId Supported
DescribeUploadIncrementalInfo Describe Increment Backup File Secret Key Resource level qcs::sqlserver:$region:$account:instance/$instanceId Supported
DescribeWhiteListForMonitor Query whether user Uin is in the whitelist Operation level * Supported
DescribeXEvents Query the extended event list Operation level * Supported
InquiryPriceCreateDBInstances Query the price of the instance you want to purchase Operation level * Supported
InquiryPriceRenewDBInstance Query renewal instance price Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
InquiryPriceUpgradeDBInstance Query upgrade instance price Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyAccountRemark Modify account remarks Operation level * Supported
ModifyDBName ModifyDBName Operation level * Supported
QueryMigrationCheckProcess Check the progress of the check before migration Operation level * Supported
RenewDBInstance Renewal instance Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
RenewPostpaidDBInstance The postpaid instance is recovered from the recycle bin Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
RollbackInstance RollbackInstance Operation level * Supported
UpgradeDBInstance Instance upgrade and downgrade operations Operation level * not supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeBackupFiles DescribeBackupFiles Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeBackupMigration Describe Backup Migration Job List Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeBackupStatistical Query the real-time backup statistics list Operation level * Supported
DescribeBackups Query backup list Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeBusinessIntelligenceFile This interface (DescribeBusinessIntelligenceFile) is used to query the file required by the business intelligence service. Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeCrossBackupStatistical Query the real-time cross-region backup statistics list Operation level * Supported
DescribeDBInstanceInter This interface (DescribeDBInstanceInter) is used to query the information of the interworking instance. Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeDBs Query database list Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeDBsNormal Query database configuration information Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeDatabasesNormal Query database configuration information Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeHASwitchLog Query the master/slave switch logs Operation level * Supported
DescribeIncrementalMigration Describe Increment Migration Job List Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeInstanceByOrders Query the corresponding instance ID according to the order number Operation level * Supported
DescribeInstanceParamRecords DescribeInstanceParamRecords Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeInstanceParams DescribeInstanceParams Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeInstanceTasks Query instance task list Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeMigrationDatabases Query a migratable database Operation level * Supported
DescribePublishSubscribe Query publish subscription relationship Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeROGroupByRoInstance Query read-only group information based on a read-only replica Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeROGroupList Query read-only group list Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeReadOnlyGroupList Describe ReadOnly Group List Resource level qcs::sqlserver:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeRegularBackupPlan Query instance regular backup retention plan Operation level * Supported
DescribeZones Query zone information Operation level * Supported
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support