Authorizable Resources and Operation APIs
Last updated:2025-04-29 22:25:02
Basic Information
The authorization granularity of cloud products in CAM can be divided into three levels according to the granularity: service level, operation level, and resource level.
Service level: This defines whether access permissions are authorized to the overall service. It can be divided into allowing full operation permissions for the service or denying all operation permissions for the service. Cloud products with service-level authorization granularity do not support authorizing specific APIs.
Operation level: This defines whether access permissions are authorized to specific APIs of the service. For example: Authorizing a certain account to perform read-only operations on the Cloud Virtual Machine (CVM) service .
Resource level: This defines whether access permissions are authorized to a specific resource. This is the finest level of authorization granularity. For example: Authorizing a certain account to perform only read and write operations on a CVM instance. Products that can support resource-level API authorization are identified as having resource-level authorization granularity.
The API authorization granularity of the TencentDB for CTSDB 3.0 is divided into two levels: resource level and operation level.
Resource-level API: This type of API supports authorization for a specific resource.
Operation-level API: This type of API does not support authorization for a specific resource. If the policy syntax specifies a specific resource during authorization, CAM will judge that this API is not in the authorization scope, that is, it is judged as lacking permission.
Write Operations
API Name | API Description | Authorization Granularity | Six-Segment Resource Style |
CreateCluster | Creating an instance | Operation level | * |
DestroyCluster | Deleting an instance | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
CreateDatabase | Creating a database | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
DestroyDatabase | Deleting a database | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
ModifyAccountPassword | Modifying the account password | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
ModifyCluster | Modifying the instance information | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
ModifyClusterHorizontalDowngrade | Scaling in an instance horizontally | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
ModifyClusterHorizontalUpgrade | Scaling out an instance horizontally | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
ModifyClusteVerticalDowngrade | Vertically downgrading an instance | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
ModifyClusterVerticalUpgrade | Vertically upgrading an instance | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
ModifyDatabase | Changing database configuration | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
ModifyClusterSecurity | Modifying an instance security group | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
Read Operations
API Name | API Description | Authorization Granularity | Six-Segment Resource Style |
DescribeAccounts | Viewing the account list | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
DescribeDatabases | Querying a database instance | Resource level | qcs::ctsdb:${region}:uin/${uin}:instance/$instanceId |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback