tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TencentDB for SQL Server
    Documentation
    Download PDF

    Authorization Policy Syntax

    Last updated: 2024-01-18 17:23:30
    Download PDF

      Policy Syntax

      CAM Policy: 
      {	 
              "version":"2.0", 
              "statement": 
              [ 
                 { 
                    "effect":"effect", 
                    "action":["action"], 
                    "resource":["resource"], 
                     "condition": {"key":{"value"}} 
                 } 
             ] 
      }
      Version: This field must be filled in; currently only the value 2.0 is acceptable.
      Statement: Describes the detailed information of one or multiple permissions. It comprises permissions or collections of permissions for multiple other elements like effect, action, resource, and condition. Each policy contains just one statement element.
      Effect: This field must be filled in. It describes whether the outcome of a statement is Allow or Explicitly Deny. The outcome only includes these two scenarios.
      Action: This field must be filled in. It is used to describe the operation of Allow or Deny. An operation can be a API, which is prefixed with sqlserver:.
      Resource: This field must be filled in. It describes the specific data of authorization. The resource is described in a six-segment format. Detailed resource outlines can vary with different products.
      Condition: This field must be filled in. It describes the conditions under which the policy comes into effect. The conditions include an operator, an action key, and an action value. Condition values encompass time and IP addresses. Certain services also permit users to specify different values within these conditions.

      SQL Server Operations

      In the SQL Server policy statement, you can specify any API operation from any service supporting SQL Server. APIs prefixed with sqlserver: should be used for SQL Server, such as sqlserver:DescribeDBInstances or sqlserver:CreateAccount.
      To specify multiple operations within a single statement, please separate them with a comma as demonstrated below:
      "action":["sqlserver:action1","sqlserver:action2"]
      You may also use an asterisk wildcard to specify multiple operations. For instance, you can designate all the operations with the name beginning with Describe, as shown below: 
      "action":["sqlserver:Describe*"]
      To specify all the operations in SQL Server, please use an asterisk wildcard (*), as indicated below: 
      "action":["sqlserver:*"]

      SQL Server Resources

      Each CAM policy statement has its own resources. The typical format of resources is as follows:
      qcs:project_id:service_type:region:account:resource
      project_id: Describes the project information, which is only used to enable compatibility with legacy CAM logic and can be left empty.
      service_type: The product's abbreviation, such as sqlserver.
      region: Describes the regional information, such as ap-guangzhou.
      account: The root account information of the resource owner, such as uin/65xxx763.
      resource: Indicates the detailed resource information of each product, such as instance/instance_id1 or instance/*.
      For instance, you may use the specific instance (mssql-m8oh024t) to specify a resource in the statement as demonstrated below: 
      "resource":[ "qcs::sqlserver:ap-guangzhou:uin/65xxx763:instance/mssql-m8oh024t"]
      You could also employ an asterisk wildcard (*) to designate all instances pertaining to a certain account, as shown below: 
      "resource":[ "qcs::sqlserver:ap-guangzhou:uin/65xxx763:instance/*"]
      If you want to specify all the resources or if a specific API operation does not support resource-level permissions, you can utilize an asterisk wildcard (*) within the resource element as shown below: 
      "resource": ["*"]
      To specify multiple resources concurrently within a single command, segregate them with commas. The example of designation of two resources are as follows: 
      "resource":["resource1","resource2"]
      The table below describes the resources that can be utilized by SQL Server and their corresponding description methods. In this context, words prefixed with $ are considered placeholders. Region refers to a geographical area. Account signifies the account ID.
      Resources
      Resource Description Method in Authorization Policies
      Instances
      qcs::sqlserver:$region:$account:instance/$instanceId
      VPC
      qcs::vpc:$region:$account:vpc/$vpcId
      DFW
      qcs::cvm:$region:$account:sg/$sgId
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy