Authorizable Resource Types

Download

Focus Mode

Font Size

Last updated: 2026-05-15 14:44:39

Resource-Level Permissions
Resource-level permissions refer to the ability to specify which resources a user has the capability to perform operations on. PostgreSQL partially supports resource-level permissions, meaning it allows users to perform operations or grants access to specific resources for user use.
The resource types that can be authorized for PostgreSQL in CAM are as follows:
Resource Type
Resource Description Method in Authorization Policies
Instance
 qcs::postgres:$region:$account:DBInstanceId/$DBInstanceId 
 qcs::postgres:$region:$account:DBInstanceId/*  
PostgreSQL Instance describes the PostgreSQL API operations that currently support resource-level permissions, as well as the resources and condition keys supported by each operation. When setting a resource path, you need to replace variables such as $region and $account with your actual parameter information. You can also use the * wildcard in the path. For related operation examples, refer to Console Examples.
Note:
For PostgreSQL API operations that do not support resource-level permissions, you can still grant users permission to use those operations. However, the resource element in the policy statement must be specified as *.
List of APIs That Do Not Support Resource-Level Permissions
API Operations
API Overview
CreateDBInstances
Creating an Instance
CreateServerlessDBInstance
Create a ServerlessDB Instance
DescribeOrders
Obtain Order Information.
DescribeRegions
Query the available regions for sale.
DescribeZones
Query the available zones for sale
DescribeProductConfig
Query the available specification configurations for sale.
InquiryPriceCreateDBInstances
Query the price for sale.
DescribeServerlessDBInstances
Query the ServerlessDB instance list.
List of APIs That Support Resource-Level Permissions
PostgreSQL Instances
ServerlessDB APIs
API Name
API Feature
CloseServerlessDBExtranetAccess
Disable the public network for the serverlessDB instance.
DeleteServerlessDBInstance
Delete a ServerlessDB Instance.
OpenServerlessDBExtranetAccess
Enable the public network for the ServerlessDB instance.
Backup and Recovery APIs
API Name
API Feature
DescribeDBBackups
Querying the Backup Task List of an Instance
DescribeDBErrlogs
Retrieve error logs.
DescribeDBSlowlogs
Retrieve slow query logs.
DescribeDBXlogs
Retrieve the Xlog list of an instance.
Instance APIs
API Name
API Feature
CloseDBExtranetAccess
Disable the public network connection for the instance.
DescribeDBInstanceAttribute
Querying instance details
DescribeDatabases
Retrieve the database list.
DestroyDBInstance
Terminating an instance.
InitDBInstances
Instance of Initializing
InquiryPriceRenewDBInstance
Querying instance upgrade prices
InquiryPriceUpgradeDBInstance
Querying instance upgrade prices.
ModifyDBInstanceName
Modify the instance name.
ModifyDBInstancesProject
Move the instance to another project.
OpenDBExtranetAccess
Enable the public network.
RenewInstance
Renewing an Instance
RestartDBInstance
Restarting an Instance
SetAutoRenewFlag
Enabling Auto-Renewal
UpgradeDBInstance
Upgrade the instance.
DescribeDBInstances
Queries the instance list
Account APIs
API Name
API Feature
DescribeAccounts
Obtain the instance user list.
ModifyAccountRemark
Modifying Account Remarks
ResetAccountPassword
Reset Account Password
﻿

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

tencent cloud

TencentDB for PostgreSQL

Authorizable Resource Types

Resource-Level Permissions

List of APIs That Do Not Support Resource-Level Permissions

List of APIs That Support Resource-Level Permissions

PostgreSQL Instances

Help and Support

Resource Type	Resource Description Method in Authorization Policies
Instance	`qcs::postgres:$region:$account:DBInstanceId/$DBInstanceId` `qcs::postgres:$region:$account:DBInstanceId/*`

API Operations	API Overview
CreateDBInstances	Creating an Instance
CreateServerlessDBInstance	Create a ServerlessDB Instance
DescribeOrders	Obtain Order Information.
DescribeRegions	Query the available regions for sale.
DescribeZones	Query the available zones for sale
DescribeProductConfig	Query the available specification configurations for sale.
InquiryPriceCreateDBInstances	Query the price for sale.
DescribeServerlessDBInstances	Query the ServerlessDB instance list.

API Name	API Feature
CloseServerlessDBExtranetAccess	Disable the public network for the serverlessDB instance.
DeleteServerlessDBInstance	Delete a ServerlessDB Instance.
OpenServerlessDBExtranetAccess	Enable the public network for the ServerlessDB instance.

API Name	API Feature
DescribeDBBackups	Querying the Backup Task List of an Instance
DescribeDBErrlogs	Retrieve error logs.
DescribeDBSlowlogs	Retrieve slow query logs.
DescribeDBXlogs	Retrieve the Xlog list of an instance.

API Name	API Feature
CloseDBExtranetAccess	Disable the public network connection for the instance.
DescribeDBInstanceAttribute	Querying instance details
DescribeDatabases	Retrieve the database list.
DestroyDBInstance	Terminating an instance.
InitDBInstances	Instance of Initializing
InquiryPriceRenewDBInstance	Querying instance upgrade prices
InquiryPriceUpgradeDBInstance	Querying instance upgrade prices.
ModifyDBInstanceName	Modify the instance name.
ModifyDBInstancesProject	Move the instance to another project.
OpenDBExtranetAccess	Enable the public network.
RenewInstance	Renewing an Instance
RestartDBInstance	Restarting an Instance
SetAutoRenewFlag	Enabling Auto-Renewal
UpgradeDBInstance	Upgrade the instance.
DescribeDBInstances	Queries the instance list

API Name	API Feature
DescribeAccounts	Obtain the instance user list.
ModifyAccountRemark	Modifying Account Remarks
ResetAccountPassword	Reset Account Password