TencentDB for MongoDB
Last updated: 2025-12-04 09:12:08
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Cloud MongoDB | mongodb | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AssignProject | AssignProject | Operation level | * | Supported |
| CloseAuditService | CloseAuditService | Resource level | qcs::mongodb:${Region}:uin/:instance/${InstanceId} | Supported |
| CreateAccountUser | CreateAccountUser | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| CreateAuditLogFile | CreateAuditLogFile | Resource level | qcs::mongodb:${Region}::instance/${InstanceId} | Supported |
| CreateBackupDBInstance | CreateBackupDBInstance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| CreateBackupDownloadTask | Create Backup DownloadTask | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| CreateDBInstance | CreateDBInstance | Resource level | qcs::mongodb::uin/${uin}:instance/* qcs::vpc::uin/${uin}:vpc/${vpcId} qcs::vpc::uin/${uin}:subnet/${subnetId} qcs::cvm::uin/${uin}:sg/${sgId} |
not supported |
| CreateDBInstanceHour | CreateDBInstanceHour | Resource level | qcs::mongodb::uin/${uin}:instance/* qcs::vpc::uin/${uin}:vpc/${vpcId} qcs::vpc::uin/${uin}:subnet/${subnetId} qcs::cvm::uin/${uin}:sg/${sgId} |
Supported |
| CreateDBInstanceParamTpl | Create database parameter template | Operation level | * | Supported |
| CreateLogDownloadTask | CreateLogDownloadTask | Resource level | qcs::mongodb:${Region}:uin/${uin}:instance/$instance | Supported |
| CreateOplogDownloadTask | CreateOplogDownloadTask | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | not supported |
| CreateSlowLogDownloadTask | CreateSlowLogDownloadTask | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DeleteAccountUser | Delete Account User | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DeleteAuditLogFile | DeleteAuditLogFile | Resource level | qcs::mongodb:${Region}::instance/${InstanceId} | Supported |
| DeleteDBBackups | DeleteDBBackups | Resource level | qcs::mongodb::uin/${uin}:instance/${instance} | not supported |
| DeleteLogDownloadTask | DeleteLogDownloadTask | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DeleteSlowLogDownloadTask | DeleteSlowLogDownloadTask | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DisableInstanceSharedWanService | disable instance quick external network access service | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| DisablePasswordRotation | DisablePasswordRotation | Resource level | qcs::mongodb::uin/${uin}:instance/${InstanceId} | Supported |
| DisableWanService | DisableWanService | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DropDBInstanceParamTpl | Drop database parameter template | Operation level | * | Supported |
| EnablePasswordRotation | EnablePasswordRotation | Resource level | qcs::mongodb::uin/${uin}:instance/${InstanceId} | Supported |
| EnableTransparentDataEncryption | Enable data transparent encryption for mongo instances | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| EnableWanService | EnableWanService | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| FlashBackDBInstance | Execute flashback by key | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| FlushInstanceRouterConfig | FlushInstanceRouterConfig | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| InquirePriceCreateDBInstances | Inquire Price Create DBInstances | Operation level | * | Supported |
| InquirePriceModifyDBInstanceSpec | InquirePriceModifyDBInstanceSpec | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| InquirePriceRenewDBInstances | InquirePriceRenewDBInstances | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| InstanceEnableSSL | InstanceEnableSSL | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| InstanceRenewCert | InstanceRenewCert | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| IsolateDBInstance | IsolateDBInstance | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| KillOps | KillOps | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| ModifyAuditService | ModifyAuditService | Resource level | qcs::mongodb:${Region}::instance/${InstanceId} | Supported |
| ModifyDBInstanceNetworkAddress | ModifyDBInstanceNetworkAddress | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| ModifyDBInstanceParamTpl | Modify database parameter template | Operation level | * | Supported |
| ModifyDBInstanceSecurityGroup | ModifyDBInstanceSecurityGroup | Resource level | qcs::mongodb::uin/${uin}:instance/$instance qcs::cvm::uin/${uin}:sg/${sgId} |
Supported |
| ModifyDBInstanceSpec | ModifyDBInstanceSpec | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| ModifyInstanceParams | ModifyInstanceParams | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| ModifySharedWanIpWhitelist | Modify instance quick external network access IP whitelist | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| OfflineIsolatedDBInstance | Offline Isolated DB Instance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| OpenAuditService | OpenAuditService | Resource level | qcs::mongodb:${Region}::instance/${InstanceId} | Supported |
| RenameInstance | RenameInstance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| RenewDBInstances | RenewDBInstances | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| ResetDBInstancePassword | ResetDBInstancePassword | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| ResetInstancePassword | ResetInstancePassword | Resource level | qcs::mongodb::uin/${uin}:instance/${UserResourceId} | not supported |
| RestartNodes | restart nodes | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| RestoreDBInstance | RestoreDBInstance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| SetAccountUserPrivilege | SetA ccountUser Privilege | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| SetAutoRenew | Set Auto Renew | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| SetBackupRules | set backup rules | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| SetDBInstanceAuthStatus | SetDBInstanceAuthStatus | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| SetDBInstanceDeletionProtection | set mongo instances deletion protection | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| SetInstanceMaintenance | Set Instance Maintenance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| SetMultiRegionBackup | SetMultiRegionBackup | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| SetPassword | Set Password | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| TerminateDBInstance | Terminate DB Instance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| TerminateDBInstances | TerminateDBInstances | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| UpdateFlashbackExpireTime | Update the expiration time of the log flashback by key | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| UpgradeDBInstanceKernelVersion | This interface (UpgradeDBInstanceKernelVersion) is used to upgrade the database instance kernel version. | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckMigrateInstanceToCloudBase | check whether the migration instance can be migrated to the cloudbase | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| CheckShardRemoval | CheckShardRemoval | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DescribeAccountUsers | DescribeAccountUsers | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DescribeAsyncRequestInfo | DescribeAsyncRequestInfo | Operation level | * | Supported |
| DescribeAuditInstanceList | This API (DescribeAuditInstanceList) can query the list of audit instances that are activated and deactivated | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| DescribeBackupDownloadTask | DescribeBackupDownloadTask | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeBackupRules | DescribeBackupRules | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DescribeClientConnections | DescribeClientConnections | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeCurrentOp | DescribeCurrentOp | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeDBBackups | Describe DB Backups | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeDBInstanceDeal | DescribeDBInstanceDeal | Operation level | * | Supported |
| DescribeDBInstanceDeletionProtection | DescribeDBInstanceDeletionProtection | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeDBInstanceHealth | DescribeDBInstanceHealth | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeDBInstanceNodeProperty | describe DB instance node property | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeDBInstanceParamTpl | Query all MongoDB database parameter templates under an account | Operation level | * | Supported |
| DescribeDBInstanceParamTplDetail | Query parameter template details | Operation level | * | Supported |
| DescribeDBInstanceURL | describe DB Instance URL | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeDBInstanceVersion | This interface is used to obtain the kernel version information of the MongoDB instance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeDBInstances | DescribeDBInstances | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | not supported |
| DescribeDBOplogList | DescribeDBOplogList | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | not supported |
| DescribeDbTknPwdRules | DescribeDbTknPwdRules | Resource level | qcs::mongodb::uin/${uin}:instance/${UserResourceId} | not supported |
| DescribeDbTknResource | DescribeDbTknResource | Resource level | qcs::mongodb::uin/${uin}:instance/${UserResourceId} | not supported |
| DescribeDetailedSlowLogs | DescribeDetailedSlowLogs | Resource level | qcs::mongodb::uin/${uin}:instance/${instance} | Supported |
| DescribeFlashbackStatus | Get the status of flashback by key | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DescribeInstanceParamRecords | DescribeInstanceParamRecords | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeInstanceParams | DescribeInstanceParams | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeInstanceSSL | DescribeInstanceSSL | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DescribeInstanceTaskInfo | DescribeInstanceTaskInfo | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | not supported |
| DescribeLogDownloadTasks | DescribeLogDownloadTasks | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| DescribeMigrateInstanceDetail | migrate instance to the cloudbase, describe migration details | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| DescribeMongodbLogs | DescribeMongodbLogs | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeSecurityGroup | DescribeSecurityGroup | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeSharedWanIpWhitelist | Obtain the IP whitelist for quick external network access of the instance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| DescribeSlowLog | Describe Slow Log | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeSlowLogPatterns | DescribeSlowLogPatterns | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeSlowLogs | DescribeSlowLogs | Resource level | qcs::mongodb::uin/${uin}:instance/$instance | Supported |
| DescribeSpecInfo | DescribeDBInstanceDeal | Operation level | * | not supported |
| DescribeTransparentDataEncryptionStatus | Get whether transparent data encryption is turned on for the current instance | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeWanServiceHealth | Describe WanService Health | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | Supported |
| GetPublicKey | GetPublicKey | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeDBInstanceSummaries | DescribeDBInstanceSummaries | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| DescribeDBInstancesWithSecurityGroup | DescribeDBInstancesWithSecurityGroup | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/$instance | not supported |
| DescribeSlowLogPattern | Describe SlowLog Parttern | Resource level | qcs::mongodb:${region}:uin/${uin}:instance/${instance} | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback