- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Access Key
- User Groups
- Role
- Policies
- Troubleshooting
- Permissions Boundary
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Natural Language Processing
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Best Practice
- Security Best Practice
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to COS Resources under the Account
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Read-only Access to VPCs
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- User APIs
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSafeAuthFlagColl
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Access Key
- User Groups
- Role
- Policies
- Troubleshooting
- Permissions Boundary
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Natural Language Processing
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Best Practice
- Security Best Practice
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to COS Resources under the Account
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Read-only Access to VPCs
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- User APIs
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSafeAuthFlagColl
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
TencentDB for TcaplusDB
Last updated: 2024-05-02 09:09:30
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| TencentDB for TcaplusDB | tcaplusdb | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddSyncDBInstance | Add the cdb instance for sync table | Operation level | * | Supported |
| ClearTables | Truncate table | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | Supported |
| CompareIdlFiles | Upload and verify the file | Operation level | * | Supported |
| CreateBackup | Create backup | Operation level | * | Supported |
| CreateCluster | Create cluster | Resource level | qcs::tcaplusdb:$region:$account:cluster/* | Supported |
| CreateSnapshots | Create Snapshot | Operation level | * | Supported |
| CreateTableGroup | Create table Group | Resource level | qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/* | Supported |
| CreateTables | Create tables in batches | Resource level | qcs::tcaplusdb:$region:$account:cluster/$clusterId/tablegroup/$tablegroupId/* | Supported |
| DeleteBackupRecords | DeleteBackupRecords | Operation level | * | Supported |
| DeleteCluster | Delete cluster | Resource level | qcs::tcaplusdb:$region:$account:cluster/$clusterId | Supported |
| DeleteIdlFiles | Delete IDL description file | Operation level | * | Supported |
| DeleteSnapshots | Delete Snapshot | Operation level | * | Supported |
| DeleteSyncDBInstance | Delete the sync database instance in tcaplusdb cluster | Operation level | * | Supported |
| DeleteTableDataFlow | DeleteTableDataFlow | Operation level | * | Supported |
| DeleteTableGroup | Delete table group | Resource level | qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId | Supported |
| DeleteTableIndex | delete TcaplusDB global distributed index | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | not supported |
| DeleteTables | Delete table | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | Supported |
| DisableRestProxy | disable restful api | Operation level | * | Supported |
| EnableRestProxy | enable restful api | Operation level | * | Supported |
| ImportSnapshots | Import Snapshot | Operation level | * | Supported |
| MergeTablesData | MergeTablesData | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | Supported |
| ModifyCensorship | ModifyCensorship | Resource level | qcs::tcaplusdb:$region:$account:cluster/$clusterId | Supported |
| ModifyClusterName | Modify the cluster name | Resource level | qcs::tcaplusdb:$region:$account:cluster/$clusterId | Supported |
| ModifyClusterPassword | Change the cluster password | Resource level | qcs::tcaplusdb:$region:$account:cluster/$clusterId | Supported |
| ModifyClusterTags | Modify tags of cluster | Resource level | qcs::tcaplusdb:$region:$account:cluster/$clusterId | Supported |
| ModifySnapshots | Modify Snapshot | Operation level | * | Supported |
| ModifyTableGroupName | Modify table group name | Resource level | qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId | Supported |
| ModifyTableGroupTags | Modify tags of table group | Resource level | qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId | Supported |
| ModifyTableMemos | Modify note of table | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | Supported |
| ModifyTableQuotas | Table expansion and reduction | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | not supported |
| ModifyTableTags | Modify tags of table | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | not supported |
| ModifyTables | Modify table structure in batch | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | Supported |
| RecoverRecycleTables | Recovering tables from Recycle Bin | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | Supported |
| RollbackTables | Form data rollback | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | not supported |
| SetBackupExpireRule | SetBackupExpireRule | Operation level | * | Supported |
| SetSyncTable | Set the info for sync data of tcaplus table to cdb | Operation level | * | Supported |
| SetSyncTableStatus | Set the status for sync table, 1 for on processing, 2 for close, -1 for delete | Operation level | * | Supported |
| SetTableDataFlow | SetTableDataFlow | Operation level | * | Supported |
| SetTableIndex | create and modify TcaplusDB global distributed index | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | Supported |
| UpdateApply | UpdateApply | Operation level | * | Supported |
| VerifyIdlFiles | Upload and verify creation form file | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeApplications | DescribeApplications | Operation level | * | Supported |
| DescribeBackupRecords | DescribeBackupRecords | Operation level | * | Supported |
| DescribeClusterTags | Querying tags of cluster | Resource level | qcs::tcaplusdb:$region:$account:cluster/$clusterId | not supported |
| DescribeClusters | Querying Cluster Information | Resource level | qcs::tcaplusdb:$region:$account:cluster/$clusterId | not supported |
| DescribeIdlFileInfos | Querying table description file details | Operation level | * | Supported |
| DescribeMachine | DescribeMachine | Operation level | * | Supported |
| DescribeRegions | Query the list of regions | Operation level | * | Supported |
| DescribeSnapshots | Describe Snapshot | Operation level | * | Supported |
| DescribeSyncDBInstances | Query the sync database instances in tcaplusdb cluster | Resource level | qcs::tcaplusdb:${region}:uin/${uin}:cluster/$clusterId | not supported |
| DescribeTableGroupTags | Querying tags of table group | Resource level | qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId | not supported |
| DescribeTableGroups | Query table Group List | Resource level | \tqcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId | not supported |
| DescribeTableTags | Querying tags of table | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | not supported |
| DescribeTables | Querying table details | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | not supported |
| DescribeTablesInRecycle | Querying Table in the Recycle Bin | Resource level | qcs::tcaplusdb:$region:$account:table/$tableId | not supported |
| DescribeTasks | Query task list | Operation level | * | Supported |
| DescribeUinInWhitelist | Check if this user is in the white list | Operation level | * | Supported |
Yes
No
Was this page helpful?