Release Notes and Announcements

Release Notes

Product Announcements

Product Introduction

Overview

Features

Strengths

Scenarios

Information Security

Regions and AZs

Product Feature List

Large version lifecycle description

MSSQL Compatible Version

Billing

Billing Overview

Instance Type and Specification

Purchase Methods

Refund

Overdue Payments

Backup Space Billing

Database Audit Billing Overview

Getting Started

Creating TencentDB for PostgreSQL Instance

Connecting to TencentDB for PostgreSQL Instance

Managing TencentDB for PostgreSQL Instance

Importing Data

Migrating Data with DTS

Kernel Version Introduction

Kernel Version Overview

Kernel Version Release Notes

Viewing Kernel Version

Proprietary Kernel Features

Database Audit

Audit Service Description

Activating Audit Service

View Audit Logs

Modify audit services

Audit Performance Description

User Guide

Instance Management

Upgrading Instance

CPU Elastic Scaling

Read-Only Instance

Account Management

Database Management

Parameter Management

Log Management and Analysis

Backup and Restoration

Data Migration

Extension Management

Network Management

Access Management

Data Security

Tenant and Resource Isolation

Security Groups

Monitoring and Alarms

Tag

AI Practice

Using the Tencentdb_ai Plug-In to Call Large Models

Building Ai Applications with the Tencentdb Ai Plug-In

Combining Supabase to Quickly Build Backend Service Based on TencentDB for PostgreSQL

Use Cases

postgres_fdw Extension for Cross-database Access

Automatically Creating Partition in PostgreSQL

Searching in High Numbers of Tags Based on pg_roaringbitmap

Querying People Nearby with One SQL Statement

Configuring TencentDB for PostgreSQL as GitLab's External Data Source

Supporting Tiered Storage Based on cos_fdw Extension

Implement Read/Write Separation via pgpool

Implementing Slow SQL Analysis Using the Auto_explain Plugin

Using pglogical for Logical Replication

Using Debezium to Collect PostgreSQL Data

Set Up a Remote Disaster Recovery Environment for PostgreSQL Locally on CVM

Read-Only Instance and Read-Only Group Practical Tutorial

How to Use SCF for Scheduled Database Operations

Fix Table Bloat

Performance White Paper

Test Methods

Test Results

API Documentation

History

Introduction

API Category

Making API Requests

Instance APIs

Read-only Replica APIs

Backup and Recovery APIs

Parameter Management APIs

Security Group APIs

Performance Optimization APIs

Account APIs

Specification APIs

Network APIs

Data Types

Error Codes

FAQs

Service Agreement

Service Level Agreement

Glossary

Console Examples

PDF

Mode fokus

Ukuran font

Terakhir diperbarui: 2025-09-10 22:18:28

Overview
You can grant a user permissions to view and use specific resources in the TencentDB for PostgreSQL console by using Cloud Access Management (CAM) policies. This document provides examples to describe how to create and use such policies to grant these permissions.
Directions
Note: 
To grant a user only the permissions of specific APIs, at least the permissions of the following APIs must be granted, or else the console fails to display correctly.
The sample code of action is as follows:
"action":  [
"postgres:DescribeProductConfig",
"postgres:InquiryPriceCreateDBInstances",
"postgres:DescribeRegions",
"postgres:DescribeZones"
]
To grant a user the permissions to monitor and view instances, the API permissions related to monitoring needs to be granted. The sample code of action is as follows:
{"effect": "allow",
"action":  [
"monitor:Get*",
"monitor:Describe*"
],
"resource": "*"
}
Full read/write permission policy for PostgreSQL
To grant a user permissions to create and manage PostgreSQL instances, you can associate the QcloudPostgreSQLFullAccess policy with the user.
This policy grants the user permissions to operate all PostgreSQL resources. You can find more details below:
Associate the default policy QcloudPostgreSQLFullAccess with the user as instructed in Authorization Management.
Read-only permission policy for PostgreSQL
To grant a user permissions to only view PostgreSQL instances, you can associate the QcloudPostgreSQLReadOnlyAccess policy with the user. Users assigned will not have the access to create, delete, or modify PostgreSQL instances.
This policy grants the user permissions of all PostgreSQL operations that begin with the word "Describe" or "Inquiry". The detailed steps are as follows:
Associate the default policy PostgreSQL with the user as instructed in Authorization Management.
Policy for granting a user permissions to operate specific PostgreSQL instances
To grant a user permissions to operate specific PostgreSQL instances, you can associate the following policy with the user. The detailed steps are as follows:
1. Create a custom policy as instructed in Policy.
The example policy syntax is as follows. This example policy grants a user permissions of all operations on the PostgreSQL instance whose ID is "postgres-0xxxx8e".
{
 "version": "2.0",
 "statement": [
     {
         "action": "postgres:*",
         "resource": "qcs::postgres:ap-shanghai:103xxx1481:DBInstanceId/postgres-0xxxx8e",
         "effect": "allow"
     }
 ]
}
2. Locate the created policy and click Bind User/Group in the "Operation" column.
3. In the pop-up window, select the user/group you want to authorize and click OK.
Policy for granting a user permissions to use all PostgreSQL resources
To grant a user permissions to use all PostgreSQL resources, you can associate the following policy with the user. The detailed steps are as follows:
1. Create a custom policy as instructed in Policy.
The example policy syntax is as follows. This example policy grants a user permissions to operate all PostgreSQL resources.
{
 "version": "2.0",
 "statement": [
     {
         "action": "postgres:*",
         "resource": "qcs::postgres:::*",
         "effect": "allow"
     }
 ]
}
2. Locate the created policy and click Bind User/Group in the "Operation" column.
3. In the pop-up window, select the user/group you want to authorize and click OK.
Policy for denying a user permissions to operate specific PostgreSQL instances
To deny a user permissions to operate specific PostgreSQL instances, you can associate the following policy with the user. The detailed steps are as follows:
1. Create a custom policy as instructed in Policy.
The example policy syntax is as follows. This example policy denies a user permissions to operate the PostgreSQL instances whose IDs are "postgres-c8xxxa4" and "postgres-d8xxxb4" respectively.
{
 "version": "2.0",
 "statement": [
     {
         "action": "postgres:*",
         "resource": [
                     "qcs::postgres::16xxx472:DBInstanceId/postgres-c8xxxa4",
                     "qcs::postgres::16xxx472:DBInstanceId/postgres-d8xxxb4",
                     ],
         "effect": "deny"
     }
 ]
}
2. Locate the created policy and click Bind User/Group in the "Operation" column.
3. In the pop-up window, select the user/group you want to authorize and click OK.
Custom policies
If preset policies do not meet your requirements, you can create custom policies as needed.
For detailed instructions, see Policy.
For more PostgreSQL-related policy syntax, see Access Policy Syntax.

Bantuan dan Dukungan

Apakah halaman ini membantu?

Anda juga dapat Menghubungi Penjualan atau Mengirimkan Tiket untuk meminta bantuan.

masukan

tencent cloud

TencentDB for PostgreSQL

Console Examples

Overview

Directions

Full read/write permission policy for PostgreSQL

Read-only permission policy for PostgreSQL

Policy for granting a user permissions to operate specific PostgreSQL instances

Policy for granting a user permissions to use all PostgreSQL resources

Policy for denying a user permissions to operate specific PostgreSQL instances

Custom policies

Bantuan dan Dukungan