tencent cloud

TencentDB for TcaplusDB

Release Notes
Product Introduction
Product Overview
Benefits
Use Cases
Architecture
Regions
Purchase Guide
Product Pricing
Payment Overdue
Getting Started
Basic Concepts
Creating Cluster
Creating Table Group
Creating Table
Get Connection Information
Accessing TcaplusDB
Operation Guide
Managing Cluster and Table Group
Managing Table
Monitoring and Alarming
Access Management
Tag
Task List
TcaplusDB Client
Accessing by Client Tool
Client Tool Commands
TcaplusDB SDK
Release History
SDK Download
C++ SDK API
TcaplusDB Error Codes
SDK Installation
Directions for Protobuf Table SDK for C++
Directions for TDR Table SDK for C++
TcaplusDB RESTful APIs
Description
Go
Java
PHP
Python
Downloading RESTful API Samples in Multiple Languages
Practical Tutorial
Best Practice for Table Structure Design
Best Practice for Database Interaction
FAQs
Database Features
Database Use
Database Principles
API Documentation
History
Introduction
API Category
Making API Requests
Table Group APIs
Other APIs
Table APIs
Cluster APIs
Data Types
Error Codes
Service Agreement
Service Level Agreement
Terms of Service
Glossary
Contact Us
문서TencentDB for TcaplusDBOperation GuideAccess ManagementAuthorizable Resource Types

Authorizable Resource Types

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2024-12-04 10:12:05

Resource-Level Permission Overview

Resource-level permission can be used to specify which resources a user can manipulate. TcaplusDB supports certain resource-level permissions, i.e., allowing the user to perform operations or use specified resources.
In Cloud Access Management (CAM), the types of TcaplusDB resources that can be authorized are as follows:
Resource Type
Resource Description Method in Authorization Policy
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId
qcs::tcaplusdb:$region:$account:table/$tableId
The TcaplusDB cluster APIs, TcaplusDB table group APIs, and TcaplusDB table APIs sections below describe the TcaplusDB API operations which currently support resource-level permission control as well as the resources and condition keys supported by each operation. When setting the resource path, you need to replace the variable parameters such as $region and $account with your real parameter information. You can also use the \\* wildcard in the path. For related operation examples, please see TcaplusDB Access Control Examples.
For a TcaplusDB API operation that does not support authorization at the resource level, you can still authorize a user to perform it, but you must specify \\* as the resource element in the policy statement.

List of APIs Not Supporting Resource-Level Permission

API Operation
API Description
CreateBackup
Creates backup
CompareIdlFiles
Uploads and verifies table modification file
VerifyIdlFiles
Uploads and verifies table creation file
DescribeUinInWhitelist
Queries whether the current user is in the allowlist
DescribeRegions
Queries region list
DeleteIdlFiles
Deletes IDL description file
DescribeIdlFileInfos
Queries table description file details
DescribeIdlFileInfos
Queries task list

List of APIs Supporting Resource-Level Permission

TcaplusDB cluster APIs

API Operation
Resource Path
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId
qcs::tcaplusdb:$region:$account:cluster/*
qcs::tcaplusdb:$region:$account:cluster/$clusterId

TcaplusDB table group APIs

API Operation
Resource Path
qcs::tcaplusdb:$region:$account:tablegroup/*
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId
qcs::tcaplusdb:$region:$account:tablegroup/*
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId
qcs::tcaplusdb:$region:$account:tablegroup/*
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId
qcs::tcaplusdb:$region:$account:tablegroup/*
qcs::tcaplusdb:$region:$account:tablegroup/$clusterId/$tablegroupId

TcaplusDB table APIs

API Operation
Resource Path
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
qcs::tcaplusdb:$region:$account:table/*
qcs::tcaplusdb:$region:$account:table/$tableId
이전 주제: Overview다음 주제: Authorization Policy Syntax

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백