策略授权参考
本章节介绍DBSS策略授权场景下支持的策略授权项。
支持的授权项
策略包含系统策略和自定义策略,如果系统策略不满足授权要求,管理员可以创建自定义策略,并通过给用户组授予自定义策略来进行精细的访问控制。策略支持的操作与API相对应,授权项列表说明如下:
- 权限:允许或拒绝某项操作。
- 对应API接口:自定义策略实际调用的API接口。
- 授权项:自定义策略中支持的Action,在自定义策略中的Action中写入授权项,可以实现授权项对应的权限功能。
- 依赖的授权项:部分Action存在对其他Action的依赖,需要将依赖的Action同时写入授权项,才能实现对应的权限功能。
- IAM项目(Project)/企业项目(Enterprise Project):自定义策略的授权范围,包括IAM项目与企业项目。授权范围如果同时支持IAM项目和企业项目,表示此授权项对应的自定义策略,可以在IAM和企业管理两个服务中给用户组授权并生效。如果仅支持IAM项目,不支持企业项目,表示仅能在IAM中给用户组授权并生效,如果在企业管理中授权,则该自定义策略不生效。管理员可以在授权项列表中查看授权项是否支持IAM项目或企业项目,“√”表示支持,“×”表示暂不支持。关于IAM项目与企业项目的区别,详情请参见:IAM与企业管理的区别。
DBSS的支持自定义策略授权项如下所示:
生命周期管理
|
权限 |
对应API接口 |
授权项(Action) |
依赖的授权项 |
IAM项目 (Project) |
企业项目 (Enterprise Project) |
|---|---|---|---|---|---|
|
授予权限以查询SQL注入规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rules POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/list-rules POST /dbss/v1/{project_id}/{instance_id}/dbss/audit/rule/sql-injections |
dbss:auditInstance:listSqlInjectRules |
- |
√ |
√ |
|
授予权限以获取审计结果信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/sqls POST /dbss/v1/{project_id}/{instance_id}/audit/sqls/list-sqls GET /dbss/v1/{project_id}/{instance_id}/audit/sqls/{sql_statement_id} |
dbss:auditInstance:listSqls |
- |
√ |
√ |
|
授予权限以开启或关闭sql注入策略。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rule/switch POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/switch |
dbss:auditInstance:switchSqlInjectRule |
- |
√ |
√ |
|
授予权限以添加自定义sql注入规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rule POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql |
dbss:auditInstance:addSqlInjectRule |
- |
√ |
√ |
|
授予权限以对sql规则优先级进行排序。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rules/rank POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/rank-sql |
dbss:auditInstance:orderSqlInjectRule |
- |
√ |
√ |
|
授予权限以立即生成报表。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/reports POST /dbss/v1/{project_id}/{instance_id}/audit/reports/results/create-report |
dbss:auditInstance:createReporter |
- |
√ |
√ |
|
授予权限以查询报表信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/reports/list POST /dbss/v1/{project_id}/{instance_id}/audit/reports/list-reports GET /dbss/v1/{project_id}/{instance_id}/audit/reports/templates GET /dbss/v1/{project_id}/{instance_id}/audit/reports/list-templates |
dbss:auditInstance:listReporters |
- |
√ |
√ |
|
授予权限以查询指定风险规则策略。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/{risk_id} GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/rule/risk/{risk_id} |
dbss:auditInstance:getRiskRuleDetail |
- |
√ |
√ |
|
授予权限以查询告警邮件信息。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/operation/emails GET /dbss/v1/{project_id}/{instance_id}/audit/operation/list-emails |
dbss:auditInstance:listAlarmEmails |
- |
√ |
√ |
|
授予权限以下载报表。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/reports/{report_id} GET /dbss/v1/{project_id}/{instance_id}/audit/reports/results/{report_id}/download-report |
dbss:auditInstance:downloadReporter |
- |
√ |
√ |
|
授予权限以查询审计范围策略列表。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/rule/scopes GET /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/list-scope GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/rule/scopes |
dbss:auditInstance:listAuditScopeRules |
- |
√ |
√ |
|
授予权限以添加隐私数据保护规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/masks POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/add-rule |
dbss:auditInstance:addSensitiveRule |
- |
√ |
√ |
|
授予权限以编辑隐私数据保护规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/masks/{rule_id} POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/{rule_id}/edit-rule |
dbss:auditInstance:editSensitiveRule |
- |
√ |
√ |
|
授予权限以删除报表。 |
DELETE /dbss/v1/{project_id}/{instance_id}/audit/reports/{report_id} DELETE /dbss/v1/{project_id}/{instance_id}/audit/reports/results/{report_id}/delete-report |
dbss:auditInstance:deleteReporter |
- |
√ |
√ |
|
授予权限以查询用户操作日志信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/general/operate-log POST /dbss/v1/{project_id}/{instance_id}/dbss/audit/operate-log |
dbss:auditInstance:listOperateLog |
- |
√ |
√ |
|
授予权限以查询审计实例监控信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/operation/monitorinfo POST /dbss/v1/{project_id}/{instance_id}/audit/operation/get-monitorinfo |
dbss:auditInstance:listMonitorInfos |
- |
√ |
√ |
|
授予权限以查询审计实例会话信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/sessionstatistics/clientsession POST /dbss/v1/{project_id}/{instance_id}/audit/sessionstatistics/list-clientsession POST /dbss/v1/{project_id}/{instance_id}/audit/sessionstatistics/accountsession POST /dbss/v1/{project_id}/{instance_id}/audit/sessionstatistics/list-accountsession |
dbss:auditInstance:listSessionInfo |
- |
√ |
√ |
|
授予权限以开启或关闭备份功能。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/stop POST /dbss/v1/{project_id}/{instance_id}/audit/backup/stop-backup POST /dbss/v1/{project_id}/{instance_id}/audit/backup/start POST /dbss/v1/{project_id}/{instance_id}/audit/backup/start-backup POST /dbss/v1/{domain_id}/{instance_id}/audit/backup/global/switch |
dbss:auditInstance:switchBackup |
dbss:auditInstance:getBackupConfig |
√ |
√ |
|
授予权限以下载销售许可证。 |
GET /dbss/v1/{project_id}/dbss/saleslicense/download GET /dbss/v1/{project_id}/dbss/download-saleslicense |
dbss::downloadLicense |
- |
√ |
√ |
|
授予权限以删除审计实例创建失败的任务。 |
DELETE /dbss/v1/{project_id}/dbss/audit/job/{failed_id} DELETE /dbss/v1/{project_id}/dbss/audit/delete-job/{failed_id} |
dbss::deleteAuditInstanceJob |
- |
√ |
√ |
|
授予权限以查询RDS数据库。 |
GET /dbss/v2/{project_id}/audit/databases/rds POST /dbss/v1/{project_id}/dbss/audit/rds-instance POST /dbss/v1/{project_id}/dbss/audit/guassDbInstance |
dbss::listRdsDb |
- |
√ |
√ |
|
授予权限以开启审计实例。 |
POST /dbss/v1/{project_id}/dbss/audit/instance/start POST /dbss/v1/{project_id}/dbss/audit/start-instance |
dbss:auditInstance:instanceStart |
- |
√ |
√ |
|
授予权限以重启审计实例。 |
POST /dbss/v1/{project_id}/dbss/audit/instance/reboot POST /dbss/v1/{project_id}/dbss/audit/reboot-instance |
dbss:auditInstance:reboot |
- |
√ |
√ |
|
授予权限以关闭审计实例。 |
POST /dbss/v1/{project_id}/dbss/audit/instance/stop POST /dbss/v1/{project_id}/dbss/audit/stop-instance |
dbss:auditInstance:stop |
- |
√ |
√ |
|
授予权限以升级审计实例。 |
POST /dbss/v1/{project_id}/dbss/{instance_id}/audit/upgrade |
dbss:auditInstance:upgrade |
- |
√ |
√ |
|
授予权限以查询审计实例升级状态。 |
GET /dbss/v1/{project_id}/dbss/audit/upgrade/status |
dbss::queryUpgradeStatus |
- |
√ |
√ |
|
授予权限以修改审计实例安全组。 |
POST /dbss/v1/{project_id}/dbss/audit/securitygroup POST /dbss/v1/{project_id}/dbss/audit/update-securitygroup POST /dbss/v1/{project_id}/dbss/audit/security-group |
dbss:auditInstance:updateSecurityGroup |
- |
√ |
√ |
|
授予权限以修改审计实例审计属性。 |
PUT /dbss/v1/{project_id}/dbss/audit/instances/{instance_id} POST /dbss/v1/{project_id}/dbss/audit/update-instance/{instance_id} |
dbss:auditInstance:modifyAttribute |
- |
√ |
√ |
|
授予权限以下载agent。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/operation/agent/{agent_id}/download GET /dbss/v1/{project_id}/{instance_id}/audit/operation/download-agent/{agent_id} GET /dbss/v2/{project_id}/{instance_id}/audit/agents/{agent_id} |
dbss:auditInstance:downloadAgent |
- |
√ |
√ |
|
授予权限以开启或关闭Agent。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/agent/switch |
dbss:auditInstance:switchAgent |
- |
√ |
√ |
|
授予权限以获取agent列表。 |
GET /dbss/v2/{project_id}/{instance_id}/audit/agents GET /dbss/v1/{project_id}/{instance_id}/audit/agents/{db_id} GET /dbss/v1/{project_id}/{instance_id}/audit/agent/get-agent |
dbss:auditInstance:listAgents |
- |
√ |
√ |
|
授予权限以删除agent。 |
DELETE /dbss/v1/{project_id}/{instance_id}/audit/agents/{db_id}/{agent_id} DELETE /dbss/v2/{project_id}/{instance_id}/audit/agents/{agent_id} POST /dbss/v1/{project_id}/{instance_id}/audit/agent/del-agent |
dbss:auditInstance:deleteAgent |
- |
√ |
√ |
|
授予权限以添加agent。 |
POST /dbss/v2/{project_id}/{instance_id}/audit/agents POST /dbss/v1/{project_id}/{instance_id}/audit/agents POST /dbss/v1/{project_id}/{instance_id}/audit/agent/add-agent POST /dbss/v1/{project_id}/{instance_id}/audit/agent/{agent_id} |
dbss:auditInstance:addAgent |
- |
√ |
√ |
|
授予权限以预览报表。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/reports/{report_id}/preview GET /dbss/v1/{project_id}/{instance_id}/audit/reports/{report_id}/preview-report |
dbss:auditInstance:previewReporter |
- |
√ |
√ |
|
授予权限以配置告警信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-config POST /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-config-topic |
dbss:auditInstance:setAlarmConfig |
- |
√ |
√ |
|
授予权限以配置告警邮件信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/operation/config-email POST /dbss/v1/{project_id}/{instance_id}/audit/operation/email/{email_id} POST /dbss/v1/{project_id}/{instance_id}/audit/operation/edit-email/{email_id} |
dbss:auditInstance:configAlarmEmail |
- |
√ |
√ |
|
授予权限以查询告警配置信息。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-config GET /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-config-topic |
dbss:auditInstance:getAlarmConfig |
- |
√ |
√ |
|
授予权限以查询风险规则策略。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/rule/risk GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/rule/risk POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/search-rules POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/list-rules |
dbss:auditInstance:listRiskRules |
- |
√ |
√ |
|
授予权限以导出数据库配置。 |
POST /dbss/v1/{project_id}/obs/upload-config |
dbss:auditInstance:exportInstancesDatabaseConfig |
- |
√ |
√ |
|
授予权限以包年包月计费模式创建审计实例。 |
POST /dbss/v1/charge/{project_id}/audit/period/order POST /dbss/v2/{project_id}/dbss/audit/charge/period/order |
dbss:auditInstance:createOnPeriod |
dbss::listCommonInfo |
√ |
√ |
|
授予权限以编辑自定义sql注入规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/{sql_id} POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rule/{rule_id} |
dbss:auditInstance:editSqlInjectRule |
- |
√ |
√ |
|
授予权限以删除自定义sql注入规则。 |
DELETE /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/{sql_id} DELETE /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rule/{rule_id} |
dbss:auditInstance:deleteSqlInjectRule |
- |
√ |
√ |
|
授予权限以删除隐私数据保护规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/delete-rules DELETE /dbss/v1/{project_id}/{instance_id}/audit/sensitive/masks/{rule_id} |
dbss:auditInstance:deleteSensitiveRule |
- |
√ |
√ |
|
授予权限以删除审计范围规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/delete-scope DELETE /dbss/v1/{project_id}/{instance_id}/audit/rule/scopes/{scope_id} |
dbss:auditInstance:deleteAuditScopeRule |
- |
√ |
√ |
|
授予权限以删除风险规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/delete-risk DELETE /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/{risk_id} |
dbss:auditInstance:deleteRiskRule |
- |
√ |
√ |
|
授予权限以删除本地备份信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/del-backup DELETE /dbss/v1/{project_id}/{instance_id}/audit/backups/{id} |
dbss:auditInstance:deleteBackup |
- |
√ |
√ |
|
授予权限以查询备份信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/status POST /dbss/v1/{project_id}/{instance_id}/audit/backups POST /dbss/v1/{project_id}/{instance_id}/audit/backup/get-backup GET /dbss/v1/{project_id}/{instance_id}/audit/backup/status |
dbss:auditInstance:listBackups |
- |
√ |
√ |
|
授予权限以获取备份配置信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/auto-backup-template GET /dbss/v1/{project_id}/{instance_id}/audit/backup/bucket-name GET /dbss/v1/{project_id}/{instance_id}/audit/backup/auto-backup-template GET /dbss/v1/{project_id}/{instance_id}/audit/backup/bucket-path |
dbss:auditInstance:getBackupConfig |
- |
√ |
√ |
|
授予权限以编辑审计范围规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/edit-rule/{scope-id} POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scopes/{scope_id} |
dbss:auditInstance:editAuditScopeRule |
- |
√ |
√ |
|
授予权限以查询审计实例信息。 |
GET /dbss/v1/{project_id}/dbss/audit/list-instances GET /dbss/v1/{project_id}/dbss/audit/instances |
dbss:auditInstance:instanceList |
- |
√ |
√ |
|
授予权限以按需模式创建审计实例。 |
POST /dbss/v1/{project_id}/dbss/audit/create-instance POST /dbss/v1/{project_id}/dbss/audit/instances |
dbss:auditInstance:createOnDemand |
dbss::listCommonInfo |
√ |
√ |
|
授予权限以查询公共信息。 |
GET /dbss/v2/{project_id}/dbss/audit/availability-zone |
dbss::listCommonInfo |
- |
√ |
√ |
|
授予权限以查询所有审计实例总览信息。 |
GET /dbss/v1/{project_id}/audit/summary/info GET /dbss/v1/{project_id}/audit/risk/statistics |
dbss:auditInstance:listInstancesSummaryInfo |
- |
√ |
√ |
|
授予权限以查询总览任务状态。 |
GET /dbss/v2/{project_id}/audit/summary/{busi_type}/taskstatus GET /dbss/v1/{project_id}/audit/summary/{busi_type}/taskstatus |
dbss::getauditInstancesSummaryTaskStatus |
- |
√ |
√ |
|
授予权限以更新所有审计实例总览信息。 |
POST /dbss/v1/{project_id}/audit/summary/{busi_type}/taskstatus |
dbss::updateAuditInstancesSummaryInfo |
- |
√ |
√ |
|
授予权限以更改报表的计划任务配置信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/reports/templates-topic/scheduler/config-task POST /dbss/v1/{project_id}/{instance_id}/audit/reports/templates/scheduler/config-task |
dbss:auditInstance:setReporterConfig |
- |
√ |
√ |
|
授予权限以获取报表的计划任务配置信息。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/reports/templates-topic/scheduler/{template_id} GET /dbss/v1/{project_id}/{instance_id}/audit/reports/templates/scheduler/{template_id} |
dbss:auditInstance:getReporterConfig |
- |
√ |
√ |
|
授予权限以添加自建数据库。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/databases POST /dbss/v1/{project_id}/{instance_id}/audit/operation/databases POST /dbss/v1/{project_id}/{instance_id}/audit/operation/create-database |
dbss:auditInstance:addBareDatabase |
- |
√ |
√ |
|
授予权限以查询数据库列表。 |
GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/databases GET /dbss/v1/{project_id}/{instance_id}/audit/operation/databases GET /dbss/v1/{project_id}/{instance_id}/audit/operation/list-databases |
dbss:auditInstance:listDatabases |
- |
√ |
√ |
|
授予权限以开启关闭数据库审计功能。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/operation/switch POST /dbss/v2/{project_id}/{instance_id}/audit/databases/switch |
dbss:auditInstance:switchDatabase |
- |
√ |
√ |
|
授予权限以删除数据库。 |
DELETE /dbss/v2/{project_id}/{instance_id}/audit/databases/{db_id} POST /dbss/v1/{project_id}/{instance_id}/audit/operation/database/delete POST /dbss/v1/{project_id}/{instance_id}/audit/operation/delete-database |
dbss:auditInstance:deleteDatabase |
- |
√ |
√ |
|
授予权限以添加审计范围规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scopes POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/add-rule |
dbss:auditInstance:addAuditScopeRule |
- |
√ |
√ |
|
授予权限以开启关闭审计范围规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/switch |
dbss:auditInstance:switchAuditScopeRule |
- |
√ |
√ |
|
授予权限以添加风险规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/add-rule |
dbss:auditInstance:addRiskRule |
- |
√ |
√ |
|
授予权限以开启或关闭风险规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/switch |
dbss:auditInstance:switchRiskRule |
- |
√ |
√ |
|
授予权限以编辑风险规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/{risk_id} POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/edit-risk/{risk_id} |
dbss:auditInstance:editRiskRule |
- |
√ |
√ |
|
授予权限以设置风险规则优先级。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/rank-risk |
dbss:auditInstance:setRiskRulePriority |
- |
√ |
√ |
|
授予权限以查询审计实例概览信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/general/risk-statistics POST /dbss/v1/{project_id}/{instance_id}/audit/general/session-statistics POST /dbss/v1/{project_id}/{instance_id}/audit/general/sql-statistics POST /dbss/v1/{project_id}/{instance_id}/audit/general/synopsis-statistics |
dbss:auditInstance:listStatistics |
- |
√ |
√ |
|
授予权限以查询隐私数据脱敏规则。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/sensitive/masks GET /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/list-rules GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/sensitive/masks GET /dbss/v1/{project_id}/{instance_id}/audit/sensitive/result/switch GET /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/switch |
dbss:auditInstance:listSensitiveRules |
- |
√ |
√ |
|
授予权限以开启关闭存储结果集开关。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/result/switch |
dbss:auditInstance:modifySensitiveRuleSaveResultSwitch |
- |
√ |
√ |
|
授予权限以开启关闭隐私数据脱敏开关。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/switch |
dbss:auditInstance:modifySensitiveRuleAnonymizeSwitch |
- |
√ |
√ |
|
授予权限以开启或关闭隐私数据保护规则。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/rule/switch |
dbss:auditInstance:switchSensitiveRule |
- |
√ |
√ |
|
授予权限以查询告警信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-log POST /dbss/v1/{project_id}/{instance_id}/audit/alarm-log |
dbss:auditInstance:listAlarmItems |
- |
√ |
√ |
|
授予权限以标记告警信息。 |
PUT /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-log/{alarm_id} POST /dbss/v1/{project_id}/{instance_id}/audit/general/mark-alarm-log |
dbss:auditInstance:markAlarm |
- |
√ |
√ |
|
授予权限以删除告警信息。 |
DELETE /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-log/{alarm_id} |
dbss:auditInstance:deleteAlarm |
- |
√ |
√ |
|
授予权限以恢复备份信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/restore |
dbss:auditInstance:restoreBackup |
- |
√ |
√ |
|
授予权限以重试备份操作。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/retry |
dbss:auditInstance:retryBackup |
- |
√ |
√ |
|
授予权限以获取风险导出配置信息。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/backup/risk-templates GET /dbss/v1/{project_id}/{instance_id}/audit/backup/risk-template/{db_id} |
dbss:auditInstance:getRiskBackupConfigInfo |
- |
√ |
√ |
|
授予权限以开启关闭风险导出功能。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/risk/switch POST /dbss/v1/{domain_id}/{instance_id}/audit/backup/risk/global/switch |
dbss:auditInstance:switchRiskBackup |
- |
√ |
√ |
|
授予权限以获取风险导出obs桶信息。 |
GET /dbss/v1/{project_id}/{instance_id}/audit/backup/risk-bucket-path |
dbss:auditInstance:getRiskBackupBucketInfo |
- |
√ |
√ |
|
授予权限以设置风险导出obs桶信息。 |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/risk-bucket-path POST /dbss/v1/{domain_id}/{instance_id}/audit/backup/risk-bucket-path/global |
dbss:auditInstance:setRiskBackupBucketInfo |
- |
√ |
√ |
|
授予权限以添加RDS数据库。 |
POST /dbss/v1/{project_id}/{instance_id}/dbss/audit/databases/rds POST /dbss/v1/{project_id}/{instance_id}/audit/operation/rds POST /dbss/v1/{project_id}/{instance_id}/audit/operation/create-guassdb-rds POST /dbss/v2/{project_id}/{instance_id}/audit/databases/rds |
dbss:auditInstance:addRdsDatabase |
- |
√ |
√ |
|
授予权限以获取DBSS服务信息。 |
GET /dbss/v1/{project_id}/dbss/server-info |
dbss::getServerInfo |
- |
√ |
√ |
|
授予权限以查看审计实例任务创建信息。 |
GET /dbss/v1/{project_id}/dbss/audit/jobs/{resource_id} GET /dbss/v1/{project_id}/dbss/audit/list-jobs/{resource_id} |
dbss::getAuditInstanceJob |
- |
√ |
√ |
|
授予权限以列举审计实例任务创建信息。 |
GET /dbss/v1/{project_id}/dbss/audit/list-jobs |
dbss:auditInstance:listJobs |
- |
√ |
√ |
|
授予权限以查询obs桶列表。 |
GET /dbss/v1/{project_id}/obs/audit/backup/obs-buckets |
dbss::listObsBuckets |
- |
√ |
√ |
|
授予权限以删除审计实例。 |
DELETE /dbss/v1/{project_id}/dbss/audit/delete-instance |
dbss:auditInstance:instanceDelete |
- |
√ |
√ |
|
授予权限以根据标签信息查询审计实例。 |
POST /dbss/v1/{project_id}/{resource_type}/resource-instances/filter POST /dbss/v1/{project_id}/{resource_type}/resource-instances/count |
dbss::listResourcesByTag |
- |
√ |
√ |
|
授予权限以批量添加实例标签。 |
POST /dbss/v1/{project_id}/{resource_type}/{resource_id}/tags/create |
dbss::tagResource |
- |
√ |
√ |
|
授予权限以批量删除实例标签。 |
DELETE dbss::listCommonInfo /dbss/v1/{project_id}/{resource_type}/{resource_id}/tags/delete |
dbss::unTagResource |
- |
√ |
√ |
|
授予权限以查询项目下的所有标签。 |
GET /dbss/v1/{project_id}/{resource_type}/tags |
dbss::listTags |
- |
√ |
√ |
|
授予权限以查询实例标签信息。 |
GET /dbss/v1/{project_id}/{resource_type}/{resource_id}/tags |
dbss::listTagsForResource |
- |
√ |
√ |
