策略授权参考
本章节介绍DCS策略授权场景下支持的策略授权项。
支持的授权项
策略包含系统策略和自定义策略,如果系统策略不满足授权要求,管理员可以创建自定义策略,并通过给用户组授予自定义策略来进行精细的访问控制。策略支持的操作与API相对应,授权项列表说明如下:
- 权限:允许或拒绝对指定资源在特定条件下进行某项操作。
- 对应API接口:自定义策略实际调用的API接口。
- 授权项:自定义策略中支持的Action,在自定义策略中的Action中写入授权项,可以实现授权项对应的权限功能。
- 依赖的授权项:部分Action存在对其他Action的依赖,需要将依赖的Action同时写入授权项,才能实现对应的权限功能。
- IAM项目(Project)/企业项目(Enterprise Project):自定义策略的授权范围,包括IAM项目与企业项目。授权范围如果同时支持IAM项目和企业项目,表示此授权项对应的自定义策略,可以在IAM和企业管理两个服务中给用户组授权并生效。如果仅支持IAM项目,不支持企业项目,表示仅能在IAM中给用户组授权并生效,如果在企业管理中授权,则该自定义策略不生效。管理员可以在授权项列表中查看授权项是否支持IAM项目或企业项目,“√”表示支持,“×”表示暂不支持。关于IAM项目与企业项目的区别,详情请参见:IAM与企业管理的区别。
DCS的支持自定义策略授权项如下所示:
|
权限 |
对应API接口 |
授权项(Action) |
IAM项目(Project) |
企业项目(Enterprise Project) |
|---|---|---|---|---|
|
查询实例升级信息 |
- |
dcs:instance:getUpgradeInfo |
√ |
√ |
|
查询实例后台任务 |
GET /v2/{project_id}/instances/{instance_id}/tasks |
dcs:instance:getBackgroundTask |
√ |
√ |
|
查询迁移任务详情 |
GET /v2/{project_id}/migration-task/{task_id} |
dcs:migrationTask:get |
√ |
X |
|
查看实例审计日志 |
- |
dcs:auditlog:get |
√ |
√ |
|
查询实例配置参数 |
GET /v2/{project_id}/instances/{instance_id}/configs |
dcs:instance:getConfiguration |
√ |
√ |
|
查询参数模板 |
GET /v2/{project_id}/config-templates/{template_id} |
dcs:template:get |
√ |
X |
|
查询参数模板列表 |
GET /v2/{project_id}/config-templates |
dcs:template:list |
√ |
X |
|
查询实例数据恢复日志 |
GET /v2/{project_id}/instances/{instance_id}/restores |
dcs:instance:getDataRestoreLog |
√ |
√ |
|
查询缓存实例信息 |
GET /v2/{project_id}/instances/{instance_id} |
dcs:instance:get |
√ |
√ |
|
查询实例数据备份日志 |
GET /v2/{project_id}/instances/{instance_id}/backups |
dcs:instance:getDataBackupLog |
√ |
√ |
|
创建缓存实例 |
POST /v2/{project_id}/instances |
dcs:instance:create |
√ |
√ |
|
诊断实例 |
POST /v2/{project_id}/instances/{instance_id}/diagnosis |
dcs:instance:diagnosis |
√ |
√ |
|
创建实例访问账号 |
POST /v2/{project_id}/instances/{instance_id}/accounts |
dcs:aclaccount:create |
√ |
√ |
|
删除实例数据备份文件 |
DELETE /v2/{project_id}/instances/{instance_id}/backups/{backup_id} |
dcs:instance:deleteDataBackupFile |
√ |
√ |
|
查询任务进度 |
- |
dcs:job:get |
√ |
X |
|
缓存实例扩容 |
POST /v2/{project_id}/instances/{instance_id}/resize |
dcs:instance:scale |
√ |
√ |
|
升级实例版本 |
- |
dcs:instance:upgrade |
√ |
√ |
|
查询Redis会话列表 |
GET /v2/{project_id}/instances/{instance_id}/clients |
dcs:clients:list |
√ |
√ |
|
实例交换IP后回滚 |
- |
dcs:migrationTask:rollbackIp |
√ |
X |
|
Kill Redis会话 |
POST /v2/{project_id}/instances/{instance_id}/clients/kill |
dcs:clients:kill |
√ |
√ |
|
备份实例数据 |
POST /v2/{project_id}/instances/{instance_id}/backups |
dcs:instance:backupData |
√ |
√ |
|
释放历史域名解析 |
- |
dcs:histroydomainname:release |
√ |
√ |
|
开启或关闭公网域名解析 |
- |
dcs:publicdomainname:update |
√ |
√ |
|
修改实例配置参数 |
PUT /v2/{project_id}/instances/{instance_id}/configs |
dcs:instance:modifyConfigureation |
√ |
√ |
|
修改实例SSL信息 |
- |
dcs:ssl:modify |
√ |
√ |
|
删除实例访问账号 |
DELETE /v2/{project_id}/instances/{instance_id}/accounts/{account_id} |
dcs:aclaccount:delete |
√ |
√ |
|
修改缓存实例 |
PUT /v2/{project_id}/instances/{instance_id} |
dcs:instance:modify |
√ |
√ |
|
删除缓存实例 |
DELETE /v2/{project_id}/instances/{instance_id} |
dcs:instance:delete |
√ |
√ |
|
实例主备倒换 |
POST /v2/{project_id}/instances/{instance_id}/swap |
dcs:instance:swap |
√ |
√ |
|
修改实例访问密码 |
PUT /v2/{project_id}/instances/{instance_id}/password |
dcs:instance:modifyAuthInfo |
√ |
√ |
|
修改迁移任务配置或停止迁移任务 |
POST /v2/{project_id}/migration-task/{task_id}/stop |
dcs:migrationTask:modify |
√ |
X |
|
重建域名解析 |
- |
dcs:domainname:rebuild |
√ |
√ |
|
创建迁移任务 |
POST /v2/{project_id}/migration-task |
dcs:migrationTask:create |
√ |
X |
|
修改实例访问账号信息 |
PUT /v2/{project_id}/instances/{instance_id}/accounts/{account_id} |
dcs:aclaccount:modify |
√ |
√ |
|
开启或关闭实例审计日志 |
- |
dcs:auditlog:modify |
√ |
√ |
|
Web CLI |
POST /v2/{project_id}/instances/{instance_id}/webcli/auth |
dcs:instance:webcli |
√ |
√ |
|
删除迁移任务 |
DELETE /v2/{project_id}/migration-tasks/delete |
dcs:migrationTask:delete |
√ |
X |
|
开启或关闭客户端ip透传 |
PUT /v2/{project_id}/{instance_id}/client-ip-transparent-transmission |
dcs:clientiptrans:modify |
√ |
√ |
|
删除参数模板 |
DELETE /v2/{project_id}/config-templates/{template_id} |
dcs:template:delete |
√ |
X |
|
修改参数模板 |
PUT /v2/{project_id}/config-templates/{template_id} |
dcs:template:modify |
√ |
X |
|
实例间交换IP地址 |
POST /v2/{project_id}/migration-task/{task_id}/exchange-ip |
dcs:migrationTask:exchangeIp |
√ |
X |
|
下载备份实例数据 |
POST /v2/{project_id}/instances/{instance_id}/backups/{backup_id}/links |
dcs:instance:downloadBackupData |
√ |
√ |
|
分析实例的大key或者热key |
GET /v2/{project_id}/instances/{instance_id}/bigkey-task/{bigkey_id} |
dcs:instance:analyze |
√ |
√ |
|
恢复实例数据 |
POST /v2/{project_id}/instances/{instance_id}/restores |
dcs:instance:restoreData |
√ |
√ |
|
删除实例后台任务 |
DELETE /v2/{project_id}/instances/{instance_id}/tasks/{task_id} |
dcs:instance:deleteBackgroundTask |
√ |
√ |
|
重置实例访问密码 |
POST /v2/{project_id}/instances/{instance_id}/password/reset |
dcs:instance:resetAuthInfo |
√ |
√ |
|
创建参数模板 |
POST /v2/{project_id}/config-templates |
dcs:template:create |
√ |
X |
|
修改实例运行状态(启停) |
PUT /v2/{project_id}/instances/status |
dcs:instance:modifyStatus |
√ |
√ |
|
修改实例白名单信息 |
PUT /v2/{project_id}/instance/{instance_id}/whitelist |
dcs:whitelist:modify |
√ |
√ |
|
获取实例白名单列表 |
GET /v2/{project_id}/instance/{instance_id}/whitelist |
dcs:whitelist:list |
√ |
√ |
|
查询慢日志列表 |
GET /v2/{project_id}/instances/{instance_id}/slowlog |
dcs:slowlog:list |
√ |
√ |
|
获取实例访问账号列表 |
GET /v2/{project_id}/instances/{instance_id}/accounts |
dcs:aclaccount:list |
√ |
√ |
|
查询实例列表 |
GET /v2/{project_id}/instances |
dcs:instance:list |
√ |
√ |
|
查询迁移任务列表 |
GET /v2/{project_id}/migration-tasks |
dcs:migrationTask:list |
√ |
X |
|
查询实例标签 |
GET /v2/{project_id}/instances/{instance_id}/tags |
dcs:tag:get |
√ |
X |
|
修改实例标签 |
POST /v2/{project_id}/dcs/{instance_id}/tags/action |
dcs:tag:modify |
√ |
√ |
|
查询实例SSL信息 |
- |
dcs:ssl:get |
√ |
X |
