策略授权参考

本章节介绍GeminiDB策略授权场景下支持的策略授权项。

支持的授权项

策略包含系统策略和自定义策略，如果系统策略不满足授权要求，管理员可以创建自定义策略，并通过给用户组授予自定义策略来进行精细的访问控制。策略支持的操作与API相对应，授权项列表说明如下：

权限：允许或拒绝某项操作。
对应API接口：自定义策略实际调用的API接口。
授权项：自定义策略中支持的Action，在自定义策略中的Action中写入授权项，可以实现授权项对应的权限功能。
依赖的授权项：部分Action存在对其他Action的依赖，需要将依赖的Action同时写入授权项，才能实现对应的权限功能。
IAM项目(Project)/企业项目(Enterprise Project)：自定义策略的授权范围，包括IAM项目与企业项目。授权范围如果同时支持IAM项目和企业项目，表示此授权项对应的自定义策略，可以在IAM和企业管理两个服务中给用户组授权并生效。如果仅支持IAM项目，不支持企业项目，表示仅能在IAM中给用户组授权并生效，如果在企业管理中授权，则该自定义策略不生效。管理员可以在授权项列表中查看授权项是否支持IAM项目或企业项目，“√”表示支持，“×”表示暂不支持。关于IAM项目与企业项目的区别，详情请参见：IAM与企业管理的区别。

GeminiDB的支持自定义策略授权项如下所示：

“√”表示支持，“x”表示暂不支持。

表1 查询API版本
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询API版本列表	GET /	-	-	-
查询API版本信息	GET /{version}	-	-	-

表2 接口版本和规格
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询数据库规格	GET /v3.1/{project_id}/flavors	-	-	-
查询数据库版本信息	GET /v3/{project_id}/datastores/{datastore_name}/versions	-	-	-
查询专属资源列表	GET /v3/{project_id}/dedicated-resources	-	-	-

表3 实例管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
创建实例	POST /v3/{project_id}/instances	nosql:instance:create	√	√
删除实例	DELETE /v3/{project_id}/instances/{instance_id}	nosql:instance:delete	√	√
查询实例列表和详情	GET /v3/{project_id}/instances	nosql:instance:list	√	√
扩容实例存储容量	POST /v3/{project_id}/instances/{instance_id}/extend-volume	nosql:instance:modifyStorageSize	√	√
扩容集群实例的节点数量	POST /v3/{project_id}/instances/{instance_id}/enlarge-node	nosql:instance:extendNode	√	√
缩容集群实例的节点数量	POST /v3/{project_id}/instances/{instance_id}/reduce-node	nosql:instance:reduceNode	√	√
获取节点会话列表	GET /v3/{project_id}/redis/nodes/{node_id}/sessions	nosql:session:list	√	√
查询实例节点会话统计信息	GET /v3/{project_id}/redis/nodes/{node_id}/session-statistics	nosql:session:list	√	√
关闭实例节点会话	DELETE /v3/{project_id}/redis/nodes/{node_id}/sessions	nosql:session:delete	√	√
查询实例可变更规格	GET /v3/{project_id}/instances/{instance_id}/available-flavors	nosql:instance:list	√	√
变更实例规格	PUT /v3/{project_id}/instances/{instance_id}/resize	nosql:instance:modifySpecification	√	√
修改实例管理员密码	PUT /v3/{project_id}/instances/{instance_id}/password	nosql:instance:modifyPasswd	√	√
修改实例名称	PUT /v3/{project_id}/instances/{instance_id}/name	nosql:instance:rename	√	√
变更实例安全组	PUT /v3/{project_id}/instances/{instance_id}/security-group	nosql:instance:modifySecurityGroup	√	√
数据库补丁升级	POST /v3/{project_id}/instances/{instance_id}/db-upgrade	nosql:instance:upgradeDatabaseVersion	√	√
批量数据库补丁升级	POST /v3/{project_id}/instances/db-upgrade	nosql:instance:batchUpgradeDatabaseVersion	√	√
创建冷数据存储	POST /v3/{project_id}/instances/{instance_id}/cold-volume	nosql:instance:modifyStorageSize	√	√
扩容冷数据存储	PUT /v3/{project_id}/instances/{instance_id}/cold-volume	nosql:instance:modifyStorageSize	√	√
绑定/解绑弹性公网IP	POST /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/public-ip	nosql:instance:bindPublicIp	√	√
切换SSL开关	POST /v3/{project_id}/instances/{instance_id}/ssl-option	nosql:instance:switchSSL	√	√
重启实例或者节点	POST /v3/{project_id}/instances/{instance_id}/restart	nosql:instance:restart	√	√
设置磁盘自动扩容策略	PUT /v3/{project_id}/instances/disk-auto-expansion	nosql:instance:modifyStorageSize	√	√
修改数据库端口	PUT /v3/{project_id}/instances/{instance_id}/port	nosql:instance:modifyPort	√	√
判断弱密码	POST /v3/{project_id}/weak-password-verification	-	-	-
修改副本集跨网段访问配置	POST /v3/{project_id}/instances/{instance_id}/client-network	nosql:instance:setSourceSubnet	√	√
删除扩容失败的节点	DELETE /v3/{project_id}/instances/{instance_id}/enlarge-failed-nodes	nosql:instance:delete	√	√
查询创建实例或扩容节点时需要的IP数量	GET /v3/{project_id}/ip-num-requirement	-	-	-
查询磁盘自动扩容策略	GET /v3/{project_id}/instances/{instance_id}/disk-auto-expansion	nosql:instance:list	√	√
变更实例存储容量	PUT /v3/{project_id}/instances/{instance_id}/volume	nosql:instance:modifyStorageSize	√	√
查询高危命令	GET /v3/{project_id}/instances/{instance_id}/high-risk-commands	nosql:command:list	√	√
修改高危命令	PUT /v3/{project_id}/instances/{instance_id}/high-risk-commands	nosql:instances:modifyHighRiskCommands	√	√
查询Redis实例的热key	GET /v3/{project_id}/instances/{instance_id}/hot-keys	nosql:instance:getHotKeys	√	√
设置Redis禁用命令	POST /v3/{project_id}/redis/instances/{instance_id}/disabled-commands	nosql:instance:setRedisDisabledCommands	√	√
查询Redis禁用命令	GET /v3/{project_id}/redis/instances/{instance_id}/disabled-commands	nosql:instance:listRedisDisabledCommands	√	√
删除Redis禁用命令	DELETE /v3/{project_id}/redis/instances/{instance_id}/disabled-commands	nosql:instance:deleteRedisDisabledCommands	√	√
设置实例可维护时间段	PUT /v3/{project_id}/instances/{instance_id}/maintenance-window	nosql:instance:modifyMaintenanceWindow	√	√
Redis主备切换	PUT /v3/{project_id}/instance/{instance_id}/switchover	nosql:instance:switchover	√	√
支持节点的开关机	PUT /v3/{project_id}/instances/{instance_id}/nodes	nosql:instance:switchNodeStatus	√	√
查询GeminiDB Redis实例的大key	POST /v3/{project_id}/instances/{instance_id}/big-keys	nosql:instance:getBigKeys	√	√
获取GeminiDB Redis的免密配置	GET /v3/{project_id}/instances/{instance_id}/passwordless-config	nosql:instance:getPasswordlessConfig	√	√
支持修改GeminiDB Redis的免密配置	PUT /v3/{project_id}/instances/{instance_id}/passwordless-config	nosql:instance:setPasswordlessConfig	√	√
查询内存加速映射列表和详情	GET /v3/{project_id}/dbcache/mappings	nosql:instance:listDBCacheMappings	√	√
创建内存加速规则	POST /v3/{project_id}/dbcache/rule	nosql:instance:createDBCacheRule	√	√
解除内存加速映射	DELETE /v3/{project_id}/dbcache/mapping	nosql:instance:deleteDBCacheMapping	√	√
创建内存加速映射	POST /v3/{project_id}/dbcache/mapping	nosql:instance:createDBCacheMapping	√	√
修改内存加速规则	PUT /v3/{project_id}/dbcache/rule	nosql:instance:updateDBCacheRule	√	√
查询内存加速规则列表和详情	GET /v3/{project_id}/dbcache/rules	nosql:instance:listDBCacheRules	√	√
删除内存加速规则	DELETE /v3/{project_id}/dbcache/rule	nosql:instance:deleteDBCacheRule	√	√
开启/关闭实例数据导出	PUT /v3/{project_id}/instances/{instance_id}/data-dump	nosql:instance:operateDataDump	√	√
开启/关闭秒级监控	PUT /v3/{project_id}/instances/{instance_id}/monitoring-by-seconds/switch	nosql:instance:secondLevelMonitoring	√	√
查询秒级监控配置	GET /v3/{project_id}/instances/{instance_id}/monitoring-by-seconds/switch	nosql:instance:secondLevelMonitoring	√	√
设置节点自动扩容策略	PUT /v3/{project_id}/instances/{instance_id}/node-auto-expansion-policy	nosql:instance:extendNode	√	√
查询节点自动扩容策略	GET /v3/{project_id}/instances/{instance_id}/node-auto-expansion-policy	nosql:instance:list	√	√
获取SSL证书下载地址	GET /v3/{project_id}/instances/{instance_id}/ssl-cert/download-link	nosql:instance:listDBCacheRules	√	√
修改负载均衡地址	PUT /v3/{project_id}/instances/{instance_id}/lb	nosql:instance:modifyInstanceLb	√	√

表4 连接管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
获取实例的会话	GET /v3/{project_id}/instances/{instance_id}/sessions	nosql:session:list	√	√
关闭实例所有节点会话	DELETE /v3/{project_id}/instances/{instance_id}/sessions	nosql:session:delete	√	√

表5 备份与恢复
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询备份列表	GET /v4/{project_id}/backups	nosql:backup:list	√	√
查询备份列表	GET /v3.1/{project_id}/backups	nosql:backup:list	√	√
查询自动备份策略	GET /v3.1/{project_id}/instances/{instance_id}/backups/policy	nosql:backup:list	√	√
查询自动备份策略	GET /v3/{project_id}/instances/{instance_id}/backups/policy	nosql:backup:list	√	√
设置自动备份策略	PUT /v3/{project_id}/instances/{instance_id}/backups/policy	nosql:instance:modifyBackupPolicy	√	√
查询可恢复的实例列表	GET /v3/{project_id}/backups/{backup_id}/restorable-instances	nosql:instance:list	√	√
查询实例可恢复的时间段	GET /v3/{project_id}/instances/{instance_id}/backups/restorable-time-periods	nosql:backup:list	√	√
创建手动备份	POST /v3/{project_id}/instances/{instance_id}/backups	nosql:backup:create	√	√
删除手动备份	DELETE /v3/{project_id}/backups/{backup_id}	nosql:backup:delete	√	√
恢复到已有实例	POST /v3/{project_id}/instances/{instance_id}/recovery	nosql:backup:refreshInstanceFromBacku	√	√
查询回收策略	GET /v3/{project_id}/instances/recycle-policy	nosql:instance:list	√	√
设置回收策略	PUT /v3/{project_id}/instances/recycle-policy	nosql:recyclePolicy:set	√	√
查询回收站实例列表	GET /v3/{project_id}/recycle-instances	nosql:instance:list	√	√
获取GeminiDB Cassandra实例表级恢复的数据库信息	GET /v3/{project_id}/instances/{instance_id}/databases	nosql:backup:list	√	√
获取GeminiDB Cassandra实例表级恢复的表信息	GET /v3/{project_id}/instances/{instance_id}/tables	nosql:backup:list	√	√
恢复当前Redis实例到指定时间点	PUT /v3/{project_id}/redis/instances/{instance_id}/pitr	nosql:instance:redisPitrRestore	√	√
设置Redis恢复到指定时间点策略	PUT /v3/{project_id}/redis/instances/{instance_id}/pitr/policy	nosql:instance:setRedisPitrPolicy	√	√
查询Redis恢复到指定时间点策略	GET /v3/{project_id}/redis/instances/{instance_id}/pitr/policy	nosql:instance:getRedisPitrPolicy	√	√
查询Redis可恢复时间点	GET /v3/{project_id}/redis/instances/{instance_id}/pitr/restorable-time-periods	nosql:instance:listRedisPitrRestoreTime	√	√
查询Redis实例指定时间点恢复所占用的存储空间	GET /v3/{project_id}/redis/instances/{instance_id}/pitr	nosql:instance:getRedisPitrInfo	√	√
停止备份	PUT /v3/{project_id}/backups/{backup_id}	nosql:backup:stop	√	√
批量删除手动备份	DELETE /v3/{project_id}/instances/backups	nosql:backup:delete	√	√
数据文件导入已有实例	POST /v3/{project_id}/redis/instances/{instance_id}/recovery	nosql:instance:redisDataRestore	√	√

表6 参数配置
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
获取参数模板列表	GET /v3.1/{project_id}/configurations	nosql:param:list	√	√
应用参数模板	PUT /v3.1/{project_id}/configurations/{config_id}/apply	nosql:instance:modifyParameter	√	√
修改指定实例的参数	PUT /v3.1/{project_id}/instances/{instance_id}/configurations	nosql:instance:modifyParameter	√	√
获取参数模板列表	GET /v3/{project_id}/configurations	nosql:param:list	√	√
创建参数模板	POST /v3/{project_id}/configurations	nosql:param:create	√	√
修改参数模板的参数	PUT /v3/{project_id}/configurations/{config_id}	nosql:param:modify	√	√
重置自定义参数模板	POST /v3/{project_id}/configurations/{config_id}/reset	nosql:param:modify	√	√
查询实例参数配置	GET /v3/{project_id}/instances/{instance_id}/configurations	nosql:param:list	√	√
应用参数模板	PUT /v3/{project_id}/configurations/{config_id}/apply	nosql:instance:modifyParameter	√	√
修改指定实例的参数	PUT /v3/{project_id}/instances/{instance_id}/configurations	nosql:instance:modifyParameter	√	√
获取指定实例的参数	GET /v3/{project_id}/instances/{instance_id}/configurations	nosql:param:list	√	√
获取指定参数模板的参数	GET /v3/{project_id}/configurations/{config_id}	nosql:param:list	√	√
删除参数模板	DELETE /v3/{project_id}/configurations/{config_id}	nosql:param:delete	√	√
查询参数模板可应用的实例列表	GET /v3/{project_id}/configurations/{config_id}/applicable-instances	nosql:instance:list	√	√
查询实例参数的修改历史	GET /v3/{project_id}/instances/{instance_id}/configuration-histories	nosql:param:list	√	√
查询参数模板应用历史	GET /v3/{project_id}/configurations/{config_id}/applied-histories	nosql:param:list	√	√
参数模板比较	POST /v3/{project_id}/configurations/comparison	nosql:param:list	√	√
复制参数模板	POST /v3/{project_id}/configurations/{config_id}/copy	nosql:param:create	√	√
查询支持参数模板的接口信息	GET /v3/{project_id}/configurations/datastores	-	-	-

表7 管理数据库和账号
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
创建数据库账号	POST /v3/{project_id}/redis/instances/{instance_id}/db-users	nosql:instance:createDatabaseUser	√	√
修改数据库账号权限	PUT /v3/{project_id}/redis/instances/{instance_id}/db-users/privilege	nosql:instance:modifyDbUserPrivilege	√	√
重置数据库账号密码	PUT /v3/{project_id}/redis/instances/{instance_id}/db-users/password	nosql:instance:resetDatabaseUser	√	√
删除数据库账号	DELETE /v3/{project_id}/redis/instances/{instance_id}/db-users	nosql:instance:deleteDatabaseUser	√	√
获取数据库账号列表和详情	GET /v3/{project_id}/redis/instances/{instance_id}/db-users	nosql:dbuser:list	√	√
获取实例数据库列表	GET /v3/{project_id}/redis/instances/{instance_id}/databases	nosql:instance:resetDatabaseUser	√	√
操作GeminiDB实例数据库	PUT /v3/{project_id}/instances/{instance_id}/databases	nosql:instance:operateDatabase	√	√

表8 标签管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询资源实例	POST /v3/{project_id}/instances/resource_instances/action	nosql:instance:list nosql:tag:list	√	√
批量添加或删除资源标签	POST /v3/{project_id}/instances/{instance_id}/tags/action	nosql:instance:tag	√	√
查询资源标签	GET /v3/{project_id}/instances/{instance_id}/tags	nosql:instance:list nosql:tag:list	√	√
查询项目标签	GET /v3/{project_id}/tags	nosql:tag:list	√	√

表9 日志管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询数据库慢日志	GET /v3/{project_id}/instances/{instance_id}/slowlog?start_date={start_date}&end_date={end_date}	nosql:instance:list	√	√
查询GeminiDB Redis数据库慢日志	POST /v3/{project_id}/redis/instances/{instance_id}/slow-logs	nosql:instance:list	√	√
查询GeminiDB Influx数据库慢日志	POST /v3/{project_id}/influxdb/instances/{instance_id}/slow-logs	nosql:instance:list	√	√
查询GeminiDB Cassandra数据库慢日志	POST /v3/{project_id}/cassandra/instances/{instance_id}/slow-logs	nosql:instance:list	√	√
查询GeminiDB Mongo数据库慢日志	POST /v3/{project_id}/mongodb/instances/{instance_id}/slow-logs	nosql:instance:list	√	√
查询数据库错误日志信息	GET /v3/{project_id}/instances/{instance_id}/error-log	nosql:instance:list	√	√
查询GeminiDB Mongo数据库错误日志	POST /v3/{project_id}/mongodb/instances/{instance_id}/error-logs	nosql:instance:list	√	√
设置慢日志脱敏状态	PUT /v3/{project_id}/instances/{instance_id}/slowlog-desensitization	nosql:instance:modifySlowLogPlaintextSwitch	√	√
查询慢日志脱敏状态	GET /v3/{project_id}/instances/{instance_id}/slowlog-desensitization	nosql:instance:list	√	√
关联LTS日志流	POST /v3/{project_id}/instances/logs/lts-configs	nosql:instances:saveLtsStreams	√	√
解除关联LTS日志流	DELETE /v3/{project_id}/instances/logs/lts-configs	nosql:instances:saveLtsStreams	√	√
查询LTS日志配置信息	GET /v3/{project_id}/instances/logs/lts-configs	nosql:instances:saveLtsStreams	√	√

**表10** 配额管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询配额	GET /v3/{project_id}/quotas	nosql:instance:list	√	√

**表11** 容灾管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询实例可搭建双活关系的	GET /v3/{project_id}/instances/{instance_id}/disaster-recovery/regions	nosql:instance:list	√	√
设置实例容灾切换的故障节点比例	PUT /v3/{project_id}/instances/disaster-recovery/settings	nosql:dr:setDisasterRecoverySettings	√	√
查询实例容灾切换的故障节点比例	GET /v3/{project_id}/instances/disaster-recovery/settings	nosql:dr:listDisasterRecoverySettings	√	√
搭建双活	POST /v3/{project_id}/instances/{instance_id}/dual-active-relationship	nosql:instance:buildBiactiveInstance	√	√
解除双活	DELETE /v3/{project_id}/instances/{instance_id}/dual-active-relationship	nosql:instance:releaseBiactiveInstance	√	√

**表12** 任务管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询任务列表和详情	GET /v3/{project_id}/jobs	nosql:task:list	√	√
查询实例可维护时间段	GET /v3/{project_id}/instances/{instance_id}/ops-window	nosql:instance:maintenanceWindow	√	√
查询定时任务列表	GET /v3/{project_id}/scheduled-jobs	nosql:task:list	√	√
取消定时任务	DELETE /v3/{project_id}/scheduled-jobs/{job_id}	nosql:instance:cancelScheduleJob	√	√

**表13** 企业项目管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
查询企业项目配额	GET /v3/{project_id}/enterprise-projects/quotas	nosql:quota:list	√	√
修改企业项目配额	PUT /v3/{project_id}/enterprise-projects/quotas	nosql:quota:modify	√	√

**表14** 实例负载均衡管理
权限	对应API接口	授权项(Action)	IAM项目(Project)	企业项目(Enterprise Project)
设置实例负载均衡的IP访问黑白名单	PUT /v3/{project_id}/instances/{instance_id}/lb/access-control	nosql:instance:modifyInstanceLb	√	√
查询实例负载均衡的IP访问黑白名单	GET /v3/{project_id}/instances/{instance_id}/lb/access-control	nosql:instance:list	√	√

父主题： 权限和授权项

上一篇：权限和授权项说明

下一篇：身份策略授权参考

意见反馈

文档内容是否对您有帮助？

有帮助没帮助

提供反馈

提交成功！非常感谢您的反馈，我们会继续努力做到更好！您可在我的云声建议查看反馈及问题处理状态。

系统繁忙，请稍后重试

在使用文档中是否遇到以下问题

内容与产品页面不一致

内容不易理解

缺失示例代码

步骤不可操作

搜不到想要的内容

缺少最佳实践

意见反馈（选填）

0/500

请至少选择一项反馈信息并填写问题反馈

字符长度不能超过500

直接提交取消

如您有其它疑问，您也可以通过华为云社区问答频道来与我们联系探讨

盘古Doer提问云社区提问

策略授权参考

支持的授权项

相关文档

意见反馈

文档内容是否对您有帮助？