RDS授权分类
权限 |
对应API接口 |
授权项(Action) |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
查询数据库引擎版本 |
GET /v3/{projectId}/datastores/{database_name} |
无需授权 |
√ |
√ |
× |
查询数据库规格 |
GET /v3/{project_id}/flavors/{database_name}?version_name={version_name} |
无需授权 |
√ |
√ |
× |
查询数据库存储规格 |
GET /v3/{project_id}/storage-type/{database_name}?version_name={version_name} |
无需授权 |
√ |
√ |
× |
API功能 |
对应API接口 |
授权项(Action) |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
创建数据库实例 |
POST /v3/{project_id}/instances |
rds:instance:create (创建加密实例需要在项目上配置KMS Administrator权限。) |
√ |
√ |
× |
修改实例名称 |
PUT https://{Endpoint}/v3/{project_id}/instances/{instance_id}/name |
rds:instance:modify |
√ |
√ |
√ |
修改实例备注 |
PUT https://{Endpoint}/v3/{project_id}/instances/{instance_id}/alias |
rds:instance:modify |
√ |
√ |
√ |
申请内网域名 |
POST https://{Endpoint}/v3/{project_id}/instances/{instance_id}/create-dns |
rds:instance:createDns |
√ |
√ |
× |
修改内网域名 |
PUT https://{Endpoint}/v3/{project_id}/instances/{instance_id}/modify-dns |
rds:instance:modifyDns |
√ |
√ |
√ |
变更数据库实例的规格 |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:modifySpec |
√ |
√ |
× |
扩容数据库实例的磁盘空间 |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:extendSpace |
√ |
√ |
√ |
单机转主备实例 |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:singleToHa (加密实例需要在项目上配置KMS Administrator权限。) |
√ |
√ |
√ |
重启数据库实例 |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:restart |
√ |
√ |
√ |
删除数据库实例 |
DELETE /v3/{project_id}/instances/{instance_id} |
rds:instance:delete |
√ |
√ |
√ |
查询数据库实例列表 |
GET /v3/{project_id}/instances |
rds:instance:list |
√ |
√ |
√ |
查询跨区域备份实例列表 |
GET /v3/{project_id}/backups/offsite-backup-instance |
rds:instance:list |
√ |
√ |
√ |
绑定和解绑弹性公网IP |
PUT /v3/{project_id}/instances/{instance_id}/public-ip |
rds:instance:modifyPublicAccess |
√ |
√ |
× |
修改数据库实例密码 |
PUT /v3/{project_id}/instances/{instance_id}/password |
rds:password:update |
√ |
√ |
√ |
手动主备倒换 |
PUT /v3/{project_id}/instances/{instance_id}/failover |
rds:instance:switchover |
√ |
√ |
√ |
修改主备切换策略 |
PUT /v3/{project_id}/instances/{instance_id}/failover/strategy |
rds:instance:modifyStrategy |
√ |
√ |
√ |
修改主备同步模式 |
PUT /v3/{project_id}/instances/{instance_id}/failover/mode |
rds:instance:modifySynchronizeModel |
√ |
√ |
√ |
修改运维时间窗 |
PUT /v3/{project_id}/instances/{instance_id}/ops-window |
rds:instance:modify |
√ |
√ |
√ |
备机可用区迁移 |
POST /v3/{project_id}/instances/{instance_id}/migrateslave |
rds:instance:create |
√ |
√ |
× |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
配置主实例容灾能力 |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:buildDrRelation |
√ |
√ |
× |
配置灾备实例容灾能力 |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:buildDrRelation |
√ |
√ |
√ |
灾备升主 |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:modifyDRRole |
√ |
√ |
√ |
查询跨云容灾复制状态 |
GET /v3/{project_id}/instances/{instance_id}/disaster-recovery |
rds:instance:list |
√ |
√ |
× |
API功能 |
对应API接口 |
授权项(Action) |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
设置SSL数据加密 |
PUT /v3/{project_id}/instances/{instance_id}/ssl |
rds:instance:modifySSL |
√ |
√ |
√ |
修改数据库端口 |
PUT /v3/{project_id}/instances/{instance_id}/port |
rds:instance:modifyPort |
√ |
√ |
√ |
修改内网地址 |
PUT /v3/{project_id}/instances/{instance_id}/ip |
rds:instance:modifyIp |
√ |
√ |
√ |
修改安全组 |
PUT /v3/{project_id}/instances/{instance_id}/security-group |
rds:instance:modifySecurityGroup |
√ |
√ |
√ |
API功能 |
对应API接口 |
授权项(Action) |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
获取参数模板列表 |
GET /v3/{project_id}/configurations |
rds:param:list |
√ |
√ |
√ |
创建参数模板 |
POST /v3/{project_id}/configurations |
rds:param:create |
√ |
√ |
× |
修改参数模板参数 |
PUT /v3/{project_id}/configurations/{config_id} |
rds:param:modify |
√ |
√ |
√ |
应用参数模板 |
PUT /v3/{project_id}/configurations/{config_id}/apply |
rds:param:apply |
√ |
√ |
× |
修改指定实例的参数 |
PUT /v3/{project_id}/instances/{instance_id}/configurations |
rds:param:modify |
√ |
√ |
√ |
获取指定实例的参数模板 |
GET /v3/{project_id}/instances/{instance_id}/configurations |
rds:param:list |
√ |
√ |
√ |
获取指定参数模板的参数 |
GET /v3/{project_id}/configurations/{config_id} |
rds:param:list |
√ |
√ |
√ |
删除参数模板 |
DELETE /v3/{project_id}/configurations/{config_id} |
rds:param:delete |
√ |
√ |
× |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
设置自动备份策略 |
PUT /v3/{project_id}/instances/{instance_id}/backups/policy |
rds:instance:modifyBackupPolicy |
√ |
√ |
√ |
设置跨区域备份策略 |
PUT /v3/{project_id}/instances/{instance_id}/backups/offsite-policy |
rds:instance:modifyBackupPolicy |
√ |
√ |
√ |
查询自动备份策略 |
GET /v3/{project_id}/instances/{instance_id}/backups/policy |
rds:instance:list |
√ |
√ |
√ |
查询跨区域备份策略 |
GET /v3/{project_id}/instances/{instance_id}/backups/offsite-policy |
rds:instance:list |
√ |
√ |
√ |
创建手动备份 |
POST /v3/{project_id}/backups |
rds:backup:create |
√ |
√ |
× |
获取备份列表 |
GET /v3/{project_id}/backups?instance_id={instance_id} |
rds:backup:list |
√ |
√ |
× |
获取跨区域备份列表 |
GET /v3/{project_id}/offsite-backups?instance_id={instance_id} |
rds:backup:list |
√ |
√ |
× |
获取备份下载链接 |
GET /v3/{project_id}/backup-files?backup_id={backup_id} |
rds:backup:download |
√ |
√ |
× |
删除手动备份 |
DELETE /v3/{project_id}/backups/{backup_id} |
rds:backup:delete |
√ |
√ |
× |
查询可恢复时间段 |
GET /v3/{project_id}/instances/{instance_id}/restore-time |
rds:instance:list |
√ |
√ |
× |
查询跨区域备份可恢复时间段 |
GET /v3/{project_id}/instances/{instance_id}/offsite-restore-time |
rds:instance:list |
√ |
√ |
× |
恢复到新实例 |
POST /v3/{project_id}/instances |
rds:instance:create (加密实例需要在项目上配置KMS Administrator权限。) |
√ |
√ |
× |
恢复到已有或当前实例 |
POST /v3/{project_id}/instances/recovery |
rds:instance:restoreInPlace |
√ |
√ |
× |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
查询数据库错误日志 |
GET /v3/{project_id}/instances/{instance_id}/errorlog?start_date={start_date}&end_date={end_date} |
rds:log:list |
√ |
√ |
√ |
查询数据库慢日志 |
GET /v3/{project_id}/instances/{instance_id}/slowlog?start_date={start_date}&end_date={end_date} |
rds:log:list |
√ |
√ |
√ |
设置审计日志策略 |
PUT /v3/{project_id}/instances/{instance_id}/auditlog-policy |
rds:auditlog:operate |
√ |
√ |
√ |
查询审计日志策略 |
GET /v3/{project_id}/instances/{instance_id}/auditlog-policy |
rds:auditlog:list |
√ |
√ |
√ |
获取审计日志列表 |
GET /v3/{project_id}/instances/{instance_id}/auditlog?start_time={start_time}&end_time={end_time}&offset={offset}&limit={limit} |
rds:auditlog:list |
√ |
√ |
√ |
生成审计日志下载链接 |
POST /v3/{project_id}/instances/{instance_id}/auditlog-links |
rds:auditlog:download |
√ |
√ |
√ |
获取慢日志下载链接 |
POST /v3/{project_id}/instances/{instance_id}/slowlog-download |
rds:log:download |
√ |
√ |
√ |
获取binlog本地保留时长 |
GET /v3/{project_id}/instances/{instance_id}/binlog/clear-policy |
rds:binlog:get |
√ |
√ |
√ |
设置binlog本地保留时长 |
PUT /v3/{project_id}/instances/{instance_id}/binlog/clear-policy |
rds:binlog:setPolicy |
√ |
√ |
√ |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
创建数据库 |
POST /v3/{project_id}/instances/{instance_id}/database |
rds:database:create |
√ |
√ |
√ |
查询数据库列表 |
GET /v3/{project_id}/instances/{instance_id}/database/detail?page={page}&limit={limit} |
rds:database:list |
√ |
√ |
√ |
查询指定用户的已授权数据库 |
GET /v3/{project_id}/instances/{instance_id}/db_user/database?user-name={user-name}&page={page}&limit={limit} |
rds:database:list |
√ |
√ |
√ |
删除数据库 |
DELETE /v3/{project_id}/instances/{instance_id}/database/{db_name} |
rds:database:drop |
√ |
√ |
√ |
创建数据库用户 |
POST /v3/{project_id}/instances/{instance_id}/db_user |
rds:databaseUser:create |
√ |
√ |
√ |
查询数据库用户列表 |
GET /v3/{project_id}/instances/{instance_id}/db_user/detail?page={page}&limit={limit} |
rds:databaseUser:list |
√ |
√ |
√ |
查询指定数据库的已授权用户 |
GET /v3/{project_id}/instances/{instance_id}/database/db_user?db-name={db-name}&page={page}&limit={limit} |
rds:databaseUser:list |
√ |
√ |
√ |
修改数据库用户的备注 |
PUT /v3/{project_id}/instances/{instance_id}/db-users/{user_name}/comment |
rds:databaseUser:update |
√ |
√ |
√ |
删除数据库用户 |
DELETE /v3/{project_id}/instances/{instance_id}/db_user/{user_name} |
rds:databaseUser:drop |
√ |
√ |
√ |
授权数据库账号 |
POST /v3/{project_id}/instances/{instance_id}/db_privilege |
rds:databasePrivilege:grant |
√ |
√ |
√ |
修改数据库账号密码 |
POST /v3/{project_id}/instances/{instance_id}/db_user/resetpwd |
rds:password:update |
√ |
√ |
√ |
解除数据库账号权限 |
DELETE /v3/{project_id}/instances/{instance_id}/db_privilege |
rds:databasePrivilege:revoke |
√ |
√ |
√ |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
创建数据库 |
POST /v3/{project_id}/instances/{instance_id}/database |
rds:database:create |
√ |
√ |
√ |
创建数据库用户 |
POST /v3/{project_id}/instances/{instance_id}/db_user |
rds:databaseUser:create |
√ |
√ |
√ |
授权数据库账号 |
POST /v3/{project_id}/instances/{instance_id}/db_privilege |
rds:databasePrivilege:grant |
√ |
√ |
√ |
创建数据库 schema |
POST /v3/{project_id}/instances/{instance_id}/schema |
rds:database:create |
√ |
√ |
√ |
查询数据库列表 |
GET /v3/{project_id}/instances/{instance_id}/database/detail?page={page}&limit={limit} |
rds:database:list |
√ |
√ |
√ |
查询数据库用户列表 |
GET /v3/{project_id}/instances/{instance_id}/db_user/detail?page={page}&limit={limit} |
rds:databaseUser:list |
√ |
√ |
√ |
查询数据库SCHEMA列表 |
GET /v3/{project_id}/instances/{instance_id}/schema/detail?db_name={name}page={page}&limit={limit} |
rds:database:list |
√ |
√ |
√ |
修改数据库用户的备注 |
PUT /v3/{project_id}/instances/{instance_id}/db-users/{user_name}/comment |
rds:databaseUser:update |
√ |
√ |
√ |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
设置回收站策略 |
PUT https://{Endpoint}/v3/{project_id}/instances/recycle-policy |
rds:instance:setRecycleBin |
√ |
× |
× |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
批量添加删除标签 |
POST /v3/{project_id}/instances/{instance_id}/tags/action |
rds:instance:dealTag |
√ |
√ |
√ |
查询项目标签 |
GET /v3/{project_id}/tags |
rds:tag:list |
√ |
√ |
× |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
查询配额 |
GET https://{Endpoint}/v3/{project_id}/quotas |
rds:instance:list |
√ |
√ |
√ |
API功能 |
对应API接口 |
授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
实例授权 |
---|---|---|---|---|---|
获取任务信息 |
GET /v3/{project_id}/jobs?id={id} |
rds:task:list |
√ |
√ |
× |