文档首页 > > API参考> 权限策略和授权项> RDS授权分类

RDS授权分类

分享
更新时间:2021/01/14 GMT+08:00
表1 公共查询

权限

对应API接口

授权项(Action)

IAM项目(Project)

企业项目(Enterprise Project)

查询数据库引擎版本

GET /v3/{projectId}/datastores/{database_name}

无需授权

查询数据库规格

GET /v3/{project_id}/flavors/{database_name}?version_name={version_name}

无需授权

查询数据库存储规格

GET /v3/{project_id}/storage-type/{database_name}?version_name={version_name}

无需授权

表2 实例管理

API功能

对应API接口

授权项(Action)

IAM项目(Project)

企业项目(Enterprise Project)

创建数据库实例

POST /v3/{project_id}/instances

rds:instance:create

(创建加密实例需要在项目上配置KMS Administrator权限。)

修改实例名称

PUT https://{Endpoint}/v3/{project_id}/instances/{instance_id}/name

rds:instance:modify

修改实例备注

PUT

https://{Endpoint}/v3/{project_id}/instances/{instance_id}/alias

rds:instance:modify

申请内网域名

POST

https://{Endpoint}/v3/{project_id}/instances/{instance_id}/create-dns

rds:instance:createDns

修改内网域名

PUT

https://{Endpoint}/v3/{project_id}/instances/{instance_id}/modify-dns

rds:instance:modifyDns

变更数据库实例的规格

POST /v3/{project_id}/instances/{instance_id}/action

rds:instance:modifySpec

扩容数据库实例的磁盘空间

POST /v3/{project_id}/instances/{instance_id}/action

rds:instance:extendSpace

单机转主备实例

POST /v3/{project_id}/instances/{instance_id}/action

rds:instance:singleToHa

(加密实例需要在项目上配置KMS Administrator权限。)

重启数据库实例

POST /v3/{project_id}/instances/{instance_id}/action

rds:instance:restart

删除数据库实例

DELETE /v3/{project_id}/instances/{instance_id}

rds:instance:delete

查询数据库实例列表

GET /v3/{project_id}/instances

rds:instance:list

查询跨区域备份实例列表

GET /v3/{project_id}/backups/offsite-backup-instance

rds:instance:list

绑定和解绑弹性公网IP

PUT /v3/{project_id}/instances/{instance_id}/public-ip

rds:instance:modifyPublicAccess

修改数据库实例密码

PUT /v3/{project_id}/instances/{instance_id}/password

rds:password:update

手动主备倒换

PUT /v3/{project_id}/instances/{instance_id}/failover

rds:instance:switchover

修改主备切换策略

PUT /v3/{project_id}/instances/{instance_id}/failover/strategy

rds:instance:modifyStrategy

修改主备同步模式

PUT /v3/{project_id}/instances/{instance_id}/failover/mode

rds:instance:modifySynchronizeModel

修改运维时间窗

PUT

/v3/{project_id}/instances/{instance_id}/ops-window

rds:instance:modify

备机可用区迁移

POST /v3/{project_id}/instances/{instance_id}/migrateslave

rds:instance:create

表3 数据库安全性

API功能

对应API接口

授权项(Action)

IAM项目(Project)

企业项目(Enterprise Project)

设置SSL数据加密

PUT /v3/{project_id}/instances/{instance_id}/ssl

rds:instance:modifySSL

修改数据库端口

PUT /v3/{project_id}/instances/{instance_id}/port

rds:instance:modifyPort

修改内网地址

PUT /v3/{project_id}/instances/{instance_id}/ip

rds:instance:modifyIp

修改安全组

PUT /v3/{project_id}/instances/{instance_id}/security-group

rds:instance:modifySecurityGroup

表4 参数配置

API功能

对应API接口

授权项(Action)

IAM项目(Project)

企业项目(Enterprise Project)

获取参数模板列表

GET /v3/{project_id}/configurations

rds:param:list

创建参数模板

POST /v3/{project_id}/configurations

rds:param:create

修改参数模板参数

PUT /v3/{project_id}/configurations/{config_id}

rds:param:modify

应用参数模板

PUT /v3/{project_id}/configurations/{config_id}/apply

rds:param:apply

修改指定实例的参数

PUT /v3/{project_id}/instances/{instance_id}/configurations

rds:param:modify

获取指定实例的参数模板

GET /v3/{project_id}/instances/{instance_id}/configurations

rds:param:list

获取指定参数模板的参数

GET /v3/{project_id}/configurations/{config_id}

rds:param:list

删除参数模板

DELETE /v3/{project_id}/configurations/{config_id}

rds:param:delete

表5 备份与恢复

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

设置自动备份策略

PUT /v3/{project_id}/instances/{instance_id}/backups/policy

rds:instance:modifyBackupPolicy

设置跨区域备份策略

PUT /v3/{project_id}/instances/{instance_id}/backups/offsite-policy

rds:instance:modifyBackupPolicy

查询自动备份策略

GET /v3/{project_id}/instances/{instance_id}/backups/policy

rds:instance:list

查询跨区域备份策略

GET /v3/{project_id}/instances/{instance_id}/backups/offsite-policy

rds:instance:list

创建手动备份

POST /v3/{project_id}/backups

rds:backup:create

获取备份列表

GET /v3/{project_id}/backups?instance_id={instance_id}

rds:backup:list

获取跨区域备份列表

GET /v3/{project_id}/offsite-backups?instance_id={instance_id}

rds:backup:list

获取备份下载链接

GET /v3/{project_id}/backup-files?backup_id={backup_id}

rds:backup:download

删除手动备份

DELETE /v3/{project_id}/backups/{backup_id}

rds:backup:delete

查询可恢复时间段

GET /v3/{project_id}/instances/{instance_id}/restore-time

rds:instance:list

查询跨区域备份可恢复时间段

GET /v3/{project_id}/instances/{instance_id}/offsite-restore-time

rds:instance:list

恢复到新实例

POST /v3/{project_id}/instances

rds:instance:create

(加密实例需要在项目上配置KMS Administrator权限。)

恢复到已有或当前实例

POST /v3/{project_id}/instances/recovery

rds:instance:restoreInPlace

表6 获取日志信息

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

查询数据库错误日志

GET /v3/{project_id}/instances/{instance_id}/errorlog?start_date={start_date}&end_date={end_date}

rds:log:list

查询数据库慢日志

GET /v3/{project_id}/instances/{instance_id}/slowlog?start_date={start_date}&end_date={end_date}

rds:log:list

设置审计日志策略

PUT

/v3/{project_id}/instances/{instance_id}/auditlog-policy

rds:auditlog:operate

查询审计日志策略

GET

/v3/{project_id}/instances/{instance_id}/auditlog-policy

rds:auditlog:list

获取审计日志列表

GET

/v3/{project_id}/instances/{instance_id}/auditlog?start_time={start_time}&end_time={end_time}&offset={offset}&limit={limit}

rds:auditlog:list

生成审计日志下载链接

POST

/v3/{project_id}/instances/{instance_id}/auditlog-links

rds:auditlog:download

获取慢日志下载链接

POST

/v3/{project_id}/instances/{instance_id}/slowlog-download

rds:log:download

表7 管理数据库和用户(MySQL)

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建数据库

POST /v3/{project_id}/instances/{instance_id}/database

rds:database:create

查询数据库列表

GET /v3/{project_id}/instances/{instance_id}/database/detail?page={page}&limit={limit}

rds:database:list

查询指定用户的已授权数据库

GET /v3/{project_id}/instances/{instance_id}/db_user/database?user-name={user-name}&page={page}&limit={limit}

rds:database:list

删除数据库

DELETE /v3/{project_id}/instances/{instance_id}/database/{db_name}

rds:database:drop

创建数据库用户

POST /v3/{project_id}/instances/{instance_id}/db_user

rds:databaseUser:create

查询数据库用户列表

GET /v3/{project_id}/instances/{instance_id}/db_user/detail?page={page}&limit={limit}

rds:databaseUser:list

查询指定数据库的已授权用户

GET /v3/{project_id}/instances/{instance_id}/database/db_user?db-name={db-name}&page={page}&limit={limit}

rds:databaseUser:list

删除数据库用户

DELETE /v3/{project_id}/instances/{instance_id}/db_user/{user_name}

rds:databaseUser:drop

授权数据库帐号

POST /v3/{project_id}/instances/{instance_id}/db_privilege

rds:databasePrivilege:grant

修改数据库账号密码

POST /v3/{project_id}/instances/{instance_id}/db_user/resetpwd

rds:password:update

解除数据库帐号权限

DELETE /v3/{project_id}/instances/{instance_id}/db_privilege

rds:databasePrivilege:revoke

表8 标签管理

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

批量添加删除标签

POST /v3/{project_id}/instances/{instance_id}/tags/action

rds:instance:dealTag

查询项目标签

GET

/v3/{project_id}/tags

rds:tag:list

表9 任务功能

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

获取任务信息

GET /v3/{project_id}/jobs?id={id}

rds:task:list

表10 管理数据库和用户(PostgreSQL)

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

创建数据库

POST /v3/{project_id}/instances/{instance_id}/database

rds:database:create

创建数据库用户

POST /v3/{project_id}/instances/{instance_id}/db_user

rds:databaseUser:create

授权数据库帐号

POST /v3/{project_id}/instances/{instance_id}/db_privilege

rds:databasePrivilege:grant

创建数据库 schema

POST

/v3/{project_id}/instances/{instance_id}/schema

rds:database:create

查询数据库列表

GET

/v3/{project_id}/instances/{instance_id}/database/detail?page={page}&limit={limit}

rds:database:list

查询数据库用户列表

GET

/v3/{project_id}/instances/{instance_id}/db_user/detail?page={page}&limit={limit}

rds:databaseUser:list

查询数据库SCHEMA列表

GET

/v3/{project_id}/instances/{instance_id}/schema/detail?db_name={name}page={page}&limit={limit}

rds:database:list

表11 数据库代理(PostgreSQL)

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

开启数据库代理

POST

/v3/{project_id}/instances/{instance_id}/proxy

rds:instance:modifyProxy

关闭数据库代理

DELETE

/v3/{project_id}/instances/{instance_id}/proxy

rds:instance:modifyProxy

查询数据库代理信息

GET

/v3/{project_id}/instances/{instance_id}/proxy

rds:instance:list

修改读写分离权重

PUT

/v3/{project_id}/instances/{instance_id}/proxy/weight

rds:instance:modifyProxy

修改读写分离阈值

PUT

/v3/{project_id}/instances/{instance_id}/proxy/delay-threshold

rds:instance:modifyProxy

表12 灾备实例

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

配置主实例容灾能力

POST

/v3/{project_id}/instances/{instance_id}/action

rds:instance:buildDrRelation

配置灾备实例容灾能力

POST

/v3/{project_id}/instances/{instance_id}/action

rds:instance:buildDrRelation

灾备升主

POST

/v3/{project_id}/instances/{instance_id}/action

rds:instance:modifyDRRole

查询跨云容灾复制状态

GET /v3/{project_id}/instances/{instance_id}/disaster-recovery

rds:instance:list

表13 回收站

API功能

对应API接口

授权项

IAM项目(Project)

企业项目(Enterprise Project)

设置回收站策略

PUT https://{Endpoint}/v3/{project_id}/instances/recycle-policy

rds:instance:setRecycleBin

分享:

    相关文档

    相关产品

文档是否有解决您的问题?

提交成功!非常感谢您的反馈,我们会继续努力做到更好!
反馈提交失败,请稍后再试!

*必选

请至少选择或填写一项反馈信息

字符长度不能超过200

提交反馈 取消

如您有其它疑问,您也可以通过华为云社区问答频道来与我们联系探讨

智能客服提问云社区提问