策略授权参考
本章节介绍TaurusDB策略授权场景下支持的策略授权项。
支持的授权项
策略包含系统策略和自定义策略,如果系统策略不满足授权要求,管理员可以创建自定义策略,并通过给用户组授予自定义策略来进行精细的访问控制。策略支持的操作与API相对应,授权项列表说明如下:
- 权限:允许或拒绝某项操作。
- 对应API接口:自定义策略实际调用的API接口。
- 授权项:自定义策略中支持的Action,在自定义策略中的Action中写入授权项,可以实现授权项对应的权限功能。
- 依赖的授权项:部分Action存在对其他Action的依赖,需要将依赖的Action同时写入授权项,才能实现对应的权限功能。
- IAM项目(Project)/企业项目(Enterprise Project):自定义策略的授权范围,包括IAM项目与企业项目。授权范围如果同时支持IAM项目和企业项目,表示此授权项对应的自定义策略,可以在IAM和企业管理两个服务中给用户组授权并生效。如果仅支持IAM项目,不支持企业项目,表示仅能在IAM中给用户组授权并生效,如果在企业管理中授权,则该自定义策略不生效。管理员可以在授权项列表中查看授权项是否支持IAM项目或企业项目,“√”表示支持,“×”表示暂不支持。关于IAM项目与企业项目的区别,详情请参见:IAM与企业管理的区别。
TaurusDB的支持自定义策略授权项如下所示:
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 查询数据库引擎版本 | GET /v3/{project_id}/datastores/{database_name} | gaussdb:instance:list | √ | √ |
| 查询数据库规格 | GET /v3/{project_id}/flavors/{database_name} | gaussdb:instance:list | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 创建数据库实例 | POST /v3/{project_id}/instances | gaussdb:instance:create | √ | √ |
| 重启数据库实例 | POST /v3/{project_id}/instances/{instance_id}/restart | gaussdb:instance:restart | √ | √ |
| 删除/退订数据库实例 | DELETE /v3/{project_id}/instances/{instance_id} | gaussdb:instance:delete | √ | √ |
| 创建只读节点 | POST /v3/{project_id}/instances/{instance_id}/nodes/enlarge | gaussdb:instance:addNodes | √ | √ |
| 删除/退订只读节点 | DELETE /v3/{project_id}/instances/{instance_id}/nodes/{node_id} | gaussdb:instance:deleteNodes | √ | √ |
| 包周期存储扩容 | POST /v3/{project_id}/instances/{instance_id}/volume/extend | gaussdb:instance:modifyStorageSize | √ | √ |
| 修改实例名称 | PUT /v3/{project_id}/instances/{instance_id}/name | gaussdb:instance:rename | √ | √ |
| 重置数据库密码 | POST /v3/{project_id}/instances/{instance_id}/password | gaussdb:instance:modifyPassword | √ | √ |
| 变更实例规格 | POST /v3/{project_id}/instances/{instance_id}/action | gaussdb:instance:modifySpec | √ | √ |
| 查询专属资源池列表 | GET /v3/{project_id}/dedicated-resources | gaussdb:instance:list | √ | √ |
| 查询专属资源信息详情 | GET /v3/{project_id}/dedicated-resource/{dedicated_resource_id} | gaussdb:instance:list | √ | √ |
| 设置实例秒级监控 | PUT /v3/{project_id}/instances/{instance_id}/monitor-policy | gaussdb:instance:modify gaussdb:instance:modifyMonitorPolicy | √ | √ |
| 查询实例秒级监控 | GET /v3/{project_id}/instances/{instance_id}/monitor-policy | gaussdb:instance:list | √ | √ |
| 节点重启 | POST /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/restart | gaussdb:instance:restart | √ | √ |
| 内核版本升级 | POST /v3/{project_id}/instances/{instance_id}/db-upgrade | gaussdb:instance:upgrade | √ | √ |
| 开关SSL | PUT /v3/{project_id}/instances/{instance_id}/ssl-option | gaussdb:instance:modifySSL | √ | √ |
| 绑定弹性公网IP | PUT /v3/{project_id}/instances/{instance_id}/public-ips/bind | gaussdb:instance:bindPublicIp | √ | √ |
| 解绑弹性公网IP | PUT /v3/{project_id}/instances/{instance_id}/public-ips/unbind | gaussdb:instance:unbindPublicIp | √ | √ |
| 手动主备倒换 | PUT /v3/{project_id}/instances/{instance_id}/switchover | gaussdb:instance:switchover | √ | √ |
| 设置可维护时间段 | PUT /v3/{project_id}/instances/{instance_id}/ops-window | gaussdb:instance:modifyMaintenanceWindow | √ | √ |
| 修改安全组 | PUT /v3/{project_id}/instances/{instance_id}/security-group | gaussdb:instance:modifySecurityGroup | √ | √ |
| 修改内网地址 | PUT /v3/{project_id}/instances/{instance_id}/internal-ip | gaussdb:instance:modifyIp | √ | √ |
| 修改实例端口 | PUT /v3/{project_id}/instances/{instance_id}/port | gaussdb:instance:modifyPort | √ | √ |
| 修改实例备注 | PUT /v3/{project_id}/instances/{instance_id}/alias | gaussdb:instance:modify | √ | √ |
| 申请内网域名 | POST /v3/{project_id}/instances/{instance_id}/dns | gaussdb:instance:createDns | √ | √ |
| 修改内网域名 | PUT /v3/{project_id}/instances/{instance_id}/dns | gaussdb:instance:modifyDns | √ | √ |
| 查询内核版本信息 | GET /v3/{project_id}/instances/{instance_id}/database-version | gaussdb:instance:list | √ | √ |
| 设置自动变配 | PUT /v3/{project_id}/instances/{instance_id}/auto-scaling/policy | gaussdb:autoscaling:createPolicy | √ | √ |
| 查询自动变配 | GET /v3/{project_id}/instances/{instance_id}/auto-scaling/policy | gaussdb:autoscaling:list | √ | √ |
| 资源预校验 | POST /v3/{project_id}/resource-check | gaussdb:instance:list | √ | √ |
| 查询实例列表 | GET /v3/{project_id}/instances | gaussdb:instance:list | √ | √ |
| 查询实例详情信息 | GET /v3/{project_id}/instances/{instance_id} | gaussdb:instance:list | √ | √ |
| 批量查询实例详情 | GET /v3/{project_id}/instances/details | gaussdb:instance:list | √ | √ |
| 设置回收站策略 | PUT /v3/{project_id}/instances/recycle-policy | gaussdb:instance:modify | √ | √ |
| 查询回收站策略 | GET /v3/{project_id}/instances/recycle-policy | gaussdb:instance:modify | √ | √ |
| 查询回收站实例信息 | GET /v3/{project_id}/instances/recycle-info | gaussdb:instance:list | √ | √ |
| 批量修改节点名称 | PUT /v3/{project_id}/instances/{instance_id}/nodes/name | gaussdb:instance:modify | √ | √ |
| 查询自动变配历史记录 | GET /v3/{project_id}/instances/{instance_id}/auto-scaling/history | gaussdb:autoscaling:list | √ | √ |
| 设置Serverless配置策略 | PUT /v3/{project_id}/instances/{instance_id}/serverless/policy | gaussdb:serverless:modifyPolicy | √ | √ |
| 修改节点故障倒换优先级 | PUT /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/priority | gaussdb:instance:modify | √ | √ |
| 查询弹性公网IP | GET /v3/{project_id}/instances/{instance_id}/eip | gaussdb:instance:list | √ | √ |
| 查询存储空间自动扩容策略 | GET /v3/{project_id}/instances/{instance_id}/storage/auto-expand-policy | gaussdb:instance:list | √ | √ |
| 修改存储空间自动扩容策略 | PUT /v3/{project_id}/instances/{instance_id}/storage/auto-expand-policy | gaussdb:instance:modify | √ | √ |
| 查询实例库表信息 | GET /v3/{project_id}/instances/{instance_id}/table-info | gaussdb:instance:list | √ | √ |
| 查询Serverless算力策略 | GET /v3/{project_id}/instances/{instance_id}/serverless/policy | gaussdb:serverless:getComputeAbilityPolicy | √ | √ |
| 查询Serverless自定义扩容策略 | GET /v3/{project_id}/instances/{instance_id}/serverless/scaling-policy | gaussdb:serverless:getScalingPolicy | √ | √ |
| 设置Serverless算力策略 | PUT /v3.1/{project_id}/instances/{instance_id}/serverless/policy | gaussdb:serverless:updateComputeAbilityPolicy | √ | √ |
| 设置Serverless自定义扩容策略 | PUT /v3/{project_id}/instances/{instance_id}/serverless/scaling-policy | gaussdb:serverless:updateScalingPolicy | √ | √ |
| 查询动态Serverless算力策略 | GET /v3/{project_id}/instances/{instance_id}/serverless/dynamic-policy | gaussdb:serverless:getDynamicPolicy | √ | √ |
| 设置动态Serverless算力策略 | POST /v3/{project_id}/instances/{instance_id}/serverless/dynamic-policy | gaussdb:serverless:updateDynamicPolicy | √ | √ |
| 删除动态Serverless算力策略 | DELETE /v3/{project_id}/instances/{instance_id}/serverless/dynamic-policy | gaussdb:serverless:deleteDynamicPolicy | √ | √ |
| 批量变更实例规格 | POST /v3/{project_id}/instances/batch/flavor | gaussdb:instance:modifySpec | √ | √ |
| 查询实例是否存在相同定时任务类型 | POST /v3/{project_id}/instances/{instance_id}/schedule-tasks/exist | gaussdb:instance:list | √ | √ |
| 批量实例小版本升级 | POST /v3/{project_id}/instances/database-version/upgrade | gaussdb:instance:upgrade | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 设置同区域备份策略 | PUT /v3/{project_id}/instances/{instance_id}/backups/policy/update | gaussdb:instance:modifyBackupPolicy | √ | √ |
| 创建手动备份 | POST /v3/{project_id}/backups/create | gaussdb:backup:create | √ | √ |
| 查询全量备份列表 | GET /v3/{project_id}/backups | gaussdb:backup:list | √ | √ |
| 查询自动备份策略 | GET /v3/{project_id}/instances/{instance_id}/backups/policy | gaussdb:backup:list | √ | √ |
| 删除手动备份 | DELETE /v3/{project_id}/backups/{backup_id} | gaussdb:backup:delete | √ | √ |
| 备份恢复到当前实例或已有实例 | POST /v3/{project_id}/instances/restore | gaussdb:instance:restoreInPlace | √ | √ |
| 查询可恢复时间段 | GET /v3/{project_id}/instances/{instance_id}/restore-time | gaussdb:backup:list | √ | √ |
| 打开或关闭备份加密 | POST /v3/{project_id}/instances/{instance_id}/backups/encryption | gaussdb:backup:encrypt | √ | √ |
| 查询实例是否开启备份加密功能 | GET /v3/{project_id}/instances/{instance_id}/backups/encryption | gaussdb:backup:list | √ | √ |
| 查询指定实例增量备份列表 | GET /v3/{project_id}/instances/{instance_id}/incremental-backups | gaussdb:instance:list | √ | √ |
| 设置跨区域备份策略 | PUT /v3/{project_id}/instances/{instance_id}/backups/offsite-policy | gaussdb:instance:modifyBackupPolicy | √ | √ |
| 表级时间点恢复 | POST /v3/{project_id}/instances/{instance_id}/backups/restore/tables | gaussdb:instance:tableRestore | √ | √ |
| 查询表级时间点恢复可选表 | GET /v3.1/{project_id}/instances/{instance_id}/backups/restore/tables | gaussdb:instance:list | √ | √ |
| 获取指定实例备份列表 | GET /v3/{project_id}/instances/{instance_id}/backups | gaussdb:backup:list | √ | √ |
| 批量删除手动备份 | DELETE /v3/{project_id}/backups | gaussdb:backup:delete | √ | √ |
| 获取指定实例备份列表 | GET /v3/{project_id}/instances/{instance_id}/backups | gaussdb:backup:list | √ | √ |
| 查询备份资源包规格 | GET /v3/{project_id}/backups/resource-package/flavors | gaussdb:backup:listResourcePackageFlavor | √ | √ |
| 创建备份资源包 | POST /v3/{project_id}/backups/resource-package | gaussdb:backup:createResourcePackage | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 查询参数模板 | GET /v3/{project_id}/configurations | gaussdb:param:list | √ | √ |
| 创建参数模板 | POST /v3/{project_id}/configurations | gaussdb:param:create | √ | √ |
| 删除参数模板 | DELETE /v3/{project_id}/configurations/{configuration_id} | gaussdb:param:delete | √ | √ |
| 获取参数模板详情 | GET /v3/{project_id}/configurations/{configuration_id} | gaussdb:param:list | √ | √ |
| 修改参数模板 | PUT /v3/{project_id}/configurations/{configuration_id} | gaussdb:param:modify | √ | √ |
| 应用参数模板 | PUT /v3/{project_id}/configurations/{configuration_id}/apply | gaussdb:param:apply | √ | √ |
| 复制参数组 | POST /v3/{project_id}/configurations/{configuration_id}/copy | gaussdb:param:create | √ | √ |
| 对比参数模板 | POST /v3/{project_id}/configurations/comparison | gaussdb:param:list | √ | √ |
| 查询可应用的实例列表 | GET /v3/{project_id}/configurations/{configuration_id}/applicable-instances | gaussdb:param:list | √ | √ |
| 查询参数修改历史 | GET /v3/{project_id}/configurations/{configuration_id}/modify-history | gaussdb:param:list | √ | √ |
| 获取指定实例的参数信息 | GET /v3/{project_id}/instances/{instance_id}/configurations | gaussdb:param:list | √ | √ |
| 修改指定实例的参数 | PUT /v3/{project_id}/instances/{instance_id}/configurations | gaussdb:param:modify | √ | √ |
| 复制实例参数组 | POST /v3/{project_id}/instances/{instance_id}/configurations/{configuration_id}/copy | gaussdb:param:modify | √ | √ |
| 查询参数模板应用记录 | GET /v3/{project_id}/configurations/{config_id}/apply-history | gaussdb:param:list | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 查询租户的实例配额 | GET /v3/{project_id}/project-quotas | gaussdb:instance:list | √ | √ |
| 查询租户基于企业项目的资源配额 | GET /v3/{project_id}/quotas | gaussdb:instance:list | √ | √ |
| 设置租户基于企业项目的资源配额 | POST /v3/{project_id}/quotas | gaussdb:quota:modify | √ | √ |
| 修改租户基于企业项目的资源配额 | PUT /v3/{project_id}/quotas | gaussdb:quota:modify | √ | √ |
| 查询企业项目 | GET /v3/{project_id}/enterprise-projects | gaussdb:instance:list | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 开启数据库代理 | POST /v3/{project_id}/instances/{instance_id}/proxy | gaussdb:proxy:create | √ | √ |
| 关闭数据库代理 | DELETE /v3/{project_id}/instances/{instance_id}/proxy | gaussdb:proxy:delete | √ | √ |
| 查询数据库代理信息列表 | GET /v3/{project_id}/instances/{instance_id}/proxies | gaussdb:proxy:list | √ | √ |
| 查询数据库代理规格信息 | GET /v3/{project_id}/instances/{instance_id}/proxy/flavors | gaussdb:proxy:list | √ | √ |
| 扩容数据库代理节点的数量 | POST /v3/{project_id}/instances/{instance_id}/proxy/enlarge | gaussdb:proxy:addNodes | √ | √ |
| 减少数据库代理节点的数量 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/reduce | gaussdb:instance:modifyProxy | √ | √ |
| 数据库代理规格变更 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/flavor | gaussdb:proxy:modifySpec | √ | √ |
| 设置读写分离权重 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/weight | gaussdb:proxy:modifyWeight | √ | √ |
| 设置读写分离路由模式 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/route-mode | gaussdb:proxy:modifyRouteMode | √ | √ |
| 设置数据库代理事务拆分 | POST /v3/{project_id}/instances/{instance_id}/proxy/transaction-split | gaussdb:proxy:modifyTransactionSplit | √ | √ |
| 修改代理会话一致性 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/session-consistence | gaussdb:proxy:modifyConsistency | √ | √ |
| 更改数据库代理连接池类型 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/connection-pool-type | gaussdb:proxy:switchConnectionPoolType | √ | √ |
| 修改读写分离端口号 | POST /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/port | gaussdb:proxy:modifyPort | √ | √ |
| 升级数据库代理实例内核版本 | POST /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/upgrade-version | gaussdb:proxy:upgrade | √ | √ |
| 修改代理实例名称 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/rename | gaussdb:instance:modifyProxy | √ | √ |
| 查询代理实例访问控制 | GET /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/ipgroup | gaussdb:instance:modifyProxy | √ | √ |
| 查询代理实例小版本 | GET /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/{engine_name}/proxy-version | gaussdb:instance:list | √ | √ |
| 修改代理实例参数 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/configurations | gaussdb:instance:modifyProxy | √ | √ |
| 查询数据库代理内核参数 | GET /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/configurations | gaussdb:proxy:queryConfigurations | √ | √ |
| 开启或关闭访问控制 | POST /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/access-control-switch | gaussdb:instance:modifyProxy | √ | √ |
| 设置访问控制规则 | POST /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/access-control | gaussdb:instance:modifyProxy | √ | √ |
| 开关数据库代理SSL | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/ssl | gaussdb:proxy:modifySSL | √ | √ |
| 重启数据库代理 | POST /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/restart | gaussdb:instance:modifyProxy | √ | √ |
| 根据可用区查询数据库代理规格信息 | GET /v3/{project_id}/proxy/flavors | gaussdb:instance:list | √ | √ |
| 开启数据库代理内网域名 | POST /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/dns | gaussdb:instance:modifyProxy | √ | √ |
| 修改数据库代理内网域名 | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/dns | gaussdb:proxy:modifyDns | √ | √ |
| 删除数据库代理内网域名 | DELETE /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/dns | gaussdb:proxy:deleteDns | √ | √ |
| 为数据库代理绑定或解绑弹性公网IP | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/bind | gaussdb:proxy:bindEip | √ | √ |
| 开启或关闭数据库代理ALT | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/alt | gaussdb:proxy:modifyAlt | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 开启或者关闭全量SQL | POST /v3/{project_id}/instance/{instance_id}/audit-log/switch | gaussdb:instance:modifyTraceSQLPolicy | √ | √ |
| 查询全量SQL开关状态 | GET /v3/{project_id}/instance/{instance_id}/audit-log/switch-status | gaussdb:instance:list | √ | √ |
| 获取慢日志详情列表 | POST /v3.1/{project_id}/instances/{instance_id}/slow-logs | gaussdb:log:list | √ | √ |
| 获取错误日志详情列表 | POST /v3.1/{project_id}/instances/{instance_id}/error-logs | gaussdb:log:list | √ | √ |
| 获取全量SQL的临时下载链接 | GET /v3/{project_id}/instance/{instance_id}/auditlog/download-link | gaussdb:instance:list | √ | √ |
| 查询实例LTS日志配置列表 | GET /v3/{project_id}/logs/lts-configs | gaussdb:log:listLtsConfig | √ | √ |
| 批量删除LTS日志配置 | POST /v3/{project_id}/logs/lts-configs | gaussdb:log:createLtsConfig | √ | √ |
| 批量创建LTS日志配置 | DELETE /v3/{project_id}/logs/lts-configs | gaussdb:log:deleteLtsConfig | √ | √ |
| 查询慢日志脱敏状态 | GET /v3/{project_id}/instances/{instance_id}/slowlog/query | gaussdb:log:list | √ | √ |
| 开启或关闭慢日志脱敏状态 | POST /v3/{project_id}/instances/{instance_id}/slowlog/modify | gaussdb:instance:modify | √ | √ |
| 查询慢日志统计信息 | POST /v3/{project_id}/instances/{instance_id}/slow-logs/statistics | gaussdb:log:list | √ | √ |
| 获取慢日志下载链接 | POST /v3/{project_id}/instances/{instance_id}/{node_id}/slowlog-download | gaussdb:log:list | √ | √ |
| 下载错误日志 | POST /v3/{project_id}/instances/{instance_id}/{node_id}/errorlog-download | gaussdb:log:list | √ | √ |
| 获取审计日志列表 | GET /v3/{project_id}/instances/{instance_id}/audit-logs | gaussdb:instance:list | √ | √ |
| 设置审计日志策略 | PUT /v3/{project_id}/instances/{instance_id}/audit-log-policy | gaussdb:instance:modify | √ | √ |
| 查询审计日志策略 | GET /v3/{project_id}/instances/{instance_id}/audit-log-policy | gaussdb:instance:list | √ | √ |
| 生成审计日志下载链接 | POST /v3/{project_id}/instances/{instance_id}/audit-log-link | gaussdb:instance:list | √ | √ |
| 设置DDL日志下载策略 | PUT /v3/{project_id}/instances/{instance_id}/ddl-log | gaussdb:log:setPolicy | √ | √ |
| 获取DDL日志下载链接 | POST /v3/{project_id}/instances/{instance_id}/ddl-log/download | gaussdb:log:download | √ | √ |
| 查询DDL下载日志列表 | GET /v3/{project_id}/instances/{instance_id}/ddl-log | gaussdb:log:list | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 查询资源标签 | GET /v3/{project_id}/instances/{instance_id}/tags | gaussdb:tag:list | √ | √ |
| 查询项目标签 | GET /v3/{project_id}/tags | gaussdb:tag:list | √ | √ |
| 批量添加或删除标签 | POST /v3/{project_id}/instances/{instance_id}/tags/action | gaussdb:instance:dealTag | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 创建数据库用户 | POST /v3/{project_id}/instances/{instance_id}/db-users | gaussdb:user:create | √ | √ |
| 查询数据库用户 | GET /v3/{project_id}/instances/{instance_id}/db-users | gaussdb:user:list | √ | √ |
| 删除数据库用户 | DELETE /v3/{project_id}/instances/{instance_id}/db-users | gaussdb:user:delete | √ | √ |
| 修改数据库用户备注 | PUT /v3/{project_id}/instances/{instance_id}/db-users/comment | gaussdb:database:modify | √ | √ |
| 修改数据库用户密码 | PUT /v3/{project_id}/instances/{instance_id}/db-users/password | gaussdb:user:modify | √ | √ |
| 授予数据库用户数据库权限 | POST /v3/{project_id}/instances/{instance_id}/db-users/privilege | gaussdb:user:grantPrivilege | √ | √ |
| 删除数据库用户的数据库权限 | DELETE /v3/{project_id}/instances/{instance_id}/db-users/privilege | gaussdb:user:revokePrivilege | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 查询数据库可用字符集 | GET /v3/{project_id}/instances/{instance_id}/databases/charsets | gaussdb:database:list | √ | √ |
| 创建数据库 | POST /v3/{project_id}/instances/{instance_id}/databases | gaussdb:database:create | √ | √ |
| 查询数据库列表 | GET /v3/{project_id}/instances/{instance_id}/databases | gaussdb:database:list | √ | √ |
| 删除数据库 | DELETE /v3/{project_id}/instances/{instance_id}/databases | gaussdb:database:delete | √ | √ |
| 修改数据库备注 | PUT /v3/{project_id}/instances/{instance_id}/databases/comment | gaussdb:user:modify | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 开启或者关闭SQL限流 | POST /v3/{project_id}/instances/{instance_id}/sql-filter/switch | gaussdb:param:modify | √ | √ |
| 查询SQL限流开关状态 | GET /v3/{project_id}/instances/{instance_id}/sql-filter/switch | gaussdb:param:list | √ | √ |
| 设置SQL限流规则 | PUT /v3/{project_id}/instances/{instance_id}/sql-filter/rules | gaussdb:param:modify | √ | √ |
| 查询SQL限流规则 | GET /v3/{project_id}/instances/{instance_id}/sql-filter/rules | gaussdb:param:list | √ | √ |
| 删除SQL限流规则 | DELETE /v3/{project_id}/instances/{instance_id}/sql-filter/rules | gaussdb:param:modify | √ | √ |
| 查询节点用户会话线程 | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/processes | gaussdb:instance:listProcesses | √ | √ |
| 终止节点用户会话线程 | DELETE /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/processes | gaussdb:instance:deleteProcesses | √ | √ |
| 查询历史SQL限流规则 | GET /v3/{project_id}/instances/{instance_id}/sql-filter/history-rules | gaussdb:param:list | √ | √ |
| 开启自治限流 | PUT /v3/{project_id}/instances/{instance_id}/auto-sql-limiting | gaussdb:param:modify | √ | √ |
| 关闭自治限流 | DELETE /v3/{project_id}/instances/{instance_id}/auto-sql-limiting | gaussdb:param:modify | √ | √ |
| 查询自治限流规则 | POST /v3/{project_id}/instances/{instance_id}/auto-sql-limiting | gaussdb:param:list | √ | √ |
| 查询自治限流执行记录 | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/auto-sql-limiting/log | gaussdb:param:list | √ | √ |
| 查询锁等待会话信息 | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/process/lock-wait | gaussdb:instance:listProcesses | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 获取指定ID的任务信息 | GET /v3/{project_id}/jobs | gaussdb:instance:list | √ | √ |
| 获取即时任务列表 | GET /v3/{project_id}/immediate-jobs | gaussdb:instance:list | √ | √ |
| 获取定时任务列表 | GET /v3/{project_id}/scheduled-jobs | gaussdb:instance:list | √ | √ |
| 取消定时任务 | DELETE /v3/{project_id}/scheduled-jobs | gaussdb:instance:delete | √ | √ |
| 删除指定任务记录 | DELETE /v3/{project_id}/jobs/{job_id} | gaussdb:instance:delete | √ | √ |
| 删除定时任务 | DELETE /v3/{project_id}/instance/{instance_id}/scheduled-jobs | gaussdb:instance:delete | √ | √ |
| 获取异步任务详情 | GET /v3/{project_id}/instances/{instance_id}/task-center-detail | gaussdb:instance:list | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project |
|---|---|---|---|---|
| 获取各指标的异常实例数 | GET /v3/{project_id}/instances/diagnosis-instance-count | gaussdb:instance:list | √ | √ |
| 获取某个指标的异常实例信息 | GET /v3/{project_id}/instances/diagnosis-instance-infos | gaussdb:instance:list | √ | √ |
| 查询智能Kill会话历史记录 | GET /v3/{project_id}/instances/{instance_id}/intelligent-kill-session/history | gaussdb:instance:showIntelligentKillSession | √ | √ |
| 执行智能Kill会话动作 | POST /v3/{project_id}/instances/{instance_id}/intelligent-kill-session | gaussdb:instance:executeIntelligentKillSession | √ | √ |
| 预览智能Kill会话结果 | GET /v3/{project_id}/instances/{instance_id}/intelligent-kill-session/statistic | gaussdb:instance:showIntelligentKillSession | √ | √ |
| 收集全部实时会话信息 | POST /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/realtime-session | gaussdb:instance:getRealtimeSession | √ | √ |
| 查看收集全部实时会话信息任务状态 | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/realtime-session-task | gaussdb:instance:getRealtimeSession | √ | √ |
| 下载全部实时会话信息 | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/realtime-session-result | gaussdb:instance:getRealtimeSession | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 恢复StarRocks数据同步 | POST /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication/resume | gaussdb:htapInstance:modifyDataSync | √ | √ |
| 查询HTAP主实例数据库表列表 | POST /v3/{project_id}/instances/{instance_id}/htap/tables | gaussdb:htapInstance:list | √ | √ |
| 暂停StarRocks数据同步 | POST /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication/pause | gaussdb:htapInstance:modifyDataSync | √ | √ |
| HTAP数据同步表配置校验 | POST /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication/table-config-check | gaussdb:htapInstance:list | √ | √ |
| 创建StarRocks实例 | POST /v3/{project_id}/instances/{instance_id}/starrocks | gaussdb:htapInstance:create | √ | √ |
| 查询StarRocks实例 | GET /v3/{project_id}/instances/{instance_id}/starrocks/{starrocks_instance_id} | gaussdb:htapInstance:list | √ | √ |
| 删除StarRocks实例 | DELETE /v3/{project_id}/instances/{instance_id}/starrocks/{starrocks_instance_id} | gaussdb:htapInstance:delete | √ | √ |
| 重启StarRocks实例 | PUT /v3/{project_id}/instances/{starrocks_instance_id}/starrocks/restart | gaussdb:htapInstance:restart | √ | √ |
| 重启StarRocks节点 | PUT /v3/{project_id}/instances/{starrocks_instance_id}/starrocks/{starrocks_node_id}/restart | gaussdb:htapInstance:restart | √ | √ |
| StarRocks资源检查 | POST /v3/{project_id}/starrocks/resource-check | gaussdb:instance:list | √ | √ |
| HTAP引擎资源查询 | GET /v3/{project_id}/htap/datastores/{engine_name} | gaussdb:instance:list | √ | √ |
| 获取HTAP实例存储类型 | GET /v3/{project_id}/htap/storage-type/{database} | gaussdb:htapInstance:list | √ | √ |
| HTAP查询规格信息 | GET /v3/{project_id}/htap/flavors/{engine_name} | gaussdb:instance:list | √ | √ |
| 查询HTAP实例列表 | GET /v3/{project_id}/instances/{instance_id}/htap | gaussdb:htapInstance:list | √ | √ |
| 创建StarRocks数据同步 | POST /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication | gaussdb:htapInstance:createDataSync | √ | √ |
| 删除StarRocks数据同步 | DELETE /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication | gaussdb:htapInstance:deleteDataSync | √ | √ |
| 查询StarRocks数据同步状态信息 | GET /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication | gaussdb:htapInstance:list | √ | √ |
| 修改StarRocks数据同步配置 | PUT /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication | gaussdb:htapInstance:modifyDataSync | √ | √ |
| HTAP数据同步库配置校验 | POST /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication/database-config-check | gaussdb:htapInstance:list | √ | √ |
| 查询StarRocks数据同步配置信息 | GET /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication/configuration | gaussdb:htapInstance:list | √ | √ |
| 查询StarRocks数据同步的库参数配置 | GET /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication/database-parameters | gaussdb:htapInstance:list | √ | √ |
| 查询StarRocks数据库 | GET /v3/{project_id}/instances/{instance_id}/starrocks/databases | gaussdb:htapInstance:list | √ | √ |
| 查询StarRocks数据库账号 | GET /v3/{project_id}/instances/{instance_id}/starrocks/users | gaussdb:htapInstance:list | √ | √ |
| 创建StarRocks数据库账号 | POST /v3/{project_id}/instances/{instance_id}/starrocks/users | gaussdb:instance:modify | √ | √ |
| 删除StarRocks数据库账户 | DELETE /v3/{project_id}/instances/{instance_id}/starrocks/users | gaussdb:user:delete | √ | √ |
| 修改StarRocks数据库账号密码 | PUT /v3/{project_id}/instances/{instance_id}/starrocks/users/password | gaussdb:htapInstance:modifyPassword | √ | √ |
| 修改StarRocks数据库账号权限 | PUT /v3/{project_id}/instances/{instance_id}/starrocks/users/permission | gaussdb:user:grantPrivilege | √ | √ |
| StarRocks实例规格变更 | POST /v3/{project_id}/instances/{instance_id}/starrocks/resize-flavor | gaussdb:htapInstance:modifySpec | √ | √ |
| 查询StarRocks参数 | GET /v3/{project_id}/instances/{instance_id}/starrocks/configurations | gaussdb:param:list | √ | √ |
| 修改StarRocks参数 | PUT /v3/{project_id}/instances/{instance_id}/starrocks/configurations | gaussdb:param:modify | √ | √ |
| StarRocks实例开启行列分流 | POST /v3/{project_id}/instances/{instance_id}/starrocks/users/sync | gaussdb:user:create | √ | √ |
| HTAP参数对比 | POST /v3/{project_id}/configurations/starrocks/comparison | gaussdb:param:list | √ | √ |
| StarRocks内核版本升级 | POST /v3/{project_id}/instances/{instance_id}/starrocks/db-upgrade | gaussdb:instance:modify | √ | √ |
| 查询HTAP主实例数据库 | POST /v3/{project_id}/instances/{instance_id}/htap/databases | gaussdb:htapInstance:list | √ | √ |
| 查询错误日志 | POST /v3/{project_id}/instances/{instance_id}/starrocks/error-logs | gaussdb:log:list | √ | √ |
| 修改StarRocks安全组 | PUT /v3/{project_id}/instances/{instance_id}/starrocks/security-group | gaussdb:instance:modify | √ | √ |
| 查询HTAP实例LTS日志配置列表 | GET /v3/{project_id}/starrocks/instances/logs/lts-configs | gaussdb:log:listLtsConfig | √ | √ |
| 查询HTAP节点信息 | GET /v3/{project_id}/instances/{instance_id}/starrocks/nodes | gaussdb:log:list | √ | √ |
| HTAP数据同步模板下载 | GET /v3/{project_id}/instances/{instance_id}/htap/template | - | - | - |
| 按目标库查询StarRocks数据同步配置信息 | GET /v3/{project_id}/instances/{instance_id}/starrocks/databases/replication/configuration/{database} | gaussdb:htapInstance:list | √ | √ |
| 设置当前查询队列阈值 | PUT /v3/{project_id}/instances/{instance_id}/query-queue/rules | gaussdb:param:modify | √ | √ |
| 查询当前查询队列开关和阈值 | GET /v3/{project_id}/instances/{instance_id}/query-queue/rules | gaussdb:param:list | √ | √ |
| 开启或者关闭查询队列功能 | POST /v3/{project_id}/instances/{instance_id}/htap/query-queue/switch | gaussdb:param:modify | √ | √ |
| HTAP库表导入校验 | POST /v3/{project_id}/instances/{instance_id}/htap/template | gaussdb:htapInstance:list | √ | √ |
| 获取StarRocks实例内核慢日志信息 | POST /v3/{project_id}/instances/{instance_id}/starrocks/slow-logs | gaussdb:log:list | √ | √ |
| 查询StarRocks实例慢日志脱敏状态 | GET /v3/{project_id}/instances/{instance_id}/starrocks/slowlog-sensitive | gaussdb:log:list | √ | √ |
| 开启或关闭StarRocks实例慢日志脱敏功能 | PUT /v3/{project_id}/instances/{instance_id}/starrocks/slowlog-sensitive | gaussdb:instance:modify | √ | √ |
| 删除HTAP实例会话 | DELETE /v3/{project_id}/instances/{instance_id}/htap/process | gaussdb:instance:modify | √ | √ |
| 查询HTAP实例当前会话 | GET /v3/{project_id}/instances/{instance_id}/htap/process | gaussdb:instance:list | √ | √ |
| 批量创建LTS日志配置 | POST /v3/{project_id}/starrocks/instances/logs/lts-configs | gaussdb:log:createLtsConfig | √ | √ |
| 批量解除LTS日志配置 | DELETE /v3/{project_id}/starrocks/instances/logs/lts-configs | gaussdb:log:deleteLtsConfig | √ | √ |
| 权限 | 对应API接口 | 授权项(Action) | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|
| 查询多租特性开关状态 | GET /v3/{project_id}/instances/{instance_id}/multi-tenant | gaussdb:instance:list | √ | √ |
| 开启或者关闭多租特性 | PUT /v3/{project_id}/instances/{instance_id}/multi-tenant | gaussdb:instance:modify | √ | √ |
