Help Center> > API Reference >Permissions Policies and Supported Actions

Permissions Policies and Supported Actions

This chapter describes fine-grained permissions management for your DCS. If your HUAWEI CLOUD account does not need individual IAM users, then you may skip over this chapter.

A policy is a set of permissions defined in JSON format. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on DCS based on the permissions. or more information about policy syntax and for example policies, see Permissions Management.

A HUAWEI CLOUD account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users that have been granted permissions allowing the actions can call the API successfully. For example, if an IAM user creates DCS instances using an API, the user must have been granted permissions that allow the dcs:instance:create action.

Supported Actions

Operations supported by a fine-grained policy are specific to APIs. The following describes the headers of the action table provided in this chapter:

  • Permissions: Defined by actions in a custom policy.
  • Actions: Added to a custom policy to control permissions for specific operations.
  • Authorization Scope: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Project. For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?
  • APIs: REST APIs that can be called in a custom policy.

DCS supports the following actions that can be defined in custom policies: These permissions must be obtained before calling DCS APIs. For details on how to obtain permissions, visit the Identity and Access Management help center.

Table 1 DCS actions

Permissions

Actions

Authorization Scope

APIs

Creating DCS Instances

dcs:instance:create

  • Supported: IAM projects
  • Supported: Enterprise projects

POST /v1.0/{project_id}/instances

Querying Details About a Specified Instance

dcs:instance:get

  • Supported: IAM projects
  • Supported: Enterprise projects

GET /v1.0/{project_id}/instances/{instance_id}

Modifying Instance Information

dcs:instance:modify

  • Supported: IAM projects
  • Supported: Enterprise projects

PUT /v1.0/{project_id}/instances/{instance_id}

Deleting DCS Instances

dcs:instance:delete

  • Supported: IAM projects
  • Supported: Enterprise projects

DELETE /v1.0/{project_id}/instances/{instance_id}

Scaling Up DCS Instances

dcs:instance:scale

  • Supported: IAM projects
  • Supported: Enterprise projects

POST /v1.0/{project_id}/instances/{instance_id}/extend

Querying DCS Instances

dcs:instance:list

  • Supported: IAM projects
  • Supported: Enterprise projects

GET /v1.0/{project_id}/instances

Querying Instance Configurations

dcs:instance:getConfiguration

  • Supported: IAM projects
  • Supported: Enterprise projects

GET /v1.0/{project_id}/instances/{instance_id}/configs

Modifying Instance Configurations

dcs:instance:modifyConfigureation

  • Supported: IAM projects
  • Supported: Enterprise projects

PUT /v1.0/{project_id}/instances/{instance_id}/configs

Starting, Stopping, Restarting Instances or Clearing Instance Data

dcs:instance:modifyStatus

  • Supported: IAM projects
  • Supported: Enterprise projects

PUT /v1.0/{project_id}/instances/status

Modifying Instance Passwords

dcs:instance:modifyAuthInfo

  • Supported: IAM projects
  • Supported: Enterprise projects

PUT /v1.0/{project_id}/instances/{instance_id}/password

Backing Up Instance Data

dcs:instance:backupData

  • Supported: IAM projects
  • Supported: Enterprise projects

POST /v1.0/{project_id}/instances/{instance_id}/backups

Restoring Instance Data

dcs:instance:restoreData

  • Supported: IAM projects
  • Supported: Enterprise projects

POST /v1.0/{project_id}/instances/{instance_id}/restores

Querying Instance Backup Tasks

dcs:instance:getDataBackupLog

  • Supported: IAM projects
  • Supported: Enterprise projects

GET /v1.0/{project_id}/instances/{instance_id}/backups

Querying Instance Restoration Tasks

dcs:instance:getDataRestoreLog

  • Supported: IAM projects
  • Supported: Enterprise projects

GET /v1.0/{project_id}/instances/{instance_id}/restores

Deleting Backup Files

dcs:instance:deleteDataBackupFile

  • Supported: IAM projects
  • Supported: Enterprise projects

DELETE /v1.0/{project_id}/instances/{instance_id}/backups/{backup_id}

Querying Background Tasks

dcs:instance:getBackgroundTask

  • Supported: IAM projects
  • Supported: Enterprise projects

GET /v1.0/{project_id}/instances/{instance_id}/tasks

Deleting Background Tasks

dcs:instance:deleteBackgroundTask

  • Supported: IAM projects
  • Supported: Enterprise projects

DELETE /v1.0/{project_id}/instances/{instance_id}/tasks/{task_id}

Performing a Master/Standby Switchover

dcs:instance:swap

  • Supported: IAM projects
  • Supported: Enterprise projects

API not supported.

Resetting Instance Passwords

dcs:instance:resetAuthInfo

  • Supported: IAM projects
  • Supported: Enterprise projects

API not supported.

Downloading Backup Files

dcs:instance:downloadBackupData

  • Supported: IAM projects
  • Supported: Enterprise projects

API not supported.

Migrating Instance Data

dcs:instance:migrateData

  • Supported: IAM projects
  • Supported: Enterprise projects

API not supported.