DBSS Permissions and Supported Actions
This section describes fine-grained permissions management for your DBSS resources. If your Huawei Cloud account does not need individual IAM users, you can skip this section.
By default, new IAM users do not have any permissions. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added. Users inherit permissions from the groups and can perform operations on cloud services as allowed by the permissions.
Supported Actions
DBSS provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: Statements in a policy that allow or deny certain operations.
- Actions: Specific operations that are allowed or denied.
- Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the related actions.
Table 1 lists the API actions supported by DBSS.
Permission |
Action |
---|---|
Query the list of database audit instances |
dbss:auditInstance:list |
Obtain available specifications of database audit instances |
dbss:auditInstance:getSpecification |
View database protection instance details |
dbss:defendInstance:list |
Bind or unbind an EIP |
dbss:defendInstance:eipOperate |
Delete a database protection instance |
dbss:defendInstance:delete |
Delete a database audit instance |
dbss:auditInstance:delete |
Purchase database protection instances on demand |
dbss:defendInstance:createOnDemand |
Purchase database audit instances on demand |
dbss:auditInstance:createOnDemand |
Purchase a database protection instance on demand |
dbss:defendInstance:createOnOrder |
Purchase database audit instances on demand |
dbss:auditInstance:createOnOrder |
Restart a database protection instance |
dbss:defendInstance:reboot |
Start a database audit instance |
dbss:auditInstance:start |
Stop a database audit instance |
dbss:auditInstance:stop |
Restart a database audit instance |
dbss:auditInstance:reboot |
Start a database protection instance |
dbss:defendInstance:start |
Stop a database protection instance |
dbss:defendInstance:stop |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.