Data Warehouse Service (DWS)
IAM provides system-defined identity policies to define typical cloud service permissions. You can also create custom identity policies using the actions supported by cloud services for more refined access control.
In addition to IAM, the Organizations service also provides Service Control Policies (SCPs) to set access control policies.
SCPs do not actually grant any permissions to an entity. They only set the permissions boundary for the entity. When SCPs are attached to an organizational unit (OU) or a member account, the SCPs do not directly grant permissions to that OU or member account. Instead, the SCPs only determine what permissions are available for that member account or those member accounts under that OU. The granted permissions can be applied only if they are allowed by the SCPs.
To learn more about how IAM is different from Organizations for access control, see How IAM Is Different from Organizations for Access Control?.
This section describes the elements used by IAM custom identity policies and Organizations SCPs. The elements include actions, resources, and conditions.
- For details about how to use these elements to edit an IAM custom identity policy, see Creating a Custom Identity Policy.
- For details about how to use these elements to edit a custom SCP, see Creating an SCP.
Actions
Actions are specific operations that are allowed or denied in an identity policy.
- The Access Level column describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an identity policy.
- The Resource Type column indicates whether the action supports resource-level permissions.
- You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions and you must specify all resources ("*") in your identity policy statements.
- If this column includes a resource type, you must specify the URN in the Resource element of your identity policy statements.
- Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.
For details about the resource types defined by dws, see Resources.
- The Condition Key column contains keys that you can specify in the Condition element of an identity policy statement.
- If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
- If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
- If the Condition Key column is empty (-) for an action, the action does not support any condition keys.
For details about the condition keys defined by dws, see Conditions.
- The Alias column lists the policy actions that are configured in identity policies. With these actions, you can use APIs for policy-based authorization. For details, see Policies and Identity Policies.
The following table lists the actions that you can define in identity policy statements for dws.
|
Action |
Description |
Access Level |
Resource Type (*: required) |
Condition Key |
Alias |
|---|---|---|---|---|---|
|
dws:cluster:list |
Grants permission to query cluster list. |
List |
- |
- |
- |
|
dws:cluster:getDetail |
Grants permission to get cluster detail. |
Read |
cluster * |
|
|
|
- |
|||||
|
dws:cluster:create |
Grants permission to create dws cluster. |
Write |
- |
|
|
|
dws:cluster:delete |
Grants permission to delete cluster. |
Write |
cluster * |
|
|
|
dws:cluster:scaleIn |
Grants permission to scale in dws cluster. |
Write |
cluster * |
|
|
|
dws:cluster:listRing |
Grants permission to get ring list. |
List |
cluster * |
|
|
|
dws:cluster:restore |
Grants permission to restore to the dws cluster. |
Write |
cluster * |
- |
- |
|
- |
|||||
|
dws:cluster:scaleOut |
Grants permission to scale out cluster. |
Write |
cluster * |
- |
|
|
dws:cluster:resize |
Grants permission to scale out cluster and resize. |
Write |
cluster * |
|
|
|
dws:cluster:expandDisk |
Grants permission to expand dws cluster disk. |
Write |
cluster * |
|
|
|
dws:cluster:restart |
Grants permission to restart the cluster. |
Write |
cluster * |
|
|
|
dws:cluster:resetPassword |
Grants permission to reset the cluster password. |
Write |
cluster * |
|
|
|
dws:cluster:listAuditLog |
Grants permission to list audit log. |
List |
cluster * |
- |
|
|
dws:cluster:setMaintainceWindow |
Grants permission to set maintenance window. |
Write |
cluster * |
- |
|
|
dws:cluster:switchover |
Grants permission to cluster switchover. |
Write |
cluster * |
- |
|
|
dws:cluster:cancelReadonly |
Grants permission to cancel read only for dws cluster. |
Write |
cluster * |
- |
|
|
dws:cluster:addCN |
Grants permission to add CN node. |
Write |
cluster * |
|
|
|
dws:cluster:listCN |
Grants permission to get cluster CN list. |
List |
cluster * |
- |
|
|
dws:cluster:deleteCN |
Grants permission to delete CN node. |
Write |
cluster * |
|
|
|
dws:cluster:redistribution |
Grants permission to redistribution. |
Write |
cluster * |
|
|
|
dws:cluster:createDataSource |
Grants permission to create MRS connection. |
Write |
cluster * |
|
|
|
dws:cluster:updateDataSource |
Grants permission to update MRS connection. |
Write |
cluster * |
|
|
|
dws:cluster:deleteDataSource |
Grants permission to delete MRS connection. |
Write |
cluster * |
|
|
|
dws:alarm:listConfig |
Grants permission to query alarm config. |
List |
- |
- |
|
|
dws:alarm:listDetail |
Grants permission to query alarm details. |
List |
- |
- |
|
|
dws:alarm:listStatistics |
Grants permission to query alarm statics. |
List |
- |
- |
|
|
dws:alarm:createSubscription |
Grants permission to create alarm subscription. |
Write |
- |
- |
|
|
dws:alarm:listSubscription |
Grants permission to query alarm subscription. |
List |
- |
- |
|
|
dws:alarm:updateSubscription |
Grants permission to update query alarm subscription. |
Write |
- |
- |
|
|
dws:alarm:deleteSubscription |
Grants permission to delete query alarm subscription. |
Write |
- |
- |
|
|
dws:alarm:report |
Grants permission to report alarm. |
Write |
- |
- |
- |
|
dws:event:list |
Grants permission to query event lists. |
List |
- |
- |
- |
|
dws:event:listSpec |
Grants permission to query event configuration. |
List |
- |
- |
|
|
dws:event:listSubscription |
Grants permission to query event subscription. |
Read |
- |
- |
|
|
dws:event:createSpec |
Grants permission to create event configuration. |
Write |
- |
- |
- |
|
dws:event:deleteSpec |
Grants permission to delete event configuration. |
Write |
- |
- |
- |
|
dws:event:createSubscription |
Grants permission to create event subscription. |
Write |
- |
- |
|
|
dws:event:updateSubscription |
Grants permission to update event subscription. |
Write |
- |
- |
|
|
dws:event:deleteSubscription |
Grants permission to delete event subscription. |
Write |
- |
- |
|
|
dws:event:report |
Grants permission to report event. |
Write |
- |
- |
- |
|
dws:cluster:createConnection |
Grants permission to create dws connection. |
Write |
cluster * |
|
|
|
dws:cluster:deleteConnection |
Grants permission to delete dws connection. |
Write |
cluster * |
|
|
|
dws:cluster:updateConnection |
Grants permission to update dws connection. |
Write |
cluster * |
|
|
|
dws:cluster:bindEIP |
Grants permission to public network IP binding. |
Write |
cluster * |
|
|
|
dws:cluster:unbindEIP |
Grants permission to public network IP unbinding. |
Write |
cluster * |
|
|
|
dws:cluster:listELB |
Grants permission to list elb. |
List |
cluster * |
|
|
|
dws:cluster:bindELB |
Grants permission to bind elb. |
Write |
cluster * |
|
|
|
dws:cluster:unbindELB |
Grants permission to unbind elb. |
Write |
cluster * |
|
|
|
dws:cluster:createSnapshotPolicy |
Grants permission to set up an automatic snapshot policy. |
Write |
cluster * |
|
|
|
dws:cluster:listSnapshotStatistics |
Grants permission to dws cluster snapshot statics. |
List |
cluster * |
- |
|
|
dws:cluster:listSnapshot |
Grants permission to view cluster snapshot list. |
List |
cluster |
|
|
|
dws:cluster:getSnapshotDetail |
Grants permission to view cluster snapshot detail. |
List |
cluster |
|
|
|
dws:cluster:createSnapshot |
Grants permission to create snapshot. |
Write |
cluster * |
|
|
|
dws:cluster:deleteSnapshotPolicy |
Grants permission to delete snapshot policy. |
Write |
cluster * |
|
|
|
dws:cluster:listSnapshotPolicy |
Grants permission to query snapshot policy. |
List |
cluster * |
- |
|
|
dws:cluster:copySnapshot |
Grants permission to copy snapshot. |
Write |
cluster * |
|
|
|
dws:cluster:deleteSnapshot |
Grants permission to delete snapshots. |
Write |
cluster * |
|
|
|
dws:cluster:restoreSnapshot |
Grants permission to restore snapshots. |
Write |
cluster * |
|
|
|
dws:cluster:deleteDisasterRecovery |
Grants permission to delete disaster recovery. |
Write |
cluster * |
|
|
|
dws:cluster:createDisasterRecovery |
Grants permission to create disaster recovery. |
Write |
cluster * |
|
|
|
dws:cluster:startDisasterRecovery |
Grants permission to start disaster-recovery. |
Write |
cluster * |
|
|
|
dws:cluster:pauseDisasterRecovery |
Grants permission to pause disaster-recovery. |
Write |
cluster * |
|
|
|
dws:cluster:switchoverDisasterRecovery |
Grants permission to switchover disaster-recovery. |
Write |
cluster * |
|
|
|
dws:cluster:switchFailoverDisaster |
Grants permission to other switch failover disaster-recovery. |
Write |
cluster * |
|
|
|
dws:cluster:restoreDisaster |
Grants permission to restore disaster-recovery. |
Write |
cluster * |
|
|
|
dws:cluster:getDisasterRecovery |
Grants permission to get disaster-recovery detail. |
Read |
cluster * |
|
|
|
dws::listTagsForProject |
Grants permission to query the list of tags corresponding to a single resource(using in console and shared). |
List |
- |
- |
|
|
dws::listTagsForResource |
Grants permission to query the cluster tag list(using in console and shared). |
List |
cluster * |
- |
|
|
- |
|||||
|
dws::tagResource |
Grants permission to add tag. |
Tagging |
cluster * |
- |
|
|
- |
|||||
|
dws::unTagResource |
Grants permission to delete tag. |
Tagging |
cluster * |
- |
|
|
- |
|||||
|
dws:monitor:listHostDisk |
Grants permission to list host disk for dms monitoring. |
List |
- |
- |
- |
|
dws:monitor:listHostNet |
Grants permission to list host network for dms monitoring. |
List |
- |
- |
- |
|
dws:monitor:listMonitorIndicatorData |
Grants permission to list monitor history for dms monitoring. |
List |
- |
- |
- |
|
dws:monitor:listMonitorIndicators |
Grants permission to list monitor indicators for dms monitoring. |
List |
- |
- |
- |
|
dws:cluster:listConfig |
Grants permission to list cluster configuration. |
List |
cluster * |
- |
|
|
dws:service:listSpec |
Grants permission to list service spec. |
List |
- |
- |
|
|
dws:cluster:listDataSource |
Grants permission to list dataSource. |
List |
cluster * |
|
|
|
dws:service:listJobDetail |
Grants permission to list job detail. |
List |
- |
- |
- |
|
dws:service:listStatistics |
Grants permission to list resource statics. |
List |
- |
- |
- |
|
dws:service:listQuotas |
Grants permission to get user quotas. |
List |
- |
- |
- |
|
dws:cluster:updateConfig |
Grants permission to update cluster configuration. |
Write |
cluster * |
|
|
|
dws:service:listAZ |
Grants permission to list service availability zone. |
List |
- |
- |
- |
|
dws:service:listDssPools |
Grants permission to list dec storage pool. |
List |
- |
- |
- |
|
dws:service:listEps |
Grants permission to list eps. |
List |
- |
- |
- |
|
dws:service:authorize |
Grants permission to authorize. |
Write |
- |
- |
|
|
dws:service:checkAuthorize |
Grants permission to check authorize. |
Read |
- |
- |
|
|
dws::updateTag |
Grants permission to update tag. |
Tagging |
cluster * |
- |
|
|
- |
|||||
|
dws:cluster:getSnapshotPolicy |
Grants permission to get snapshot policy detail. |
Read |
cluster * |
|
|
|
dws:cluster:bindOrUnbindELB |
Grants permission to bind or unbind elb. |
Write |
cluster * |
|
|
|
dws:cluster:bindOrUnbindEIP |
Grants permission to bind or unbind eip. |
Write |
cluster * |
|
|
|
dws:cluster:deleteNode |
Grants permission to delete node. |
Write |
cluster * |
|
|
|
dws:cluster:listConnection |
Grants permission to query dws connection list. |
List |
cluster * |
|
|
|
dws:cluster:checkConnection |
Grants permission to check dws connection. |
Read |
cluster * |
- |
|
|
dws:cluster:listDN |
Grants permission to get cluster DN list. |
List |
cluster * |
- |
|
|
dws:cluster:listBucket |
Grants permission to get bucket list. |
List |
cluster * |
- |
|
|
dws:cluster:listScaleInNode |
Grants permission to get scale in node list. |
List |
cluster * |
- |
|
|
dws:cluster:listFlavorForResize |
Grants permission to get flavor for resize list. |
List |
cluster * |
- |
|
|
dws:cluster:listFlavorForRestore |
Grants permission to get flavor for restore list. |
List |
cluster * |
- |
|
|
dws::countResourceByTag |
Grants permission to query cluster by tag. |
Read |
cluster * |
- |
|
|
dws:cluster:updateSnapshotPolicy |
Grants permission to update snapshot policy. |
Write |
cluster * |
|
|
|
dws::listResourceByTag |
Grants permission to query cluster list by tag. |
List |
cluster * |
- |
|
|
- |
|||||
|
dws:cluster:assessRisk |
Grants permission to assess risk for resize. |
Read |
cluster * |
- |
|
|
dws:cluster:checkRestoreTable |
Grants permission to check restore table. |
Read |
cluster * |
|
|
|
dws:cluster:checkSupportFineGrainedBackup |
Grants permission to check support fine grained backup. |
Read |
cluster * |
|
|
|
dws:cluster:configureNetwork |
Grants permission to configure cluster network. |
Write |
cluster * |
- |
|
|
dws:cluster:expandWithExistedNodes |
Grants permission to expand cluster from free node. |
Write |
cluster * |
|
|
|
dws:cluster:getAntiAffinity |
Grants permission to get anti affinity. |
Read |
cluster * |
- |
|
|
dws:cluster:getCnCount |
Grants permission to query cluster CN count. |
Read |
cluster * |
- |
|
|
dws:cluster:getCredential |
Grants permission to get cluster JDBC connection credentials. |
Read |
cluster * |
- |
|
|
dws:cluster:getDiskExpandScope |
Grants permission to get disk expand scope. |
Read |
cluster * |
- |
|
|
dws:cluster:getEncryptInfo |
Grants permission to get cluster encrypt info. |
Read |
cluster * |
- |
|
|
dws:cluster:listHistoryConfig |
Grants permission to list history config record. |
List |
cluster * |
- |
|
|
dws:cluster:getHistoryConfigDetail |
Grants permission to get history config record detail. |
Read |
cluster * |
- |
|
|
dws:cluster:getInstanceDetail |
Grants permission to get instance detail. |
Read |
cluster * |
- |
|
|
dws:cluster:getProcessTopo |
Grants permission to get cluster process topo. |
Read |
cluster * |
|
|
|
dws:cluster:getRedistribution |
Grants permission to query redistribution info. |
Read |
cluster * |
|
|
|
dws:cluster:getRestoreDatabase |
Grants permission to get restore database. |
Read |
cluster * |
- |
|
|
dws:cluster:getRoachConfig |
Grants permission to get roach config. |
Read |
cluster * |
|
|
|
dws:cluster:getSnapshotEncryptInfo |
Grants permission to get snapshot encrypt info. |
Read |
cluster * |
|
|
|
dws:cluster:getSnapshotStorage |
Grants permission to query snapshot storage info. |
Read |
cluster * |
- |
|
|
dws:cluster:getTaskDetail |
Grants permission to query cluster task detail. |
Read |
cluster * |
- |
|
|
dws:cluster:getVolumeInfo |
Grants permission to query volume info. |
Read |
cluster * |
- |
|
|
dws:cluster:listNode |
Grants permission to get cluster node list. |
List |
cluster * |
- |
|
|
dws:cluster:listSchema |
Grants permission to get schema list. |
List |
cluster * |
|
|
|
dws:cluster:listTable |
Grants permission to get table list. |
List |
cluster * |
|
|
|
dws:cluster:listDatabase |
Grants permission to get user database list. |
List |
cluster * |
|
|
|
dws:cluster:recoverRedistribution |
Grants permission to recover redistribution. |
Write |
cluster * |
|
|
|
dws:cluster:resizeFlavor |
Grants permission to resize flavor. |
Write |
cluster * |
|
|
|
dws:cluster:resizeRetry |
Grants permission to execute retry for resize. |
Write |
cluster * |
|
|
|
dws:cluster:restoreTable |
Grants permission to restore table. |
Write |
cluster * |
|
|
|
dws:cluster:retryELBSwitch |
Grants permission to retry ELB switch servers task. |
Write |
cluster * |
- |
|
|
dws:cluster:listRingForScaleIn |
Grants permission to list ring for scale in. |
List |
cluster * |
- |
|
|
dws:cluster:saveDescriptionInfo |
Grants permission to save cluster description info. |
Write |
cluster * |
- |
|
|
dws:cluster:stopSnapshot |
Grants permission to stop snapshot. |
Write |
cluster * |
|
|
|
dws:cluster:suspendRedistribution |
Grants permission to suspend redistribution. |
Write |
cluster * |
|
|
|
dws:cluster:updateInstanceAliasName |
Grants permission to update instance alias name. |
Write |
cluster * |
|
|
|
dws:cluster:updateRoachConfig |
Grants permission to update roach config. |
Write |
cluster * |
|
|
|
dws:cluster:updateScheduleConfig |
Grants permission to update schedule config. |
Write |
cluster * |
|
|
|
dws:service:getClusterSum |
Grants permission to query cluster count. |
Read |
- |
- |
- |
|
dws:service:getResourceStatistics |
Grants permission to query resource statistics. |
Read |
- |
- |
- |
|
dws:service:getStorageStatistics |
Grants permission to query storage statistics. |
Read |
- |
- |
- |
|
dws:cluster:listDisasterRecovery |
Grants permission to get disaster-recovery list. |
List |
cluster * |
|
|
|
dws:cluster:checkDisasterRecoveryName |
Grants permission to check disaster-recovery name. |
Read |
cluster * |
|
|
|
dws:cluster:updateDisasterRecoveryConfig |
Grants permission to update disaster-recovery config. |
Write |
cluster * |
|
|
|
dws:cluster:addOperationalTask |
Grants permission to add schedule task. |
Write |
cluster * |
|
|
|
dws:cluster:bindManageIp |
Grants permission to bind the management plane IP address. |
Write |
cluster * |
|
|
|
dws:cluster:checkAccessLts |
Grants permission to check whether the LTS service is normal. |
Read |
cluster * |
|
|
|
dws:cluster:checkLogicalClusterData |
Grants permission to check whether the cluster has service data. |
Read |
cluster * |
|
|
|
dws:cluster:closeAccessLts |
Grants permission to close cloud service log. |
Write |
cluster * |
|
|
|
dws:cluster:createLogicalCluster |
Grants permission to create logical cluster. |
Write |
cluster * |
|
|
|
dws:cluster:createApplicationForDM |
Grants permission to add Job Task for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:createClusterForDM |
Grants permission to create cluster for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:createConnectionForDM |
Grants permission to create connection for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:createMappingForDM |
Grants permission to create mapping for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:deleteApplicationForDM |
Grants permission to delete job task for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:deleteClusterForDM |
Grants permission to delete cluster for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:deleteConnectionForDM |
Grants permission to delete connection for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:deleteMappingForDM |
Grants permission to delete mapping for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:dialsConnectionForDM |
Grants permission to detect connection for data migration. |
Read |
cluster * |
- |
|
|
dws:cluster:getApplicationForDM |
Grants permission to get job task detail for data migration. |
Read |
cluster * |
- |
|
|
dws:cluster:listApplicationConfigForDM |
Grants permission to list job task config for data migration. |
List |
cluster * |
- |
|
|
dws:cluster:listApplicationForDM |
Grants permission to list job task for data migration. |
List |
cluster * |
- |
|
|
dws:cluster:getClusterForDM |
Grants permission to get cluster detail for data migration. |
Read |
cluster * |
- |
|
|
dws:cluster:listClusterForDM |
Grants permission to get cluster for data migration. |
List |
cluster * |
- |
|
|
dws:cluster:listConfigurationTemplateForDM |
Grants permission to list config template for data migration. |
List |
cluster * |
- |
|
|
dws:cluster:getConnectionForDM |
Grants permission to get connection for data migration. |
Read |
cluster * |
- |
|
|
dws:cluster:listConnectionForDM |
Grants permission to list connection for data migration. |
List |
cluster * |
- |
|
|
dws:cluster:listDependApplicationForDM |
Grants permission to list depend job task for data migration. |
List |
cluster * |
- |
|
|
dws:cluster:getMappingForDM |
Grants permission to get mapping detail for data migration. |
Read |
cluster * |
- |
|
|
dws:cluster:listMappingForDM |
Grants permission to list mapping for data migration. |
List |
cluster * |
- |
|
|
dws:cluster:listProductForDM |
Grants permission to list product for data migration. |
List |
cluster * |
- |
|
|
dws:cluster:updateConnectionForDM |
Grants permission to update connection for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:updateMappingForDM |
Grants permission to update mapping for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:startApplicationForDM |
Grants permission to start job task for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:stopApplicationForDM |
Grants permission to stop job task for data migration. |
Write |
cluster * |
- |
|
|
dws:cluster:deleteCrossRegionSnapshotPolicy |
Grants permission to delete cross region snapshot policy. |
Write |
cluster * |
|
|
|
dws:cluster:deleteLogicalCluster |
Grants permission to delete logical cluster. |
Write |
cluster * |
|
|
|
dws:cluster:deleteOperationalTask |
Grants permission to delete operational task. |
Write |
cluster * |
|
|
|
dws:cluster:operateDisasterRecovery |
Grants permission to operate disaster-recovery, such as start, stop, and switchover. |
Write |
cluster * |
|
|
|
dws:cluster:updateLogicalCluster |
Grants permission to update logical cluster. |
Write |
cluster * |
|
|
|
dws:cluster:listAllCrossRegionSnapshotConfig |
Grants permission to list all cross region snapshot config. |
List |
cluster * |
- |
|
|
dws:cluster:getDisasterRecoveryProject |
Grants permission to get disaster-recovery project. |
Read |
cluster * |
|
|
|
dws:cluster:getDisasterRecoveryRegion |
Grants permission to get disaster-recovery region. |
Read |
cluster * |
|
|
|
dws:cluster:getLastOperationalTask |
Grants permission to get last operational task. |
Read |
cluster * |
|
|
|
dws:cluster:getLogicalClusterRings |
Grants permission to get logical cluster rings. |
Read |
cluster * |
|
|
|
dws:cluster:getLogicalClusterVolume |
Grants permission to get logical cluster volume. |
Read |
cluster * |
|
|
|
dws:cluster:getOperationalTaskConfig |
Grants permission to get operational task config. |
Read |
cluster * |
|
|
|
dws:cluster:getOperationalTaskDetail |
Grants permission to get operational task detail. |
Read |
cluster * |
|
|
|
dws:cluster:getOperationalTaskStatus |
Grants permission to get operational task status. |
Read |
cluster * |
|
|
|
dws:cluster:listSnapshotRegion |
Grants permission to list snapshot region. |
List |
cluster * |
- |
|
|
dws:cluster:getTargetAllCrossRegionSnapshotConfig |
Grants permission to get target all cross region snapshot config. |
Read |
cluster * |
- |
|
|
dws:cluster:initLogicalClusterSwitch |
Grants permission to init logical cluster switch. |
Write |
cluster * |
|
|
|
dws:cluster:listAccessLts |
Grants permission to list access Lts. |
List |
cluster * |
- |
|
|
dws:cluster:listLogicalCluster |
Grants permission to list logical cluster. |
List |
cluster * |
|
|
|
dws:cluster:listLogicalClusterTask |
Grants permission to list logical cluster task. |
List |
cluster * |
|
|
|
dws:cluster:listOperationalTask |
Grants permission to list operational task. |
List |
cluster * |
|
|
|
dws:cluster:openAccessLts |
Grants permission to open cloud service log. |
Write |
cluster * |
|
|
|
dws:cluster:pauseOperationalTask |
Grants permission to pause operational task. |
Write |
cluster * |
|
|
|
dws:cluster:getDisasterRecoveryDetail |
Grants permission to get disaster-recovery detail. |
Write |
cluster * |
|
|
|
dws:cluster:refreshOperationalTask |
Grants permission to refresh operational task. |
Write |
cluster * |
|
|
|
dws:cluster:restartLogicalCluster |
Grants permission to restart logical cluster. |
Write |
cluster * |
|
|
|
dws:cluster:resumeOperationalTask |
Grants permission to resume operational task. |
Write |
cluster * |
|
|
|
dws:cluster:setCrossRegionSnapshotPolicy |
Grants permission to set cross region snapshot policy. |
Write |
cluster * |
|
|
|
dws:cluster:startOperationalTask |
Grants permission to start operational task. |
Write |
cluster * |
|
|
|
dws:cluster:stopOperationalTask |
Grants permission to stop operational task. |
Write |
cluster * |
|
|
|
dws:cluster:switchLogicalCluster |
Grants permission to switch logical cluster. |
Write |
cluster * |
|
|
|
dws:cluster:syncCrossRegionBackupClusterInfo |
Grants permission to sync cross region backup cluster info. |
Write |
cluster * |
- |
|
|
dws:cluster:syncCrossRegionBackupConfig |
Grants permission to sync cross region backup config. |
Write |
cluster * |
- |
|
|
dws:cluster:syncCrossRegionBackupInfo |
Grants permission to sync cross region backup info. |
Write |
cluster * |
- |
|
|
dws:cluster:syncLogicalCluster |
Grants permission to sync logical cluster. |
Write |
cluster * |
|
|
|
dws:cluster:updateOperationalTaskConfig |
Grants permission to update operational task config. |
Write |
cluster * |
|
|
|
dws:cluster:updateOperationalTask |
Grants permission to update operational task. |
Write |
cluster * |
|
|
|
dws:cluster:addPlanForWLM |
Grants permission to add plan for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:addPlanStageForWLM |
Grants permission to add plan stage for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:addQueueForWLM |
Grants permission to add queue for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:addQueueUserForWLM |
Grants permission to add queue user for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:deletePlanForWLM |
Grants permission to delete plan for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:deletePlanStageForWLM |
Grants permission to delete plan stage for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:deleteQueueForWLM |
Grants permission to delete queue for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:deleteQueueUserForWLM |
Grants permission to delete queue user for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:exportPlanForWLM |
Grants permission to export plan for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:getPlanDetailForWLM |
Grants permission to get plan detail for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:getPlanLogForWLM |
Grants permission to get plan log for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:getPlanQueueForWLM |
Grants permission to get plan queue for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:getPlanStageForWLM |
Grants permission to get plan stage for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:listQueueForWLM |
Grants permission to list queue for workload manger. |
List |
cluster * |
|
|
|
dws:cluster:getQueueDetailForWLM |
Grants permission to get queue detail for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:getQueueRuleForWLM |
Grants permission to get queue rule for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:importPlanForWLM |
Grants permission to import plan for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:listPlanQueueForWLM |
Grants permission to list plan queue for workload manger. |
List |
cluster * |
|
|
|
dws:cluster:listPlanForWLM |
Grants permission to list plan for workload manger. |
List |
cluster * |
|
|
|
dws:cluster:listQueueUserForWLM |
Grants permission to list queue user for workload manger. |
List |
cluster * |
|
|
|
dws:cluster:listUserForWLM |
Grants permission to list user for workload manger. |
List |
cluster * |
|
|
|
dws:cluster:getClusterDBInfoForWLM |
Grants permission to get cluster DB info for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:listClusterPlanForWLM |
Grants permission to list cluster plan for workload manger. |
List |
cluster * |
|
|
|
dws:cluster:getClusterSchemaInfoForWLM |
Grants permission to get cluster schema info for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:getClusterVersionForWLM |
Grants permission to get cluster version for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:getFunctionStatusForWLM |
Grants permission to get function status for workload manger. |
Read |
cluster * |
|
|
|
dws:cluster:setFunctionStatusForWLM |
Grants permission to set function status for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:startPlanForWLM |
Grants permission to start plan for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:stopPlanForWLM |
Grants permission to stop plan for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:switchPlanStageForWLM |
Grants permission to switch plan stage for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:updatePlanStageForWLM |
Grants permission to update plan stage for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:updateQueueBaseForWLM |
Grants permission to update queue base for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:updateQueueResourceForWLM |
Grants permission to update queue resource for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:updateQueueRuleForWLM |
Grants permission to update queue rule for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:updateSchemaLimitForWLM |
Grants permission to update schema limit for workload manger. |
Write |
cluster * |
|
|
|
dws:cluster:getMonitorConfigForDMS |
Grants permission to get monitor config for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:monitor:listClusterOverview |
Grants permission to list cluster overview for dms monitoring. |
List |
- |
- |
- |
|
dws:cluster:listClusterInstanceForDMS |
Grants permission to list cluster instance for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getDDLExamineDetailForDMS |
Grants permission to get ddl examine detail for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getClusterDnStreamForDMS |
Grants permission to get cluster DN stream for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listClusterAlarmRuleForDMS |
Grants permission to list cluster alarm rule for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getClusterInstanceForDMS |
Grants permission to get cluster instance for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getHostNetMetricsForDMS |
Grants permission to get host net metrics for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:monitor:getHistoryMetrics |
Grants permission to get history metrics for dms monitoring. |
Read |
- |
- |
- |
|
dws:cluster:getMonitoringInfoForDMS |
Grants permission to get monitoring info for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listAlarmRuleForDMS |
Grants permission to list alarm rule for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:updateCollectionItemForDMS |
Grants permission to update collection item for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:doDDLExamineActionForDMS |
Grants permission to do ddl examine action for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:downloadDDLExamineDetailForDMS |
Grants permission to download ddl examine detail for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listInstanceDiskIOForDMS |
Grants permission to list instance disk io for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:resetCollectionItemForDMS |
Grants permission to reset collection item for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:getQueryRangeForDMS |
Grants permission to get query range for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:monitor:getAlarmConfig |
Grants permission to get alarm config for dms monitoring. |
Read |
- |
- |
- |
|
dws:cluster:switchoverCollectionItemForDMS |
Grants permission to switchover collection item for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:monitor:getOSMetrics |
Grants permission to get OS metrics for dms monitoring. |
Read |
- |
- |
- |
|
dws:cluster:listPerfDashboardForDMS |
Grants permission to list perf dashboard for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:disableCollectionItemForDMS |
Grants permission to disable collection item for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:monitor:getAggregationOSMetrics |
Grants permission to get aggregation OS metrics for dms monitoring. |
Read |
- |
- |
- |
|
dws:cluster:terminateSessionForDMS |
Grants permission to terminate session for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:getPerfDashboardDetailForDMS |
Grants permission to get perf dashboard detail for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:monitor:createAlarmRule |
Grants permission to create alarm rule for dms monitoring. |
Write |
- |
- |
- |
|
dws:cluster:enableCollectionItemForDMS |
Grants permission to enable collection item for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listInstanceNetworkMetricsForDMS |
Grants permission to list instance network metrics for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:createPerfDashboardForDMS |
Grants permission to create perf dashboard for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:getMonitorMetricsForDMS |
Grants permission to get monitor metrics for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:createSQLProbeForDMS |
Grants permission to create SQL probe for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listInstanceIOStatusForDMS |
Grants permission to list instance IO status for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getMonitorMetricsByDimensionForDMS |
Grants permission to get monitor metrics by dimension for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:updateStorageConfigForDMS |
Grants permission to update storage config for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:monitor:updateAlarmRule |
Grants permission to update alarm rule for dms monitoring. |
Write |
- |
- |
- |
|
dws:cluster:getInstanceIOAggResultForDMS |
Grants permission to get instance IO agg result for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:updatePerfDashboardForDMS |
Grants permission to update perf dashboard for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:getMonitorHistoryMetricsCost |
Grants permission to get monitor history metrics for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:monitor:deleteAlarmRule |
Grants permission to delete alarm rule for dms monitoring. |
Write |
- |
- |
- |
|
dws:cluster:updateSQLProbeForDMS |
Grants permission to update SQL probe for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:startMonitorMetricsCollectionForDMS |
Grants permission to start monitor metrics collection for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listInstanceStorageForDMS |
Grants permission to list instance storage for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:deletePerfDashboardForDMS |
Grants permission to delete perf dashboard for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getMonitorMetricsDetailForDMS |
Grants permission to get monitor metrics detail for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:deleteSQLProbeForDMS |
Grants permission to delete SQL probe for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:monitor:stopAlarmRule |
Grants permission to stop alarm rule for dms monitoring. |
Write |
- |
- |
- |
|
dws:cluster:stopMonitorMetricsCollectionForDMS |
Grants permission to stop monitor metrics collection for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listExceptionTableForDMS |
Grants permission to list exception table for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getInstanceStorageAggForDMS |
Grants permission to get instance storage agg for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getWDRSnapShotForDMS |
Grants permission to get WDR snapshot for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getPerfMetricsDataForDMS |
Grants permission to get perf metrics data for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listQueryForDMS |
Grants permission to list query for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getInstanceIOMetricsForDMS |
Grants permission to get instance IO metrics for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getSQLProbeDetailForDMS |
Grants permission to get SQL probe detail for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:switchoverMonitorMetricStatusForDMS |
Grants permission to switchover monitor metrics status for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:monitor:startAlarmRule |
Grants permission to start alarm rule for dms monitoring. |
Write |
- |
- |
- |
|
dws:monitor:getClusterStatus |
Grants permission to get cluster status for dms monitoring. |
Read |
- |
- |
- |
|
dws:cluster:getPerfMetricsDetailForDMS |
Grants permission to get perf metrics detail for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listSlowInstanceForDMS |
Grants permission to list slow instance for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getDDLExamineConfigForDMS |
Grants permission to get ddl examine config for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getMonitoringViewStatusForDMS |
Grants permission to get monitoring view status for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:monitor:enableAlarm |
Grants permission to enable alarm for dms monitoring. |
Write |
- |
- |
- |
|
dws:cluster:createWDRSnapShotForDMS |
Grants permission to create WDR snapshot for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listExecuteStatusForDMS |
Grants permission to list execute status for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getSlowInstanceDetailForDMS |
Grants permission to get slow instance detail for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:enableSQLProbeForDMS |
Grants permission to enable SQL probe for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:getWDRConfigForDMS |
Grants permission to get WDR config for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:monitor:disableAlarm |
Grants permission to disable alarm for dms monitoring. |
Write |
- |
- |
- |
|
dws:cluster:getMonitoringViewForDMS |
Grants permission to get monitoring view for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getDatabaseUsageForDMS |
Grants permission to get database usage for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listSQLProbeForDMS |
Grants permission to list SQL probe for dms monitoring. |
List |
cluster * |
- |
|
|
dws:monitor:getAlarmMetrics |
Grants permission to get alarm metrics for dms monitoring. |
Read |
- |
- |
- |
|
dws:monitor:listMetricStatus |
Grants permission to list metrics status for dms monitoring. |
List |
- |
- |
- |
|
dws:cluster:listSessionStatusForDMS |
Grants permission to list session status for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:downloadPerfHistoryForDMS |
Grants permission to download perf history for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:addPerfItemForDMS |
Grants permission to add perf item for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listClusterSessionForDMS |
Grants permission to list cluster session for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getSQLDiagnosticsForDMS |
Grants permission to get SQL diagnostics for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:updateWDRSnapShotForDMS |
Grants permission to update WDR snapshot for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:monitor:clearAlarm |
Grants permission to clear alarm for dms monitoring. |
Write |
- |
- |
- |
|
dws:cluster:executeSQLProbeForDMS |
Grants permission to execute SQL probe for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listQueryStatusForDMS |
Grants permission to list query status for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getWDRReportForDMS |
Grants permission to get WDR report for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listWLMQueueForDMS |
Grants permission to list workload manager queue for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:updatePerfItemForDMS |
Grants permission to update perf item for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:getQueryCostForDMS |
Grants permission to get query cost for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:createWDRReportForDMS |
Grants permission to create WDR report for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:downloadWDRReportForDMS |
Grants permission to download WDR report for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listDatabaseForDMS |
Grants permission to list database for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:listUserWLMQueueForDMS |
Grants permission to list user workload manger queue for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:deletePerfItemForDMS |
Grants permission to delete perf item for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:monitor:getExceptionAlarmRule |
Grants permission to get exception alarm rule for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getWDRHostForDMS |
Grants permission to get WDR host for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:getHistoryPerfDataForDMS |
Grants permission to get history perf data for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:deleteWDRReportForDMS |
Grants permission to delete WDR report for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:getPerfDetailByDimensionForDMS |
Grants permission to get perf detail by dimension for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:downloadPerfHistoryByIdForDMS |
Grants permission to download perf history by id for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listWaitingWLMForDMS |
Grants permission to list waiting WLM for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getQueryPropertyForDMS |
Grants permission to get query property for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listBucketForDMS |
Grants permission to list bucket for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:getHistoryQueryPropertyForDMS |
Grants permission to get history query property for dms monitoring. |
Read |
cluster * |
- |
|
|
dws:cluster:listExceptionWLMForDMS |
Grants permission to list exception WLM for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:terminateQueryForDMS |
Grants permission to terminate query for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:updateTaskForDMS |
Grants permission to update task for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:retryTaskForDMS |
Grants permission to retry task for dms monitoring. |
Write |
cluster * |
- |
|
|
dws:cluster:listTaskForDMS |
Grants permission to list task for dms monitoring. |
List |
cluster * |
- |
|
|
dws:cluster:syncIamUser |
Grants permission to sync IAM user. |
Write |
cluster * |
- |
|
|
dws:cluster:listDatabaseUser |
Grants permission to list database user. |
List |
cluster * |
- |
|
|
dws:cluster:getDatabaseUser |
Grants permission to get database user. |
Read |
cluster * |
- |
|
|
dws:cluster:updateDatabaseUserInfo |
Grants permission to update database user info. |
Read |
cluster * |
- |
|
|
dws:cluster:updateDatabaseAuthority |
Grants permission to update database authority. |
Write |
cluster * |
- |
|
|
dws:cluster:getDatabaseAuthority |
Grants permission to get database authority. |
Read |
cluster * |
- |
|
|
dws:cluster:getDisasterProgress |
Grants permission to get disaster progress. |
Read |
cluster * |
- |
|
|
dws:cluster:getDatabaseOmUserStatus |
Grants permission to get database om user status. |
Read |
cluster * |
- |
|
|
dws:cluster:executeDatabaseOmUserAction |
Grants permission to execute database om user action. |
Write |
cluster * |
- |
|
|
dws:cluster:getClusterInstancesInfo |
Grants permission to get cluster instance info. |
Read |
cluster * |
- |
|
|
dws:cluster:getMetadataSyncStatus |
Grants permission to get meta data sync status. |
Read |
cluster * |
- |
|
|
dws:cluster:startMetadataSync |
Grants permission to start meta data sync. |
Write |
cluster * |
- |
|
|
dws:cluster:stopMetadataSync |
Grants permission to stop meta data sync. |
Write |
cluster * |
- |
|
|
dws:cluster:updatePeriodCluster |
Grants permission to update period cluster. |
Write |
cluster * |
|
|
|
dws:cluster:createPeriodCluster |
Grants permission to create period cluster. |
Write |
cluster * |
|
|
|
dws:cluster:deleteConfigTemplate |
Grants permission to delete config template. |
Write |
cluster * |
|
|
|
dws:cluster:getCountDown |
Grants permission to get count down. |
Read |
cluster * |
- |
|
|
dws:cluster:getObsHotStorage |
Grants permission to get obs hot storage. |
Read |
cluster * |
- |
|
|
dws:cluster:listConfigTemplate |
Grants permission to list config template. |
List |
cluster * |
- |
|
|
dws:cluster:listDwsResource |
Grants permission to list dws resource. |
List |
cluster * |
|
|
|
dws:cluster:listDiscountNode |
Grants permission to list discount node. |
List |
cluster * |
- |
|
|
dws:cluster:changeToPeriod |
Grants permission to change to period. |
Write |
cluster * |
|
|
|
dws:cluster:rotateKey |
Grants permission to rotate key. |
Write |
cluster * |
- |
|
|
dws:cluster:operateCluster |
Grants permission to operate cluster, such as repair/cancel readonly. |
Write |
cluster * |
- |
|
|
dws:cluster:doUpgrade |
Grants permission to do upgrade. |
Write |
cluster * |
|
|
|
dws:cluster:listUpgradePath |
Grants permission to list upgrade path. |
List |
cluster * |
|
|
|
dws:cluster:listUpgradeRecord |
Grants permission to list upgrade record. |
List |
cluster * |
|
|
|
dws:cluster:createDatabaseUser |
Grants permission to create database user. |
Write |
cluster * |
- |
|
|
dws:cluster:deleteDatabaseUser |
Grants permission to delete database user. |
Write |
cluster * |
- |
|
|
dws:cluster:getUserRoles |
Grants permission to list user roles. |
List |
cluster * |
- |
|
|
dws:cluster:getUserAuthority |
Grants permission to list user Authorities. |
List |
cluster * |
- |
|
|
dws:cluster:getDatabaseObjects |
Grants permission to list database objects. |
List |
cluster * |
- |
|
|
dws:cluster:listLogicalClusterPlans |
Grants permission to list logical cluster plans. |
List |
cluster * |
- |
|
|
dws:cluster:createLogicalClusterPlan |
Grants permission to create logical cluster plan. |
Write |
cluster * |
- |
|
|
dws:cluster:deleteLogicalClusterPlan |
Grants permission to delete logical cluster plan. |
Write |
cluster * |
- |
|
|
dws:cluster:listDatabaseUsers |
Grants permission to list database users. |
List |
cluster * |
- |
|
|
dws:cluster:switchLogicalClusterPlan |
Grants permission to switch logical cluster plan. |
Write |
cluster * |
- |
|
|
dws:cluster:updateLogicalClusterPlan |
Grants permission to update logical cluster plan. |
Write |
cluster * |
- |
|
|
dws:migration:listBucketObject |
Grants permission to obtain a list of bucket objects |
Write |
- |
- |
- |
|
dws:migration:deleteBucketObject |
Grants permission to delete bucket objects |
Write |
- |
- |
- |
|
dws:websql:listExecSqlRecord |
Grants permission to query the SQL execution records |
List |
- |
- |
- |
|
dws:cluster:changeSecurityGroup |
Grants permission to change security group. |
Write |
cluster * |
- |
- |
|
- |
|||||
|
dws:migration:setBucketLifecycle |
set |
Write |
- |
- |
- |
|
dws:migration:setBucketEncryption |
Grants permission to set bucket encryption. |
Write |
- |
- |
- |
|
dws:migration:showBucketEncryption |
Grants permission to obtain a set of temporary security credentials that can be used to access bucket encryption. |
Write |
- |
- |
- |
|
dws:migration:showBucketLifecycle |
Grants permission to query the lifecycle of buckets |
Write |
- |
- |
- |
Each API of dws usually supports one or more actions. Table 2 lists the supported actions and dependencies.
|
API |
Action |
Dependencies |
|---|---|---|
|
POST /v2/{project_id}/alarm-subs |
dws:alarm:createSubscription |
- |
|
DELETE /v2/{project_id}/alarm-subs/{alarm_sub_id} |
dws:alarm:deleteSubscription |
- |
|
GET /v2/{project_id}/alarm-configs |
dws:alarm:listConfig |
- |
|
GET /v2/{project_id}/alarms |
dws:alarm:listDetail |
- |
|
GET /v2/{project_id}/alarm-statistic |
dws:alarm:listStatistics |
- |
|
GET /v2/{project_id}/alarm-subs |
dws:alarm:listSubscription |
- |
|
PUT /v2/{project_id}/alarm-subs/{alarm_sub_id} |
dws:alarm:updateSubscription |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/cns/batch-create |
dws:cluster:addCN |
- |
|
PUT /v2/{project_id}/clusters/{cluster_id}/workload/queues |
dws:cluster:addQueueForWLM |
- |
|
POST /v2/{project_id}/clusters/{cluster_id}/eips/{eip_id} |
dws:cluster:bindEIP |
- |
|
POST /v2/{project_id}/clusters/{cluster_id}/elbs/{elb_id} |
dws:cluster:bindELB |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/cancel-readonly |
dws:cluster:cancelReadonly |
- |
|
GET /v2/{project_id}/disaster-recovery/check-name |
dws:cluster:checkDisasterRecoveryName |
- |
|
POST /v1.0/{project_id}/snapshots/{snapshot_id}/linked-copy |
dws:cluster:copySnapshot |
- |
|
POST /v1.0/{project_id}/clusters |
dws:cluster:create |
|
|
POST /v2/{project_id}/clusters |
dws:cluster:create |
- |
|
POST /v2/{project_id}/cluster-precheck |
dws:cluster:create |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/dns |
dws:cluster:createConnection |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/ext-data-sources |
dws:cluster:createDataSource |
- |
|
POST /v2/{project_id}/disaster-recoveries |
dws:cluster:createDisasterRecovery |
- |
|
POST /v2/{project_id}/clusters/{cluster_id}/workload |
dws:cluster:setFunctionStatusForWLM |
- |
|
POST /v1.0/{project_id}/snapshots |
dws:cluster:createSnapshot |
- |
|
PUT /v2/{project_id}/clusters/{cluster_id}/snapshot-policies |
dws:cluster:createSnapshotPolicy |
- |
|
POST /v2/{project_id}/clusters/{cluster_id}/workload/plans |
dws:cluster:addPlanForWLM |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id} |
dws:cluster:delete |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/cns/batch-delete |
dws:cluster:deleteCN |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/dns |
dws:cluster:deleteConnection |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/ext-data-sources/{ext_data_source_id} |
dws:cluster:deleteDataSource |
- |
|
DELETE /v2/{project_id}/disaster-recovery/{disaster_recovery_id} |
dws:cluster:deleteDisasterRecovery |
- |
|
POST /v2/{project_id}/clusters/{cluster_id}/nodes/delete |
dws:cluster:deleteNode |
- |
|
DELETE /v1.0/{project_id}/snapshots/{snapshot_id} |
dws:cluster:deleteSnapshot |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/snapshot-policies/{id} |
dws:cluster:deleteSnapshotPolicy |
- |
|
DELETE /v2/{project_id}/clusters/{cluster_id}/workload/queues |
dws:cluster:deleteQueueForWLM |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/expand-instance-storage |
dws:cluster:expandDisk |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id} |
dws:cluster:getDetail |
- |
|
GET /v2/{project_id}/disaster-recoveries |
dws:cluster:getDisasterRecovery |
- |
|
GET /v2/{project_id}/disaster-recovery/{disaster_recovery_id} |
dws:cluster:getDisasterRecovery |
- |
|
GET /v1.0/{project_id}/clusters |
dws:cluster:list |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/audit-log-records |
dws:cluster:listAuditLog |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/cns |
dws:cluster:listCN |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/configurations |
dws:cluster:listConfig |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/configurations/{configuration_id} |
dws:cluster:listConfig |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/ext-data-sources |
dws:cluster:listDataSource |
- |
|
GET /v2/{project_id}/clusters/{cluster_id}/elbs |
dws:cluster:listELB |
- |
|
GET /v2/{project_id}/disaster-recovery-clusters |
dws:cluster:listDisasterRecovery |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/shrink-numbers |
dws:cluster:listRingForScaleIn |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/snapshots |
dws:cluster:listSnapshot |
- |
|
GET /v1.0/{project_id}/snapshots |
dws:cluster:listSnapshot |
- |
|
GET /v1.0/{project_id}/snapshots/{snapshot_id} |
dws:cluster:getSnapshotDetail |
- |
|
GET /v2/{project_id}/clusters/{cluster_id}/snapshot-policies |
dws:cluster:listSnapshotPolicy |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/snapshots/statistics |
dws:cluster:listSnapshotStatistics |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/tags |
dws::listTagsForResource |
- |
|
GET /v2/{project_id}/clusters/{cluster_id}/workload |
dws:cluster:getFunctionStatusForWLM |
- |
|
GET /v2/{project_id}/clusters/{cluster_id}/workload/queues |
dws:cluster:listQueueForWLM |
- |
|
POST /v2/{project_id}/disaster-recovery/{disaster_recovery_id}/pause |
dws:cluster:pauseDisasterRecovery |
- |
|
POST /v2/{project_id}/clusters/{cluster_id}/redistribution |
dws:cluster:redistribution |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/reset-password |
dws:cluster:resetPassword |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/resize |
dws:cluster:resize |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/restart |
dws:cluster:restart |
- |
|
POST /v2/{project_id}/disaster-recovery/{disaster_recovery_id}/recovery |
dws:cluster:restoreDisaster |
- |
|
POST /v1.0/{project_id}/snapshots/{snapshot_id}/actions |
dws:cluster:restoreSnapshot |
- |
|
POST /v1/{project_id}/clusters/{cluster_id}/description |
dws:cluster:saveDescriptionInfo |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/maintenance-window |
dws:cluster:setMaintainceWindow |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/cluster-shrink |
dws:cluster:scaleIn |
- |
|
POST /v2/{project_id}/disaster-recovery/{disaster_recovery_id}/start |
dws:cluster:startDisasterRecovery |
- |
|
POST /v2/{project_id}/disaster-recovery/{disaster_recovery_id}/failover |
dws:cluster:switchFailoverDisaster |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/switchover |
dws:cluster:switchover |
- |
|
POST /v2/{project_id}/disaster-recovery/{disaster_recovery_id}/switchover |
dws:cluster:switchoverDisasterRecovery |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/tags/batch-create |
dws::tagResource |
- |
|
DELETE /v2/{project_id}/clusters/{cluster_id}/eips/{eip_id} |
dws:cluster:unbindEIP |
- |
|
DELETE /v2/{project_id}/clusters/{cluster_id}/elbs/{elb_id} |
dws:cluster:unbindELB |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/tags/batch-delete |
dws::unTagResource |
- |
|
PUT /v2/{project_id}/clusters/{cluster_id}/configurations/{configuration_id} |
dws:cluster:updateConfig |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/dns |
dws:cluster:updateConnection |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/ext-data-sources/{ext_data_source_id} |
dws:cluster:updateDataSource |
- |
|
PUT /v2/{project_id}/disaster-recovery/{disaster_recovery_id} |
dws:cluster:updateDisasterRecoveryConfig |
- |
|
POST /v2/{project_id}/event-subs |
dws:event:createSubscription |
- |
|
DELETE /v2/{project_id}/event-subs/{event_sub_id} |
dws:event:deleteSubscription |
- |
|
GET /v2/{project_id}/events |
dws:event:list |
- |
|
GET /v2/{project_id}/event-specs |
dws:event:listSpec |
- |
|
GET /v2/{project_id}/event-subs |
dws:event:listSubscription |
- |
|
PUT /v2/{project_id}/event-subs/{event_sub_id} |
dws:event:updateSubscription |
- |
|
GET /v1.0/{project_id}/availability-zones |
dws:service:listAZ |
- |
|
GET /v1.0/{project_id}/dss-pools |
dws:service:listDssPools |
- |
|
GET /v1.0/{project_id}/dms/disk |
dws:monitor:listHostDisk |
- |
|
GET /v1.0/{project_id}/dms/net |
dws:monitor:listHostNet |
- |
|
GET /v1.0/{project_id}/dms/host-overview |
dws:monitor:listClusterOverview |
- |
|
GET /v1.0/{project_id}/job/{job_id} |
dws:service:listJobDetail |
- |
|
GET /v1.0/{project_id}/dms/metric-data |
dws:monitor:listMonitorIndicatorData |
- |
|
GET /v1.0/{project_id}/dms/metric-data/indicators |
dws:monitor:listMonitorIndicators |
- |
|
GET /v1.0/{project_id}/quotas |
dws:service:listQuotas |
- |
|
GET /v2/{project_id}/node-types |
dws:service:listSpec |
- |
|
GET /v1.0/{project_id}/statistics |
dws:service:listStatistics |
- |
|
GET /v1.0/{project_id}/tags |
dws::listTagsForProject |
- |
|
POST /v2/{project_id}/clusters/{cluster_id}/logical-clusters |
dws:cluster:createLogicalCluster |
- |
|
DELETE /v2/{project_id}/clusters/{cluster_id}/logical-clusters/{logical_cluster_id} |
dws:cluster:deleteLogicalCluster |
- |
|
PUT /v2/{project_id}/clusters/{cluster_id}/logical-clusters/{logical_cluster_id} |
dws:cluster:updateLogicalCluster |
- |
|
POST /v2/{project_id}/clusters/{cluster_id}/logical-clusters/{logical_cluster_id}/restart |
dws:cluster:restartLogicalCluster |
- |
|
POST /v1/{project_id}/clusters/{cluster_id}/db-manager/sync-iam-user |
dws:cluster:syncIamUser |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/db-manager/users |
dws:cluster:listDatabaseUser |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/db-manager/users/{name} |
dws:cluster:getDatabaseUser |
- |
|
POST /v1/{project_id}/clusters/{cluster_id}/db-manager/users/{name} |
dws:cluster:updateDatabaseUserInfo |
- |
|
POST /v1/{project_id}/clusters/{cluster_id}/db-manager/authority |
dws:cluster:updateDatabaseAuthority |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/db-manager/authority |
dws:cluster:getDatabaseAuthority |
- |
|
GET /v1/{project_id}/disaster-recovery/{disaster_recovery_id}/show-progress |
dws:cluster:getDisasterProgress |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/db-manager/om-user/status |
dws:cluster:getDatabaseOmUserStatus |
- |
|
POST /v1/{project_id}/clusters/{cluster_id}/db-manager/om-user/action |
dws:cluster:executeDatabaseOmUserAction |
- |
|
POST /v1/{project_id}/clusters/{cluster_id}/rotate-key |
dws:cluster:rotateKey |
- |
|
POST /v1/{project_id}/clusters/{cluster_id}/db-manager/users |
dws:cluster:createDatabaseUser |
- |
|
DELETE /v1/{project_id}/clusters/{cluster_id}/db-manager/users/{name} |
dws:cluster:deleteDatabaseUser |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/db-manager/users/{name}/authority |
dws:cluster:getUserAuthority |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/db-manager/objects |
dws:cluster:getDatabaseObjects |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/logical-cluster-plans |
dws:cluster:listLogicalClusterPlans |
- |
|
POST /v1/{project_id}/clusters/{cluster_id}/logical-cluster-plans |
dws:cluster:createLogicalClusterPlan |
- |
|
DELETE /v1/{project_id}/clusters/{cluster_id}/logical-cluster-plans/{plan_id} |
dws:cluster:deleteLogicalClusterPlan |
- |
|
PUT /v1/{project_id}/clusters/{cluster_id}/logical-cluster-plans/{plan_id} |
dws:cluster:updateLogicalClusterPlan |
- |
|
PUT /v1/{project_id}/clusters/{cluster_id}/security-group |
dws:cluster:changeSecurityGroup |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/db-manager/users/{name}/authority/export |
dws:cluster:getUserAuthority |
- |
|
GET /v1/{project_id}/clusters/{cluster_id}/db-manager/users/export |
dws:cluster:listDatabaseUser |
- |
Resources
A resource type indicates the resources that an identity policy applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the identity policy statements using that action, and the identity policy applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the identity policy applies to all resources. You can also set condition keys in an identity policy to define resource types.
The following table lists the resource types that you can define in identity policy statements for dws.
Conditions
dws does not support service-specific condition keys in identity policies.It can only use global condition keys applicable to all services. For details, see Global Condition Keys.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
