Actions Supported by Policy-based Authorization
This section describes the actions supported policy-based authorization for DBSS.
Supported Actions
DBSS provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Actions supported by policies are specific to APIs. Common concepts related to policies include:
- Permissions: statements that allow or deny certain operations.
- APIs: REST APIs that can be called by a user who has been granted specific permissions.
- Actions: specific operations that are allowed or denied.
- Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
- IAM projects or enterprise project: Scope of users a permission is granted to. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
The following content describes the custom policy authorization supported by DBSS.
Lifecycle Management
|
Permission |
API |
Action |
Dependent Permission |
IAM (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|---|
|
Grants permission to query SQL injection rules. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rules POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/list-rules POST /dbss/v1/{project_id}/{instance_id}/dbss/audit/rule/sql-injections |
dbss:auditInstance:listSqlInjectRules |
- |
√ |
√ |
|
Grants permission to obtain audit results. |
POST /dbss/v1/{project_id}/{instance_id}/audit/sqls POST /dbss/v1/{project_id}/{instance_id}/audit/sqls/list-sqls GET /dbss/v1/{project_id}/{instance_id}/audit/sqls/{sql_statement_id} |
dbss:auditInstance:listSqls |
- |
√ |
√ |
|
Grants permission to enable or disable SQL injection policies. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rule/switch POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/switch |
dbss:auditInstance:switchSqlInjectRule |
- |
√ |
√ |
|
Grants permission to add custom SQL injection rules. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rule POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql |
dbss:auditInstance:addSqlInjectRule |
- |
√ |
√ |
|
Grants permission to sort SQL rules by priority. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rules/rank POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/rank-sql |
dbss:auditInstance:orderSqlInjectRule |
- |
√ |
√ |
|
Grants permission to generate reports immediately. |
POST /dbss/v1/{project_id}/{instance_id}/audit/reports POST /dbss/v1/{project_id}/{instance_id}/audit/reports/results/create-report |
dbss:auditInstance:createReporter |
- |
√ |
√ |
|
Grants permission to query report information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/reports/list POST /dbss/v1/{project_id}/{instance_id}/audit/reports/list-reports GET /dbss/v1/{project_id}/{instance_id}/audit/reports/templates GET /dbss/v1/{project_id}/{instance_id}/audit/reports/list-templates |
dbss:auditInstance:listReporters |
- |
√ |
√ |
|
Grants permission to query a specified risk rule policy. |
GET /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/{risk_id} GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/rule/risk/{risk_id} |
dbss:auditInstance:getRiskRuleDetail |
- |
√ |
√ |
|
Grants permission to query alarm email information. |
GET /dbss/v1/{project_id}/{instance_id}/audit/operation/emails GET /dbss/v1/{project_id}/{instance_id}/audit/operation/list-emails |
dbss:auditInstance:listAlarmEmails |
- |
√ |
√ |
|
Grants permission to download reports. |
GET /dbss/v1/{project_id}/{instance_id}/audit/reports/{report_id} GET /dbss/v1/{project_id}/{instance_id}/audit/reports/results/{report_id}/download-report |
dbss:auditInstance:downloadReporter |
- |
√ |
√ |
|
Grants permission to query the policy list for an audit scope. |
GET /dbss/v1/{project_id}/{instance_id}/audit/rule/scopes GET /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/list-scope GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/rule/scopes |
dbss:auditInstance:listAuditScopeRules |
- |
√ |
√ |
|
Grants permission to add a privacy data protection rule. |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/masks POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/add-rule |
dbss:auditInstance:addSensitiveRule |
- |
√ |
√ |
|
Grants permission to edit privacy data protection rules. |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/masks/{rule_id} POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/{rule_id}/edit-rule |
dbss:auditInstance:editSensitiveRule |
- |
√ |
√ |
|
Grants permission to delete reports. |
DELETE /dbss/v1/{project_id}/{instance_id}/audit/reports/{report_id} DELETE /dbss/v1/{project_id}/{instance_id}/audit/reports/results/{report_id}/delete-report |
dbss:auditInstance:deleteReporter |
- |
√ |
√ |
|
Grants permission to query user operation logs. |
POST /dbss/v1/{project_id}/{instance_id}/audit/general/operate-log POST /dbss/v1/{project_id}/{instance_id}/dbss/audit/operate-log |
dbss:auditInstance:listOperateLog |
- |
√ |
√ |
|
Grants permission to query audit instance monitoring information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/operation/monitorinfo POST /dbss/v1/{project_id}/{instance_id}/audit/operation/get-monitorinfo |
dbss:auditInstance:listMonitorInfos |
- |
√ |
√ |
|
Grants permission to query audit instance session information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/sessionstatistics/clientsession POST /dbss/v1/{project_id}/{instance_id}/audit/sessionstatistics/list-clientsession POST /dbss/v1/{project_id}/{instance_id}/audit/sessionstatistics/accountsession POST /dbss/v1/{project_id}/{instance_id}/audit/sessionstatistics/list-accountsession |
dbss:auditInstance:listSessionInfo |
- |
√ |
√ |
|
Grants permission to enable or disable the backup function. |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/stop POST /dbss/v1/{project_id}/{instance_id}/audit/backup/stop-backup POST /dbss/v1/{project_id}/{instance_id}/audit/backup/start POST /dbss/v1/{project_id}/{instance_id}/audit/backup/start-backup POST /dbss/v1/{domain_id}/{instance_id}/audit/backup/global/switch |
dbss:auditInstance:switchBackup |
dbss:auditInstance:getBackupConfig |
√ |
√ |
|
Grants permission to download a sales license. |
GET /dbss/v1/{project_id}/dbss/saleslicense/download GET /dbss/v1/{project_id}/dbss/download-saleslicense |
dbss::downloadLicense |
- |
√ |
√ |
|
Grants permission to delete failed audit instance creation tasks. |
DELETE /dbss/v1/{project_id}/dbss/audit/job/{failed_id} DELETE /dbss/v1/{project_id}/dbss/audit/delete-job/{failed_id} |
dbss::deleteAuditInstanceJob |
- |
√ |
√ |
|
Grants permission to query RDS databases. |
GET /dbss/v2/{project_id}/audit/databases/rds POST /dbss/v1/{project_id}/dbss/audit/rds-instance POST /dbss/v1/{project_id}/dbss/audit/guassDbInstance |
dbss::listRdsDb |
- |
√ |
√ |
|
Grants permission to enable audit instances. |
POST /dbss/v1/{project_id}/dbss/audit/instance/start POST /dbss/v1/{project_id}/dbss/audit/start-instance |
dbss:auditInstance:instanceStart |
- |
√ |
√ |
|
Grants permission to restart audit instances. |
POST /dbss/v1/{project_id}/dbss/audit/instance/reboot POST /dbss/v1/{project_id}/dbss/audit/reboot-instance |
dbss:auditInstance:reboot |
- |
√ |
√ |
|
Grants permission to disable audit instances. |
POST /dbss/v1/{project_id}/dbss/audit/instance/stop POST /dbss/v1/{project_id}/dbss/audit/stop-instance |
dbss:auditInstance:stop |
- |
√ |
√ |
|
Grants permission to upgrade audit instances. |
POST /dbss/v1/{project_id}/dbss/{instance_id}/audit/upgrade |
dbss:auditInstance:upgrade |
- |
√ |
√ |
|
Grants permission to query the upgrade status of an audit instance. |
GET /dbss/v1/{project_id}/dbss/audit/upgrade/status |
dbss::queryUpgradeStatus |
- |
√ |
√ |
|
Grants permission to modify the security group of an audit instance. |
POST /dbss/v1/{project_id}/dbss/audit/securitygroup POST /dbss/v1/{project_id}/dbss/audit/update-securitygroup POST /dbss/v1/{project_id}/dbss/audit/security-group |
dbss:auditInstance:updateSecurityGroup |
- |
√ |
√ |
|
Grants permission to modify attributes of audit instances. |
PUT /dbss/v1/{project_id}/dbss/audit/instances/{instance_id} POST /dbss/v1/{project_id}/dbss/audit/update-instance/{instance_id} |
dbss:auditInstance:modifyAttribute |
- |
√ |
√ |
|
Grants permission to download agents. |
GET /dbss/v1/{project_id}/{instance_id}/audit/operation/agent/{agent_id}/download GET /dbss/v1/{project_id}/{instance_id}/audit/operation/download-agent/{agent_id} GET /dbss/v2/{project_id}/{instance_id}/audit/agents/{agent_id} |
dbss:auditInstance:downloadAgent |
- |
√ |
√ |
|
Grants permission to enable or disable agents. |
POST /dbss/v1/{project_id}/{instance_id}/audit/agent/switch |
dbss:auditInstance:switchAgent |
- |
√ |
√ |
|
Grants permissions to obtain the agent list. |
GET /dbss/v2/{project_id}/{instance_id}/audit/agents GET /dbss/v1/{project_id}/{instance_id}/audit/agents/{db_id} GET /dbss/v1/{project_id}/{instance_id}/audit/agent/get-agent |
dbss:auditInstance:listAgents |
- |
√ |
√ |
|
Grants permissions to delete agents. |
DELETE /dbss/v1/{project_id}/{instance_id}/audit/agents/{db_id}/{agent_id} DELETE /dbss/v2/{project_id}/{instance_id}/audit/agents/{agent_id} POST /dbss/v1/{project_id}/{instance_id}/audit/agent/del-agent |
dbss:auditInstance:deleteAgent |
- |
√ |
√ |
|
Grants permissions to add agents. |
POST /dbss/v2/{project_id}/{instance_id}/audit/agents POST /dbss/v1/{project_id}/{instance_id}/audit/agents POST /dbss/v1/{project_id}/{instance_id}/audit/agent/add-agent POST /dbss/v1/{project_id}/{instance_id}/audit/agent/{agent_id} |
dbss:auditInstance:addAgent |
- |
√ |
√ |
|
Grants permissions to preview reports. |
GET /dbss/v1/{project_id}/{instance_id}/audit/reports/{report_id}/preview GET /dbss/v1/{project_id}/{instance_id}/audit/reports/{report_id}/preview-report |
dbss:auditInstance:previewReporter |
- |
√ |
√ |
|
Grants permission to configure alarm information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-config POST /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-config-topic |
dbss:auditInstance:setAlarmConfig |
- |
√ |
√ |
|
Grants permission to configure alarm email information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/operation/config-email POST /dbss/v1/{project_id}/{instance_id}/audit/operation/email/{email_id} POST /dbss/v1/{project_id}/{instance_id}/audit/operation/edit-email/{email_id} |
dbss:auditInstance:configAlarmEmail |
- |
√ |
√ |
|
Grants permission to query alarm configurations. |
GET /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-config GET /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-config-topic |
dbss:auditInstance:getAlarmConfig |
- |
√ |
√ |
|
Grants permission to query risk rule policies. |
GET /dbss/v1/{project_id}/{instance_id}/audit/rule/risk GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/rule/risk POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/search-rules POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/list-rules |
dbss:auditInstance:listRiskRules |
- |
√ |
√ |
|
Grants permission to export database configurations. |
POST /dbss/v1/{project_id}/obs/upload-config |
dbss:auditInstance:exportInstancesDatabaseConfig |
- |
√ |
√ |
|
Grants permission to create audit instances in yearly/monthly billing mode. |
POST /dbss/v1/charge/{project_id}/audit/period/order POST /dbss/v2/{project_id}/dbss/audit/charge/period/order |
dbss:auditInstance:createOnPeriod |
dbss::listCommonInfo |
√ |
√ |
|
Grants permission to edit custom SQL injection rules. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/{sql_id} POST /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rule/{rule_id} |
dbss:auditInstance:editSqlInjectRule |
- |
√ |
√ |
|
Grants permission to delete custom SQL injection rules. |
DELETE /dbss/v1/{project_id}/{instance_id}/audit/rule/sql/{sql_id} DELETE /dbss/v1/{project_id}/{instance_id}/audit/rule/sql-rule/{rule_id} |
dbss:auditInstance:deleteSqlInjectRule |
- |
√ |
√ |
|
Grants permission to delete privacy data protection rules. |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/delete-rules DELETE /dbss/v1/{project_id}/{instance_id}/audit/sensitive/masks/{rule_id} |
dbss:auditInstance:deleteSensitiveRule |
- |
√ |
√ |
|
Grants permission to delete an audit scope rule. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/delete-scope DELETE /dbss/v1/{project_id}/{instance_id}/audit/rule/scopes/{scope_id} |
dbss:auditInstance:deleteAuditScopeRule |
- |
√ |
√ |
|
Grants permission to delete a risk rule. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/delete-risk DELETE /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/{risk_id} |
dbss:auditInstance:deleteRiskRule |
- |
√ |
√ |
|
Grants permission to delete local backup information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/del-backup DELETE /dbss/v1/{project_id}/{instance_id}/audit/backups/{id} |
dbss:auditInstance:deleteBackup |
- |
√ |
√ |
|
Grants permission to query backup information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/status POST /dbss/v1/{project_id}/{instance_id}/audit/backups POST /dbss/v1/{project_id}/{instance_id}/audit/backup/get-backup GET /dbss/v1/{project_id}/{instance_id}/audit/backup/status |
dbss:auditInstance:listBackups |
- |
√ |
√ |
|
Grants permission to obtain backup configuration information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/auto-backup-template GET /dbss/v1/{project_id}/{instance_id}/audit/backup/bucket-name GET /dbss/v1/{project_id}/{instance_id}/audit/backup/auto-backup-template GET /dbss/v1/{project_id}/{instance_id}/audit/backup/bucket-path |
dbss:auditInstance:getBackupConfig |
- |
√ |
√ |
|
Grants permission to edit an audit scope rule. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/edit-rule/{scope-id} POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scopes/{scope_id} |
dbss:auditInstance:editAuditScopeRule |
- |
√ |
√ |
|
Grants permission to query audit instance information. |
GET /dbss/v1/{project_id}/dbss/audit/list-instances GET /dbss/v1/{project_id}/dbss/audit/instances |
dbss:auditInstance:instanceList |
- |
√ |
√ |
|
Grants permission to create audit instances in pay-per-use mode. |
POST /dbss/v1/{project_id}/dbss/audit/create-instance POST /dbss/v1/{project_id}/dbss/audit/instances |
dbss:auditInstance:createOnDemand |
dbss::listCommonInfo |
√ |
√ |
|
Grants permission to query public information. |
GET /dbss/v2/{project_id}/dbss/audit/availability-zone |
dbss::listCommonInfo |
- |
√ |
√ |
|
Grants permission to query the overview of all audit instances. |
GET /dbss/v1/{project_id}/audit/summary/info GET /dbss/v1/{project_id}/audit/risk/statistics |
dbss:auditInstance:listInstancesSummaryInfo |
- |
√ |
√ |
|
Grants permission to query the status of overview tasks. |
GET /dbss/v2/{project_id}/audit/summary/{busi_type}/taskstatus GET /dbss/v1/{project_id}/audit/summary/{busi_type}/taskstatus |
dbss::getauditInstancesSummaryTaskStatus |
- |
√ |
√ |
|
Grants permission to update the overview of all audit instances. |
POST /dbss/v1/{project_id}/audit/summary/{busi_type}/taskstatus |
dbss::updateAuditInstancesSummaryInfo |
- |
√ |
√ |
|
Grants permission to modify the scheduled task configuration information of reports. |
POST /dbss/v1/{project_id}/{instance_id}/audit/reports/templates-topic/scheduler/config-task POST /dbss/v1/{project_id}/{instance_id}/audit/reports/templates/scheduler/config-task |
dbss:auditInstance:setReporterConfig |
- |
√ |
√ |
|
Grants permission to obtain the scheduled task configuration information of reports. |
GET /dbss/v1/{project_id}/{instance_id}/audit/reports/templates-topic/scheduler/{template_id} GET /dbss/v1/{project_id}/{instance_id}/audit/reports/templates/scheduler/{template_id} |
dbss:auditInstance:getReporterConfig |
- |
√ |
√ |
|
Grants permission to add a self-built database. |
POST /dbss/v1/{project_id}/{instance_id}/audit/databases POST /dbss/v1/{project_id}/{instance_id}/audit/operation/databases POST /dbss/v1/{project_id}/{instance_id}/audit/operation/create-database |
dbss:auditInstance:addBareDatabase |
- |
√ |
√ |
|
Grants permission to query the database list. |
GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/databases GET /dbss/v1/{project_id}/{instance_id}/audit/operation/databases GET /dbss/v1/{project_id}/{instance_id}/audit/operation/list-databases |
dbss:auditInstance:listDatabases |
- |
√ |
√ |
|
Grants permission to enable or disable database audit. |
POST /dbss/v1/{project_id}/{instance_id}/audit/operation/switch POST /dbss/v2/{project_id}/{instance_id}/audit/databases/switch |
dbss:auditInstance:switchDatabase |
- |
√ |
√ |
|
Grants permission to delete a database. |
DELETE /dbss/v2/{project_id}/{instance_id}/audit/databases/{db_id} POST /dbss/v1/{project_id}/{instance_id}/audit/operation/database/delete POST /dbss/v1/{project_id}/{instance_id}/audit/operation/delete-database |
dbss:auditInstance:deleteDatabase |
- |
√ |
√ |
|
Grants permission to add an audit scope rule. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scopes POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/add-rule |
dbss:auditInstance:addAuditScopeRule |
- |
√ |
√ |
|
Grants permission to enable or disable audit scope rules. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/scope/switch |
dbss:auditInstance:switchAuditScopeRule |
- |
√ |
√ |
|
Grants permission to add a risk rule. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/add-rule |
dbss:auditInstance:addRiskRule |
- |
√ |
√ |
|
Grants permission to enable or disable a risk rule. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/switch |
dbss:auditInstance:switchRiskRule |
- |
√ |
√ |
|
Grants permission to edit risk rules. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/{risk_id} POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/edit-risk/{risk_id} |
dbss:auditInstance:editRiskRule |
- |
√ |
√ |
|
Grants permission to set risk rule priorities. |
POST /dbss/v1/{project_id}/{instance_id}/audit/rule/risk/rank-risk |
dbss:auditInstance:setRiskRulePriority |
- |
√ |
√ |
|
Grants permission to query the overview of audit instances. |
POST /dbss/v1/{project_id}/{instance_id}/audit/general/risk-statistics POST /dbss/v1/{project_id}/{instance_id}/audit/general/session-statistics POST /dbss/v1/{project_id}/{instance_id}/audit/general/sql-statistics POST /dbss/v1/{project_id}/{instance_id}/audit/general/synopsis-statistics |
dbss:auditInstance:listStatistics |
- |
√ |
√ |
|
Grants permission to query privacy data masking rules. |
GET /dbss/v1/{project_id}/{instance_id}/audit/sensitive/masks GET /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/list-rules GET /dbss/v1/{project_id}/{instance_id}/dbss/audit/sensitive/masks GET /dbss/v1/{project_id}/{instance_id}/audit/sensitive/result/switch GET /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/switch |
dbss:auditInstance:listSensitiveRules |
- |
√ |
√ |
|
Grants permission to enable or disable the result set storage. |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/result/switch |
dbss:auditInstance:modifySensitiveRuleSaveResultSwitch |
- |
√ |
√ |
|
Grants permission to enable or disable the privacy data masking function. |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/switch |
dbss:auditInstance:modifySensitiveRuleAnonymizeSwitch |
- |
√ |
√ |
|
Grants permission to enable or disable privacy data protection rules. |
POST /dbss/v1/{project_id}/{instance_id}/audit/sensitive/mask/rule/switch |
dbss:auditInstance:switchSensitiveRule |
- |
√ |
√ |
|
Grants permission to query alarm information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-log POST /dbss/v1/{project_id}/{instance_id}/audit/alarm-log |
dbss:auditInstance:listAlarmItems |
- |
√ |
√ |
|
Grants permission to mark alarms. |
PUT /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-log/{alarm_id} POST /dbss/v1/{project_id}/{instance_id}/audit/general/mark-alarm-log |
dbss:auditInstance:markAlarm |
- |
√ |
√ |
|
Grants permission to delete alarms. |
DELETE /dbss/v1/{project_id}/{instance_id}/audit/general/alarm-log/{alarm_id} |
dbss:auditInstance:deleteAlarm |
- |
√ |
√ |
|
Grants permission to restore backups. |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/restore |
dbss:auditInstance:restoreBackup |
- |
√ |
√ |
|
Grants permissions to retry backups. |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/retry |
dbss:auditInstance:retryBackup |
- |
√ |
√ |
|
Grants permission to obtain risk export configurations. |
GET /dbss/v1/{project_id}/{instance_id}/audit/backup/risk-templates GET /dbss/v1/{project_id}/{instance_id}/audit/backup/risk-template/{db_id} |
dbss:auditInstance:getRiskBackupConfigInfo |
- |
√ |
√ |
|
Grants permission to enable or disable risk export. |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/risk/switch POST /dbss/v1/{domain_id}/{instance_id}/audit/backup/risk/global/switch |
dbss:auditInstance:switchRiskBackup |
- |
√ |
√ |
|
Grants permission to obtain risk export OBS bucket information. |
GET /dbss/v1/{project_id}/{instance_id}/audit/backup/risk-bucket-path |
dbss:auditInstance:getRiskBackupBucketInfo |
- |
√ |
√ |
|
Grants permission to set risk export OBS bucket information. |
POST /dbss/v1/{project_id}/{instance_id}/audit/backup/risk-bucket-path POST /dbss/v1/{domain_id}/{instance_id}/audit/backup/risk-bucket-path/global |
dbss:auditInstance:setRiskBackupBucketInfo |
- |
√ |
√ |
|
Grants permission to add an RDS database. |
POST /dbss/v1/{project_id}/{instance_id}/dbss/audit/databases/rds POST /dbss/v1/{project_id}/{instance_id}/audit/operation/rds POST /dbss/v1/{project_id}/{instance_id}/audit/operation/create-guassdb-rds POST /dbss/v2/{project_id}/{instance_id}/audit/databases/rds |
dbss:auditInstance:addRdsDatabase |
- |
√ |
√ |
|
Grants permission to obtain DBSS information. |
GET /dbss/v1/{project_id}/dbss/server-info |
dbss::getServerInfo |
- |
√ |
√ |
|
Grants permission to query view instance task creation information. |
GET /dbss/v1/{project_id}/dbss/audit/jobs/{resource_id} GET /dbss/v1/{project_id}/dbss/audit/list-jobs/{resource_id} |
dbss::getAuditInstanceJob |
- |
√ |
√ |
|
Grants permission to query audit instance task creation information. |
GET /dbss/v1/{project_id}/dbss/audit/list-jobs |
dbss:auditInstance:listJobs |
- |
√ |
√ |
|
Grants permission to query the OBS bucket list. |
GET /dbss/v1/{project_id}/obs/audit/backup/obs-buckets |
dbss::listObsBuckets |
- |
√ |
√ |
|
Grants permission to delete audit instances. |
DELETE /dbss/v1/{project_id}/dbss/audit/delete-instance |
dbss:auditInstance:instanceDelete |
- |
√ |
√ |
|
Grants permission to query audit instances by tag. |
POST /dbss/v1/{project_id}/{resource_type}/resource-instances/filter POST /dbss/v1/{project_id}/{resource_type}/resource-instances/count |
dbss::listResourcesByTag |
- |
√ |
√ |
|
Grants permission to add instance tags in batches. |
POST /dbss/v1/{project_id}/{resource_type}/{resource_id}/tags/create |
dbss::tagResource |
- |
√ |
√ |
|
Grants permission to delete instance tags in batches. |
DELETE dbss::listCommonInfo /dbss/v1/{project_id}/{resource_type}/{resource_id}/tags/delete |
dbss::unTagResource |
- |
√ |
√ |
|
Grants permission to query all tags of a project. |
GET /dbss/v1/{project_id}/{resource_type}/tags |
dbss::listTags |
- |
√ |
√ |
|
Grants permission to query instance tags. |
GET /dbss/v1/{project_id}/{resource_type}/{resource_id}/tags |
dbss::listTagsForResource |
- |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
