Actions Supported by Policy-based Authorization
This section describes the actions supported by TaurusDB in policy-based authorization.
Supported Actions
TaurusDB provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: statements in a policy that allow or deny certain operations
- APIs: REST APIs that can be called by a user who has been granted specific permissions
- Actions: specific operations that are allowed or denied in a custom policy
- Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
- IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.
TaurusDB supports the following actions in custom policies.
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying the DB engine version |
GET /v3/{project_id}/datastores/{database_name} |
gaussdb:instance:list |
√ |
√ |
|
Querying database specifications |
GET /v3/{project_id}/flavors/{database_name} |
gaussdb:instance:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Creating a DB instance |
POST /v3/{project_id}/instances |
gaussdb:instance:create |
√ |
√ |
|
Querying DB instances |
GET /v3/{project_id}/instances |
gaussdb:instance:list |
√ |
√ |
|
Rebooting a DB instance |
POST /v3/{project_id}/instances/{instance_id}/restart |
gaussdb:instance:restart |
√ |
√ |
|
Deleting or unsubscribing from a DB instance |
DELETE /v3/{project_id}/instances/{instance_id} |
gaussdb:instance:delete |
√ |
√ |
|
Querying details of a DB instance |
GET /v3/{project_id}/instances/{instance_id} |
gaussdb:instance:list |
√ |
√ |
|
Querying details of DB instances in batches |
GET /v3/{project_id}/instances/details |
gaussdb:instance:list |
√ |
√ |
|
Creating a read replica |
POST /v3/{project_id}/instances/{instance_id}/nodes/enlarge |
gaussdb:instance:addNodes |
√ |
√ |
|
Deleting or unsubscribing from a read replica |
DELETE /v3/{project_id}/instances/{instance_id}/nodes/{node_id} |
gaussdb:instance:deleteNodes |
√ |
√ |
|
Scaling up storage of a yearly/monthly DB instance |
POST /v3/{project_id}/instances/{instance_id}/volume/extend |
gaussdb:instance:modifyStorageSize |
√ |
√ |
|
Changing a DB instance name |
PUT /v3/{project_id}/instances/{instance_id}/name |
gaussdb:instance:rename |
√ |
√ |
|
Resetting a database password |
POST /v3/{project_id}/instances/{instance_id}/password |
gaussdb:instance:modifyPassword |
√ |
√ |
|
Changing DB instance specifications |
POST /v3/{project_id}/instances/{instance_id}/action |
gaussdb:instance:modifySpec |
√ |
√ |
|
Querying dedicated resource pools |
GET /v3/{project_id}/dedicated-resources |
gaussdb:instance:list |
√ |
√ |
|
Querying dedicated resources |
GET /v3/{project_id}/dedicated-resource/{dedicated_resource_id} |
gaussdb:instance:list |
√ |
√ |
|
Configuring the Monitoring By Seconds function |
PUT /v3/{project_id}/instances/{instance_id}/monitor-policy |
gaussdb:instance:modify gaussdb:instance:modifyMonitorPolicy |
√ |
√ |
|
Querying the configuration of Monitoring by Seconds |
GET /v3/{project_id}/instances/{instance_id}/monitor-policy |
gaussdb:instance:list |
√ |
√ |
|
Rebooting a node |
POST /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/restart |
gaussdb:instance:restart |
√ |
√ |
|
Upgrading the kernel version of a DB instance |
POST /v3/{project_id}/instances/{instance_id}/db-upgrade |
gaussdb:instance:upgrade |
√ |
√ |
|
Enabling or Disabling SSL |
PUT /v3/{project_id}/instances/{instance_id}/ssl-option |
gaussdb:instance:modifySSL |
√ |
√ |
|
Binding an EIP |
PUT /v3/{project_id}/instances/{instance_id}/public-ips/bind |
gaussdb:instance:bindPublicIp |
√ |
√ |
|
Unbinding an EIP |
PUT /v3/{project_id}/instances/{instance_id}/public-ips/unbind |
gaussdb:instance:unbindPublicIp |
√ |
√ |
|
Promoting a read replica to primary |
PUT /v3/{project_id}/instances/{instance_id}/switchover |
gaussdb:instance:switchover |
√ |
√ |
|
Changing a maintenance window |
PUT /v3/{project_id}/instances/{instance_id}/ops-window |
gaussdb:instance:modifyMaintenanceWindow |
√ |
√ |
|
Changing a security group |
PUT /v3/{project_id}/instances/{instance_id}/security-group |
gaussdb:instance:modifySecurityGroup |
√ |
√ |
|
Changing a private IP address |
PUT /v3/{project_id}/instances/{instance_id}/internal-ip |
gaussdb:instance:modifyIp |
√ |
√ |
|
Changing a database port |
PUT /v3/{project_id}/instances/{instance_id}/port |
gaussdb:instance:modifyPort |
√ |
√ |
|
Changing a DB instance description |
PUT /v3/{project_id}/instances/{instance_id}/alias |
gaussdb:instance:modify |
√ |
√ |
|
Applying for a private domain name |
POST /v3/{project_id}/instances/{instance_id}/dns |
gaussdb:instance:createDns |
√ |
√ |
|
Changing a private domain name |
PUT /v3/{project_id}/instances/{instance_id}/dns |
gaussdb:instance:modifyDns |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Modifying an automated backup policy |
PUT /v3/{project_id}/instances/{instance_id}/backups/policy/update |
gaussdb:instance:modifyBackupPolicy |
√ |
√ |
|
Creating a manual backup |
POST /v3/{project_id}/backups/create |
gaussdb:backup:create |
√ |
√ |
|
Querying backups |
GET /v3/{project_id}/backups |
gaussdb:backup:list |
√ |
√ |
|
Querying an automated backup policy |
GET /v3/{project_id}/instances/{instance_id}/backups/policy |
gaussdb:backup:list |
√ |
√ |
|
Deleting a manual backup |
DELETE /v3/{project_id}/backups/{backup_id} |
gaussdb:backup:delete |
√ |
√ |
|
Restoring data to the original instance or an existing instance |
POST /v3/{project_id}/instances/restore |
gaussdb:instance:restoreInPlace |
√ |
√ |
|
Querying the restoration time range |
GET /v3/{project_id}/instances/{instance_id}/restore-time |
gaussdb:backup:list |
√ |
√ |
|
Enabling or disabling encrypted backup |
POST /v3/{project_id}/instances/{instance_id}/backups/encryption |
gaussdb:backup:encrypt |
√ |
√ |
|
Checking whether encrypted backup is enabled |
GET /v3/{project_id}/instances/{instance_id}/backups/encryption |
gaussdb:backup:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying parameter templates |
GET /v3/{project_id}/configurations |
gaussdb:param:list |
√ |
√ |
|
Creating a parameter template |
POST /v3/{project_id}/configurations |
gaussdb:param:create |
√ |
√ |
|
Deleting a parameter template |
DELETE /v3/{project_id}/configurations/{configuration_id} |
gaussdb:param:delete |
√ |
√ |
|
Obtaining details about a parameter template |
GET /v3/{project_id}/configurations/{configuration_id} |
gaussdb:param:list |
√ |
√ |
|
Modifying parameters in a parameter template |
PUT /v3/{project_id}/configurations/{configuration_id} |
gaussdb:param:modify |
√ |
√ |
|
Applying a parameter template |
PUT /v3/{project_id}/configurations/{configuration_id}/apply |
gaussdb:param:apply |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying the instance quotas of a tenant |
GET /v3/{project_id}/project-quotas |
gaussdb:instance:list |
√ |
√ |
|
Querying enterprise project resource quotas of a tenant |
GET /v3/{project_id}/quotas |
gaussdb:instance:list |
√ |
√ |
|
Configuring enterprise project resource quotas for a tenant |
POST /v3/{project_id}/quotas |
gaussdb:quota:modify |
√ |
√ |
|
Modifying enterprise project resource quotas of a tenant |
PUT /v3/{project_id}/quotas |
gaussdb:quota:modify |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Creating a proxy instance |
POST /v3/{project_id}/instances/{instance_id}/proxy |
gaussdb:proxy:create |
√ |
√ |
|
Deleting a proxy instance |
DELETE /v3/{project_id}/instances/{instance_id}/proxy |
gaussdb:proxy:delete |
√ |
√ |
|
Querying proxy instances |
GET /v3/{project_id}/instances/{instance_id}/proxies |
gaussdb:proxy:list |
√ |
√ |
|
Querying proxy instance specifications |
GET /v3/{project_id}/instances/{instance_id}/proxy/flavors |
gaussdb:proxy:list |
√ |
√ |
|
Adding proxy nodes |
POST /v3/{project_id}/instances/{instance_id}/proxy/enlarge |
gaussdb:proxy:addNodes |
√ |
√ |
|
Changing specifications of a proxy instance |
PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/flavor |
gaussdb:proxy:modifySpec |
√ |
√ |
|
Assigning read weights |
PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/weight |
gaussdb:proxy:modifyWeight |
√ |
√ |
|
Enabling or disabling transaction splitting |
POST /v3/{project_id}/instances/{instance_id}/proxy/transaction-split |
gaussdb:proxy:modifyTransactionSplit |
√ |
√ |
|
Changing session consistency of a proxy instance |
PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/session-consistence |
gaussdb:proxy:modifyConsistency |
√ |
√ |
|
Changing the connection pool type of a proxy instance |
PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/connection-pool-type |
gaussdb:proxy:switchConnectionPoolType |
√ |
√ |
|
Changing the port of a proxy instance |
POST /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/port |
gaussdb:proxy:modifyPort |
√ |
√ |
|
Changing routing policy of a proxy instance |
PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/route-mode |
gaussdb:proxy:modifyRouteMode |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Enabling or disabling SQL Explorer |
POST /v3/{project_id}/instance/{instance_id}/audit-log/switch |
gaussdb:instance:modifyTraceSQLPolicy |
√ |
√ |
|
Querying whether SQL Explorer is enabled |
GET /v3/{project_id}/instance/{instance_id}/audit-log/switch-status |
gaussdb:instance:list |
√ |
√ |
|
Querying slow query logs |
POST /v3.1/{project_id}/instances/{instance_id}/slow-logs |
gaussdb:log:list |
√ |
√ |
|
Querying error logs |
POST /v3.1/{project_id}/instances/{instance_id}/error-logs |
gaussdb:log:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying resource tags |
GET /v3/{project_id}/instances/{instance_id}/tags |
gaussdb:tag:list |
√ |
√ |
|
Querying project tags |
GET /v3/{project_id}/tags |
gaussdb:tag:list |
√ |
√ |
|
Adding or deleting tags in batches |
POST /v3/{project_id}/instances/{instance_id}/tags/action |
gaussdb:instance:dealTag |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Creating a database account |
POST /v3/{project_id}/instances/{instance_id}/db-users |
gaussdb:user:create |
√ |
√ |
|
Querying database users |
GET /v3/{project_id}/instances/{instance_id}/db-users |
gaussdb:user:list |
√ |
√ |
|
Deleting a database user |
DELETE /v3/{project_id}/instances/{instance_id}/db-users |
gaussdb:user:delete |
√ |
√ |
|
Modifying the description of a database user |
PUT /v3/{project_id}/instances/{instance_id}/db-users/comment |
gaussdb:database:modify |
√ |
√ |
|
Changing the password of a database user |
PUT /v3/{project_id}/instances/{instance_id}/db-users/password |
gaussdb:user:modify |
√ |
√ |
|
Authorizing permissions to a database user |
POST /v3/{project_id}/instances/{instance_id}/db-users/privilege |
gaussdb:user:grantPrivilege |
√ |
√ |
|
Deleting permissions of a database user |
DELETE /v3/{project_id}/instances/{instance_id}/db-users/privilege |
gaussdb:user:revokePrivilege |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying available database character sets |
GET /v3/{project_id}/instances/{instance_id}/databases/charsets |
gaussdb:database:list |
√ |
√ |
|
Creating a database |
POST /v3/{project_id}/instances/{instance_id}/databases |
gaussdb:database:create |
√ |
√ |
|
Querying databases |
GET /v3/{project_id}/instances/{instance_id}/databases |
gaussdb:database:list |
√ |
√ |
|
Deleting a database |
DELETE /v3/{project_id}/instances/{instance_id}/databases |
gaussdb:database:delete |
√ |
√ |
|
Modifying the description of a database |
PUT /v3/{project_id}/instances/{instance_id}/databases/comment |
gaussdb:user:modify |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Enabling or disabling SQL throttling |
POST /v3/{project_id}/instances/{instance_id}/sql-filter/switch |
gaussdb:param:modify |
√ |
√ |
|
Querying whether SQL throttling is enabled |
GET /v3/{project_id}/instances/{instance_id}/sql-filter/switch |
gaussdb:param:list |
√ |
√ |
|
Configuring SQL throttling rules |
PUT /v3/{project_id}/instances/{instance_id}/sql-filter/rules |
gaussdb:param:modify |
√ |
√ |
|
Querying SQL throttling rules |
GET /v3/{project_id}/instances/{instance_id}/sql-filter/rules |
gaussdb:param:list |
√ |
√ |
|
Deleting SQL throttling rules |
DELETE /v3/{project_id}/instances/{instance_id}/sql-filter/rules |
gaussdb:param:modify |
√ |
√ |
|
Querying user session threads on a node |
GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/processes |
gaussdb:instance:listProcesses |
√ |
√ |
|
Terminating user session threads on a node |
DELETE /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/processes |
gaussdb:instance:deleteProcesses |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Obtaining information about a task with a specified ID |
GET /v3/{project_id}/jobs |
gaussdb:instance:list |
√ |
√ |
|
Obtaining instant tasks |
GET /v3/{project_id}/immediate-jobs |
gaussdb:instance:list |
√ |
√ |
|
Obtaining scheduled tasks |
GET /v3/{project_id}/scheduled-jobs |
gaussdb:instance:list |
√ |
√ |
|
Canceling a scheduled task |
DELETE /v3/{project_id}/scheduled-jobs |
gaussdb:instance:delete |
√ |
√ |
|
Deleting a task record |
DELETE /v3/{project_id}/jobs/{job_id} |
gaussdb:instance:delete |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
