Help Center/ GeminiDB/ API Reference/ Permissions and Supported Actions/ Actions Supported by Policy-based Authorization
Updated on 2025-11-27 GMT+08:00
View PDF
Share

Actions Supported by Policy-based Authorization

This section describes the actions supported by GeminiDB in policy-based authorization.

Supported Actions

GeminiDB provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Actions supported by policies are specific to APIs. Common concepts related to policies include:

  • Permissions: statements that allow or deny certain operations
  • APIs: REST APIs that can be called by a user who has been granted specific permissions.
  • Actions: specific operations that are allowed or denied in a custom policy.
  • Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
  • IAM or enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.

GeminiDB supports the following actions in custom policies:

"√" indicates that the permission is supported, and "x" indicates that the permission is not supported.

Table 1 Querying API versions

Permission

API

Action

IAM Project

Enterprise Project

Querying API versions

GET /

-

-

-

Querying API version information

GET /{version}

-

-

-
Table 2 API version and specifications

Permission

API

Action

IAM Project

Enterprise Project

Querying database specifications

GET /v3.1/{project_id}/flavors

-

-

-

Querying database version information

GET /v3/{project_id}/datastores/{datastore_name}/versions

-

-

-

Querying dedicated resources

GET /v3/{project_id}/dedicated-resources

-

-

-
Table 3 Instance management

Permission

API

Action

IAM Project

Enterprise Project

Creating an instance

POST /v3/{project_id}/instances

nosql:instance:create

Deleting an instance

DELETE /v3/{project_id}/instances/{instance_id}

nosql:instance:delete

Querying instances and details

GET /v3/{project_id}/instances

nosql:instance:list

Scaling up storage

POST /v3/{project_id}/instances/{instance_id}/extend-volume

nosql:instance:modifyStorageSize

Adding nodes for a cluster instance

POST /v3/{project_id}/instances/{instance_id}/enlarge-node

nosql:instance:extendNode

Deleting nodes from a cluster instance

POST /v3/{project_id}/instances/{instance_id}/reduce-node

nosql:instance:reduceNode

Obtaining node sessions

GET /v3/{project_id}/redis/nodes/{node_id}/sessions

nosql:session:list

Querying session statistics of an instance node

GET /v3/{project_id}/redis/nodes/{node_id}/session-statistics

nosql:session:list

Closing sessions on an instance node

DELETE /v3/{project_id}/redis/nodes/{node_id}/sessions

nosql:session:delete

Querying changeable specifications

GET /v3/{project_id}/instances/{instance_id}/available-flavors

nosql:instance:list

Changing instance specifications

PUT /v3/{project_id}/instances/{instance_id}/resize

nosql:instance:modifySpecification

Changing the administrator password

PUT /v3/{project_id}/instances/{instance_id}/password

nosql:instance:modifyPasswd

Changing an instance name

PUT /v3/{project_id}/instances/{instance_id}/name

nosql:instance:rename

Changing the security group of an instance

PUT /v3/{project_id}/instances/{instance_id}/security-group

nosql:instance:modifySecurityGroup

Patching a database

POST /v3/{project_id}/instances/{instance_id}/db-upgrade

nosql:instance:upgradeDatabaseVersion

Patching databases in batches

POST /v3/{project_id}/instances/db-upgrade

nosql:instance:batchUpgradeDatabaseVersion

Creating cold storage

POST /v3/{project_id}/instances/{instance_id}/cold-volume

nosql:instance:modifyStorageSize

Scaling up cold storage

PUT /v3/{project_id}/instances/{instance_id}/cold-volume

nosql:instance:modifyStorageSize

Binding or unbinding an EIP

POST /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/public-ip

nosql:instance:bindPublicIp

Enabling or disabling SSL

POST /v3/{project_id}/instances/{instance_id}/ssl-option

nosql:instance:switchSSL

Restarting an instance or node

POST /v3/{project_id}/instances/{instance_id}/restart

nosql:instance:restart

Setting an autoscaling policy for storage

PUT /v3/{project_id}/instances/disk-auto-expansion

nosql:instance:modifyStorageSize

Changing a database port

PUT /v3/{project_id}/instances/{instance_id}/port

nosql:instance:modifyPort

Checking password strength

POST /v3/{project_id}/weak-password-verification

-

-

-

Configuring access to a replica set across CIDR blocks

POST /v3/{project_id}/instances/{instance_id}/client-network

nosql:instance:setSourceSubnet

Deleting nodes that failed to be added

DELETE /v3/{project_id}/instances/{instance_id}/enlarge-failed-nodes

nosql:instance:delete

Querying IP addresses required for creating an instance or adding nodes

GET /v3/{project_id}/ip-num-requirement

-

-

-

Querying the autoscaling policy

GET /v3/{project_id}/instances/{instance_id}/disk-auto-expansion

nosql:instance:list

Scaling storage

PUT /v3/{project_id}/instances/{instance_id}/volume

nosql:instance:modifyStorageSize

Querying high-risk commands

GET /v3/{project_id}/instances/{instance_id}/high-risk-commands

nosql:command:list

Modifying high-risk commands

PUT /v3/{project_id}/instances/{instance_id}/high-risk-commands

nosql:instances:modifyHighRiskCommands

Querying hot keys of a GeminiDB Redis instance

GET /v3/{project_id}/instances/{instance_id}/hot-keys

nosql:instance:getHotKeys

Setting disabled commands for a GeminiDB Redis instance

POST /v3/{project_id}/redis/instances/{instance_id}/disabled-commands

nosql:instance:setRedisDisabledCommands

Querying disabled commands for a GeminiDB Redis instance

GET /v3/{project_id}/redis/instances/{instance_id}/disabled-commands

nosql:instance:listRedisDisabledCommands

Deleting disabled commands for a GeminiDB Redis instance

DELETE /v3/{project_id}/redis/instances/{instance_id}/disabled-commands

nosql:instance:deleteRedisDisabledCommands

Setting the maintenance period of an instance

PUT /v3/{project_id}/instances/{instance_id}/maintenance-window

nosql:instance:modifyMaintenanceWindow

Performing a primary/standby switchover for GeminiDB Redis instances

PUT /v3/{project_id}/instance/{instance_id}/switchover

nosql:instance:switchover

Starting and stopping nodes

PUT /v3/{project_id}/instances/{instance_id}/nodes

nosql:instance:switchNodeStatus

Querying big keys of a GeminiDB Redis instance

POST /v3/{project_id}/instances/{instance_id}/big-keys

nosql:instance:getBigKeys

Querying the password-free configuration of a GeminiDB Redis instance

GET /v3/{project_id}/instances/{instance_id}/passwordless-config

nosql:instance:getPasswordlessConfig

Modifying the password-free configuration of a GeminiDB Redis instance

PUT /v3/{project_id}/instances/{instance_id}/passwordless-config

nosql:instance:setPasswordlessConfig

Querying memory acceleration mappings and details

GET /v3/{project_id}/dbcache/mappings

nosql:instance:listDBCacheMappings

Creating a memory acceleration rule

POST /v3/{project_id}/dbcache/rule

nosql:instance:createDBCacheRule

Deleting a memory mapping

DELETE /v3/{project_id}/dbcache/mapping

nosql:instance:deleteDBCacheMapping

Creating a memory mapping

POST /v3/{project_id}/dbcache/mapping

nosql:instance:createDBCacheMapping

Modifying a memory acceleration rule

PUT /v3/{project_id}/dbcache/rule

nosql:instance:updateDBCacheRule

Querying memory acceleration rules and details

GET /v3/{project_id}/dbcache/rules

nosql:instance:listDBCacheRules

Deleting a memory acceleration rule

DELETE /v3/{project_id}/dbcache/rule

nosql:instance:deleteDBCacheRule

Enabling or disabling instance data export

PUT /v3/{project_id}/instances/{instance_id}/data-dump

nosql:instance:operateDataDump

Enabling or disabling second-level monitoring

PUT /v3/{project_id}/instances/{instance_id}/monitoring-by-seconds/switch

nosql:instance:secondLevelMonitoring

Querying second-level monitoring configurations

GET /v3/{project_id}/instances/{instance_id}/monitoring-by-seconds/switch

nosql:instance:secondLevelMonitoring

Configuring an automatic scale-out policy

PUT /v3/{project_id}/instances/{instance_id}/node-auto-expansion-policy

nosql:instance:extendNode

Querying an automatic scale-out policy

GET /v3/{project_id}/instances/{instance_id}/node-auto-expansion-policy

nosql:instance:list

Obtaining the SSL certificate download address

GET /v3/{project_id}/instances/{instance_id}/ssl-cert/download-link

nosql:instance:listDBCacheRules

Changing a load balancing address

PUT /v3/{project_id}/instances/{instance_id}/lb

nosql:instance:modifyInstanceLb

Table 4 Connection management

Permission

API

Action

IAM Project

Enterprise Project

Obtaining instance sessions

GET /v3/{project_id}/instances/{instance_id}/sessions

nosql:session:list

Closing all node sessions of an instance

DELETE /v3/{project_id}/instances/{instance_id}/sessions

nosql:session:delete

Table 5 Backup and restoration

Permission

API

Action

IAM Project

Enterprise Project

Querying backups

GET /v4/{project_id}/backups

nosql:backup:list

Querying backups

GET /v3.1/{project_id}/backups

nosql:backup:list

Querying an automated backup policy

GET /v3.1/{project_id}/instances/{instance_id}/backups/policy

nosql:backup:list

Querying an automated backup policy

GET /v3/{project_id}/instances/{instance_id}/backups/policy

nosql:backup:list

Setting an automated backup policy

PUT /v3/{project_id}/instances/{instance_id}/backups/policy

nosql:instance:modifyBackupPolicy

Querying instances that can be restored

GET /v3/{project_id}/backups/{backup_id}/restorable-instances

nosql:instance:list

Querying the time window when a backup can be restored

GET /v3/{project_id}/instances/{instance_id}/backups/restorable-time-periods

nosql:backup:list

Creating a manual backup

POST /v3/{project_id}/instances/{instance_id}/backups

nosql:backup:create

Deleting a manual backup

DELETE /v3/{project_id}/backups/{backup_id}

nosql:backup:delete

Restoring data to an existing instance

POST /v3/{project_id}/instances/{instance_id}/recovery

nosql:backup:refreshInstanceFromBacku

Querying a recycling policy

GET /v3/{project_id}/instances/recycle-policy

nosql:instance:list

Modifying a recycling policy

PUT /v3/{project_id}/instances/recycle-policy

nosql:recyclePolicy:set

Querying instances in the recycle bin

GET /v3/{project_id}/recycle-instances

nosql:instance:list

Obtaining GeminiDB Cassandra instance database information restored using tables

GET /v3/{project_id}/instances/{instance_id}/databases

nosql:backup:list

Obtaining GeminiDB Cassandra instance table information restored using tables

GET /v3/{project_id}/instances/{instance_id}/tables

nosql:backup:list

Restoring data of the current GeminiDB Redis instance to a specified point in time

PUT /v3/{project_id}/redis/instances/{instance_id}/pitr

nosql:instance:redisPitrRestore

Setting a policy for restoring data of GeminiDB Redis instance to a specified point in time

PUT /v3/{project_id}/redis/instances/{instance_id}/pitr/policy

nosql:instance:setRedisPitrPolicy

Querying a policy for restoring data of GeminiDB Redis instance to a specified point in time

GET /v3/{project_id}/redis/instances/{instance_id}/pitr/policy

nosql:instance:getRedisPitrPolicy

Querying the time range for restoring data of GeminiDB Redis instance to a specified point in time

GET /v3/{project_id}/redis/instances/{instance_id}/pitr/restorable-time-periods

nosql:instance:listRedisPitrRestoreTime

Querying the storage space used for restoring data of GeminiDB Redis instance to a specified point in time

GET /v3/{project_id}/redis/instances/{instance_id}/pitr

nosql:instance:getRedisPitrInfo

Stopping a backup

PUT /v3/{project_id}/backups/{backup_id}

nosql:backup:stop

Deleting manual backups in batches

DELETE /v3/{project_id}/instances/backups

nosql:backup:delete

Importing a data file to an existing instance

POST /v3/{project_id}/redis/instances/{instance_id}/recovery

nosql:instance:redisDataRestore

Table 6 Parameter settings

Permission

API

Action

IAM Project

Enterprise Project

Obtaining parameter templates

GET /v3.1/{project_id}/configurations

nosql:param:list

Applying a parameter template

PUT /v3.1/{project_id}/configurations/{config_id}/apply

nosql:instance:modifyParameter

Modifying parameters of a specified instance

PUT /v3.1/{project_id}/instances/{instance_id}/configurations

nosql:instance:modifyParameter

Obtaining parameter templates

GET /v3/{project_id}/configurations

nosql:param:list

Creating a parameter template

POST

/v3/{project_id}/configurations

nosql:param:create

Modifying parameters in a parameter template

PUT /v3/{project_id}/configurations/{config_id}

nosql:param:modify

Resetting a custom parameter template

POST /v3/{project_id}/configurations/{config_id}/reset

nosql:param:modify

Querying instance parameter settings

GET /v3/{project_id}/instances/{instance_id}/configurations

nosql:param:list

Applying a parameter template

PUT /v3/{project_id}/configurations/{config_id}/apply

nosql:instance:modifyParameter

Modifying parameters of a specified instance

PUT /v3/{project_id}/instances/{instance_id}/configurations

nosql:instance:modifyParameter

Obtaining parameters of a specified instance

GET /v3/{project_id}/instances/{instance_id}/configurations

nosql:param:list

Obtaining parameters of a specified parameter template

GET /v3/{project_id}/configurations/{config_id}

nosql:param:list

Deleting a parameter template

DELETE /v3/{project_id}/configurations/{config_id}

nosql:param:delete

Querying instances that a parameter template can be applied to

GET /v3/{project_id}/configurations/{config_id}/applicable-instances

nosql:instance:list

Viewing parameter change history of an instance

GET /v3/{project_id}/instances/{instance_id}/configuration-histories

nosql:param:list

Viewing application records of a parameter template

GET /v3/{project_id}/configurations/{config_id}/applied-histories

nosql:param:list

Comparing parameter templates

POST /v3/{project_id}/configurations/comparison

nosql:param:list

Replicating a parameter template

POST /v3/{project_id}/configurations/{config_id}/copy

nosql:param:create

Querying APIs that support parameter templates

GET /v3/{project_id}/configurations/datastores

-

-

-
Table 7 Managing databases and accounts

Permission

API

Action

IAM Project

Enterprise Project

Creating a database account

POST /v3/{project_id}/redis/instances/{instance_id}/db-users

nosql:instance:createDatabaseUser

Changing permissions for a database account

PUT /v3/{project_id}/redis/instances/{instance_id}/db-users/privilege

nosql:instance:modifyDbUserPrivilege

Resetting the password of a database account

PUT /v3/{project_id}/redis/instances/{instance_id}/db-users/password

nosql:instance:resetDatabaseUser

Deleting a database account

DELETE /v3/{project_id}/redis/instances/{instance_id}/db-users

nosql:instance:deleteDatabaseUser

Obtaining database accounts and details

GET /v3/{project_id}/redis/instances/{instance_id}/db-users

nosql:dbuser:list

Obtaining databases in an instance

GET /v3/{project_id}/redis/instances/{instance_id}/databases

nosql:instance:resetDatabaseUser

Performing operations on GeminiDB instances

PUT /v3/{project_id}/instances/{instance_id}/databases

nosql:instance:operateDatabase

Table 8 Tag management

Permission

API

Action

IAM Project

Enterprise Project

Querying an instance by tag

POST /v3/{project_id}/instances/resource_instances/action
  • nosql:instance:list
  • nosql:tag:list

Adding or deleting resource tags in batches

POST /v3/{project_id}/instances/{instance_id}/tags/action

nosql:instance:tag

Querying tags of an instance

GET /v3/{project_id}/instances/{instance_id}/tags
  • nosql:instance:list
  • nosql:tag:list

Querying project tags

GET /v3/{project_id}/tags

nosql:tag:list

Table 9 Log management

Permission

API

Action

IAM Project

Enterprise Project

Querying slow query logs

GET /v3/{project_id}/instances/{instance_id}/slowlog?start_date={start_date}&end_date={end_date}

nosql:instance:list

Querying slow query logs of GeminiDB Redis instances

POST /v3/{project_id}/redis/instances/{instance_id}/slow-logs

nosql:instance:list

Querying slow query logs of GeminiDB Influx instances

POST /v3/{project_id}/influxdb/instances/{instance_id}/slow-logs

nosql:instance:list

Querying slow query logs of GeminiDB Cassandra instances

POST /v3/{project_id}/cassandra/instances/{instance_id}/slow-logs

nosql:instance:list

Querying slow query logs of GeminiDB Mongo instances

POST /v3/{project_id}/mongodb/instances/{instance_id}/slow-logs

nosql:instance:list

Querying database error logs

GET /v3/{project_id}/instances/{instance_id}/error-log

nosql:instance:list

Querying error logs of GeminiDB Mongo instances

POST /v3/{project_id}/mongodb/instances/{instance_id}/error-logs

nosql:instance:list

Setting the desensitization status of slow query logs

PUT /v3/{project_id}/instances/{instance_id}/slowlog-desensitization

nosql:instance:modifySlowLogPlaintextSwitch

Querying the desensitization status of slow query logs

GET /v3/{project_id}/instances/{instance_id}/slowlog-desensitization

nosql:instance:list

Associating instances with an LTS log stream

POST /v3/{project_id}/instances/logs/lts-configs

nosql:instances:saveLtsStreams

Disassociating instances from an LTS log stream

DELETE /v3/{project_id}/instances/logs/lts-configs

nosql:instances:saveLtsStreams

Querying LTS log configurations

GET /v3/{project_id}/instances/logs/lts-configs

nosql:instances:saveLtsStreams

Table 10 Quota management

Permission

API

Action

IAM Project

Enterprise Project

Querying quotas

GET /v3/{project_id}/quotas

nosql:instance:list

Table 11 DR management

Permission

API

Action

IAM Project

Enterprise Project

Querying the dual-active relationship of an instance

GET /v3/{project_id}/instances/{instance_id}/disaster-recovery/regions

nosql:instance:list

Setting the percentage of faulty nodes to be taken over

PUT /v3/{project_id}/instances/disaster-recovery/settings

nosql:dr:setDisasterRecoverySettings

Querying the percentage of faulty nodes to be taken over

GET /v3/{project_id}/instances/disaster-recovery/settings

nosql:dr:listDisasterRecoverySettings

Creating active-active relationship

POST /v3/{project_id}/instances/{instance_id}/dual-active-relationship

nosql:instance:buildBiactiveInstance

Removing active-active relationship

DELETE /v3/{project_id}/instances/{instance_id}/dual-active-relationship

nosql:instance:releaseBiactiveInstance

Table 12 Task management

Permission

API

Action

IAM Project

Enterprise Project

Querying tasks and details

GET /v3/{project_id}/jobs

nosql:task:list

Querying the maintenance period of an instance

GET /v3/{project_id}/instances/{instance_id}/ops-window

nosql:instance:maintenanceWindow

Querying a scheduled task

GET /v3/{project_id}/scheduled-jobs

nosql:task:list

Canceling a scheduled task

DELETE /v3/{project_id}/scheduled-jobs/{job_id}

nosql:instance:cancelScheduleJob

Table 13 Enterprise project management

Permission

API

Action

IAM Project

Enterprise Project

Querying enterprise project quotas

GET /v3/{project_id}/enterprise-projects/quotas

nosql:quota:list

Modifying enterprise project quotas

PUT /v3/{project_id}/enterprise-projects/quotas

nosql:quota:modify

Table 14 Instance load balancer management

Permission

API

Action

IAM Project

Enterprise Project

Configuring the blacklist or whitelist of load balancer IP addresses

PUT /v3/{project_id}/instances/{instance_id}/lb/access-control

nosql:instance:modifyInstanceLb

Querying the blacklist or whitelist of load balancer IP addresses

GET /v3/{project_id}/instances/{instance_id}/lb/access-control

nosql:instance:list