Actions Supported by Policy-based Authorization
This section describes the actions supported by TaurusDB in policy-based authorization.
Supported Actions
TaurusDB provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: statements in a policy that allow or deny certain operations
- APIs: REST APIs that can be called by a user who has been granted specific permissions
- Actions: specific operations that are allowed or denied in a custom policy
- Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
- IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.
TaurusDB supports the following actions in custom policies.
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Querying the DB engine version | GET /v3/{project_id}/datastores/{database_name} | gaussdb:instance:list | √ | √ |
| Querying database specifications | GET /v3/{project_id}/flavors/{database_name} | gaussdb:instance:list | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Creating a DB instance | POST /v3/{project_id}/instances | gaussdb:instance:create | √ | √ |
| Rebooting a DB instance | POST /v3/{project_id}/instances/{instance_id}/restart | gaussdb:instance:restart | √ | √ |
| Deleting or unsubscribing from a DB instance | DELETE /v3/{project_id}/instances/{instance_id} | gaussdb:instance:delete | √ | √ |
| Creating a read replica | POST /v3/{project_id}/instances/{instance_id}/nodes/enlarge | gaussdb:instance:addNodes | √ | √ |
| Deleting or unsubscribing from a read replica | DELETE /v3/{project_id}/instances/{instance_id}/nodes/{node_id} | gaussdb:instance:deleteNodes | √ | √ |
| Scaling up storage of a yearly/monthly DB instance | POST /v3/{project_id}/instances/{instance_id}/volume/extend | gaussdb:instance:modifyStorageSize | √ | √ |
| Changing a DB instance name | PUT /v3/{project_id}/instances/{instance_id}/name | gaussdb:instance:rename | √ | √ |
| Resetting a database password | POST /v3/{project_id}/instances/{instance_id}/password | gaussdb:instance:modifyPassword | √ | √ |
| Changing DB instance specifications | POST /v3/{project_id}/instances/{instance_id}/action | gaussdb:instance:modifySpec | √ | √ |
| Querying dedicated resource pools | GET /v3/{project_id}/dedicated-resources | gaussdb:instance:list | √ | √ |
| Querying dedicated resources | GET /v3/{project_id}/dedicated-resource/{dedicated_resource_id} | gaussdb:instance:list | √ | √ |
| Configuring the Monitoring By Seconds function | PUT /v3/{project_id}/instances/{instance_id}/monitor-policy | gaussdb:instance:modify gaussdb:instance:modifyMonitorPolicy | √ | √ |
| Querying the configuration of Monitoring by Seconds | GET /v3/{project_id}/instances/{instance_id}/monitor-policy | gaussdb:instance:list | √ | √ |
| Rebooting a node | POST /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/restart | gaussdb:instance:restart | √ | √ |
| Upgrading the kernel version of a DB instance | POST /v3/{project_id}/instances/{instance_id}/db-upgrade | gaussdb:instance:upgrade | √ | √ |
| Enabling or Disabling SSL | PUT /v3/{project_id}/instances/{instance_id}/ssl-option | gaussdb:instance:modifySSL | √ | √ |
| Binding an EIP | PUT /v3/{project_id}/instances/{instance_id}/public-ips/bind | gaussdb:instance:bindPublicIp | √ | √ |
| Unbinding an EIP | PUT /v3/{project_id}/instances/{instance_id}/public-ips/unbind | gaussdb:instance:unbindPublicIp | √ | √ |
| Promoting a read replica to primary | PUT /v3/{project_id}/instances/{instance_id}/switchover | gaussdb:instance:switchover | √ | √ |
| Changing a maintenance window | PUT /v3/{project_id}/instances/{instance_id}/ops-window | gaussdb:instance:modifyMaintenanceWindow | √ | √ |
| Changing a security group | PUT /v3/{project_id}/instances/{instance_id}/security-group | gaussdb:instance:modifySecurityGroup | √ | √ |
| Changing a private IP address | PUT /v3/{project_id}/instances/{instance_id}/internal-ip | gaussdb:instance:modifyIp | √ | √ |
| Changing a database port | PUT /v3/{project_id}/instances/{instance_id}/port | gaussdb:instance:modifyPort | √ | √ |
| Changing a DB instance description | PUT /v3/{project_id}/instances/{instance_id}/alias | gaussdb:instance:modify | √ | √ |
| Applying for a private domain name | POST /v3/{project_id}/instances/{instance_id}/dns | gaussdb:instance:createDns | √ | √ |
| Changing a private domain name | PUT /v3/{project_id}/instances/{instance_id}/dns | gaussdb:instance:modifyDns | √ | √ |
| Querying DB instances | GET /v3/{project_id}/instances | gaussdb:instance:list | √ | √ |
| Querying details of a DB instance | GET /v3/{project_id}/instances/{instance_id} | gaussdb:instance:list | √ | √ |
| Querying details of DB instances in batches | GET /v3/{project_id}/instances/details | gaussdb:instance:list | √ | √ |
| Querying a dynamic serverless compute policy | GET /v3/{project_id}/instances/{instance_id}/serverless/dynamic-policy | gaussdb:serverless:getDynamicPolicy | √ | √ |
| Configuring a dynamic serverless compute policy | POST /v3/{project_id}/instances/{instance_id}/serverless/dynamic-policy | gaussdb:serverless:updateDynamicPolicy | √ | √ |
| Deleting a dynamic serverless compute policy | DELETE /v3/{project_id}/instances/{instance_id}/serverless/dynamic-policy | gaussdb:serverless:deleteDynamicPolicy | √ | √ |
| Batch changing instance specifications | POST /v3/{project_id}/instances/batch/flavor | gaussdb:instance:modifySpec | √ | √ |
| Querying whether an instance has scheduled tasks of the same type | POST /v3/{project_id}/instances/{instance_id}/schedule-tasks/exist | gaussdb:instance:list | √ | √ |
| Upgrading minor versions of instances in batches | POST /v3/{project_id}/instances/database-version/upgrade | gaussdb:instance:upgrade | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Configuring a same-region backup policy | PUT /v3/{project_id}/instances/{instance_id}/backups/policy/update | gaussdb:instance:modifyBackupPolicy | √ | √ |
| Creating a manual backup | POST /v3/{project_id}/backups/create | gaussdb:backup:create | √ | √ |
| Querying full backups | GET /v3/{project_id}/backups | gaussdb:backup:list | √ | √ |
| Querying an automated backup policy | GET /v3/{project_id}/instances/{instance_id}/backups/policy | gaussdb:backup:list | √ | √ |
| Deleting a manual backup | DELETE /v3/{project_id}/backups/{backup_id} | gaussdb:backup:delete | √ | √ |
| Restoring data to the original instance or an existing instance | POST /v3/{project_id}/instances/restore | gaussdb:instance:restoreInPlace | √ | √ |
| Querying the restoration time range | GET /v3/{project_id}/instances/{instance_id}/restore-time | gaussdb:backup:list | √ | √ |
| Enabling or disabling encrypted backup | POST /v3/{project_id}/instances/{instance_id}/backups/encryption | gaussdb:backup:encrypt | √ | √ |
| Checking whether encrypted backup is enabled | GET /v3/{project_id}/instances/{instance_id}/backups/encryption | gaussdb:backup:list | √ | √ |
| Querying the backups of a specified instance | GET /v3/{project_id}/instances/{instance_id}/backups | gaussdb:backup:list | √ | √ |
| Deleting manual backups in batches | DELETE /v3/{project_id}/backups | gaussdb:backup:delete | √ | √ |
| Querying the backups of a specified instance | GET /v3/{project_id}/instances/{instance_id}/backups | gaussdb:backup:list | √ | √ |
| Querying backup resource package specifications | GET /v3/{project_id}/backups/resource-package/flavors | gaussdb:backup:listResourcePackageFlavor | √ | √ |
| Creating a backup resource package | POST /v3/{project_id}/backups/resource-package | gaussdb:backup:createResourcePackage | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Querying parameter templates | GET /v3/{project_id}/configurations | gaussdb:param:list | √ | √ |
| Creating a parameter template | POST /v3/{project_id}/configurations | gaussdb:param:create | √ | √ |
| Deleting a parameter template | DELETE /v3/{project_id}/configurations/{configuration_id} | gaussdb:param:delete | √ | √ |
| Obtaining details about a parameter template | GET /v3/{project_id}/configurations/{configuration_id} | gaussdb:param:list | √ | √ |
| Modifying parameters in a parameter template | PUT /v3/{project_id}/configurations/{configuration_id} | gaussdb:param:modify | √ | √ |
| Applying a parameter template | PUT /v3/{project_id}/configurations/{configuration_id}/apply | gaussdb:param:apply | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Querying the instance quotas of a tenant | GET /v3/{project_id}/project-quotas | gaussdb:instance:list | √ | √ |
| Querying enterprise project resource quotas of a tenant | GET /v3/{project_id}/quotas | gaussdb:instance:list | √ | √ |
| Configuring enterprise project resource quotas for a tenant | POST /v3/{project_id}/quotas | gaussdb:quota:modify | √ | √ |
| Modifying enterprise project resource quotas of a tenant | PUT /v3/{project_id}/quotas | gaussdb:quota:modify | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Creating a proxy instance | POST /v3/{project_id}/instances/{instance_id}/proxy | gaussdb:proxy:create | √ | √ |
| Deleting a proxy instance | DELETE /v3/{project_id}/instances/{instance_id}/proxy | gaussdb:proxy:delete | √ | √ |
| Querying proxy instances | GET /v3/{project_id}/instances/{instance_id}/proxies | gaussdb:proxy:list | √ | √ |
| Querying proxy instance specifications | GET /v3/{project_id}/instances/{instance_id}/proxy/flavors | gaussdb:proxy:list | √ | √ |
| Adding proxy nodes | POST /v3/{project_id}/instances/{instance_id}/proxy/enlarge | gaussdb:proxy:addNodes | √ | √ |
| Changing specifications of a proxy instance | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/flavor | gaussdb:proxy:modifySpec | √ | √ |
| Assigning read weights | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/weight | gaussdb:proxy:modifyWeight | √ | √ |
| Changing the routing policy of a proxy instance | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/route-mode | gaussdb:proxy:modifyRouteMode | √ | √ |
| Enabling or disabling transaction splitting for a proxy instance | POST /v3/{project_id}/instances/{instance_id}/proxy/transaction-split | gaussdb:proxy:modifyTransactionSplit | √ | √ |
| Changing session consistency of a proxy instance | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/session-consistence | gaussdb:proxy:modifyConsistency | √ | √ |
| Changing the connection pool type of a proxy instance | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/connection-pool-type | gaussdb:proxy:switchConnectionPoolType | √ | √ |
| Changing the port of a proxy instance | POST /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/port | gaussdb:proxy:modifyPort | √ | √ |
| Enabling or disabling ALT for a proxy instance | PUT /v3/{project_id}/instances/{instance_id}/proxy/{proxy_id}/alt | gaussdb:proxy:modifyAlt | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Enabling or disabling SQL Explorer | POST /v3/{project_id}/instance/{instance_id}/audit-log/switch | gaussdb:instance:modifyTraceSQLPolicy | √ | √ |
| Querying whether SQL Explorer is enabled | GET /v3/{project_id}/instance/{instance_id}/audit-log/switch-status | gaussdb:instance:list | √ | √ |
| Querying slow query logs | POST /v3.1/{project_id}/instances/{instance_id}/slow-logs | gaussdb:log:list | √ | √ |
| Querying error logs | POST /v3.1/{project_id}/instances/{instance_id}/error-logs | gaussdb:log:list | √ | √ |
| Configuring a DDL log download policy | PUT /v3/{project_id}/instances/{instance_id}/ddl-log | gaussdb:log:setPolicy | √ | √ |
| Obtaining links for downloading DDL logs | POST /v3/{project_id}/instances/{instance_id}/ddl-log/download | gaussdb:log:download | √ | √ |
| Querying DDL logs that can be downloaded | GET /v3/{project_id}/instances/{instance_id}/ddl-log | gaussdb:log:list | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Querying resource tags | GET /v3/{project_id}/instances/{instance_id}/tags | gaussdb:tag:list | √ | √ |
| Querying project tags | GET /v3/{project_id}/tags | gaussdb:tag:list | √ | √ |
| Adding or deleting tags in batches | POST /v3/{project_id}/instances/{instance_id}/tags/action | gaussdb:instance:dealTag | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Creating a database account | POST /v3/{project_id}/instances/{instance_id}/db-users | gaussdb:user:create | √ | √ |
| Querying database users | GET /v3/{project_id}/instances/{instance_id}/db-users | gaussdb:user:list | √ | √ |
| Deleting a database user | DELETE /v3/{project_id}/instances/{instance_id}/db-users | gaussdb:user:delete | √ | √ |
| Modifying the description of a database user | PUT /v3/{project_id}/instances/{instance_id}/db-users/comment | gaussdb:database:modify | √ | √ |
| Changing the password of a database user | PUT /v3/{project_id}/instances/{instance_id}/db-users/password | gaussdb:user:modify | √ | √ |
| Authorizing permissions to a database user | POST /v3/{project_id}/instances/{instance_id}/db-users/privilege | gaussdb:user:grantPrivilege | √ | √ |
| Deleting permissions of a database user | DELETE /v3/{project_id}/instances/{instance_id}/db-users/privilege | gaussdb:user:revokePrivilege | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Querying available database character sets | GET /v3/{project_id}/instances/{instance_id}/databases/charsets | gaussdb:database:list | √ | √ |
| Creating a database | POST /v3/{project_id}/instances/{instance_id}/databases | gaussdb:database:create | √ | √ |
| Querying databases | GET /v3/{project_id}/instances/{instance_id}/databases | gaussdb:database:list | √ | √ |
| Deleting a database | DELETE /v3/{project_id}/instances/{instance_id}/databases | gaussdb:database:delete | √ | √ |
| Modifying the description of a database | PUT /v3/{project_id}/instances/{instance_id}/databases/comment | gaussdb:user:modify | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Enabling or disabling SQL throttling | POST /v3/{project_id}/instances/{instance_id}/sql-filter/switch | gaussdb:param:modify | √ | √ |
| Querying whether SQL throttling is enabled | GET /v3/{project_id}/instances/{instance_id}/sql-filter/switch | gaussdb:param:list | √ | √ |
| Configuring SQL throttling rules | PUT /v3/{project_id}/instances/{instance_id}/sql-filter/rules | gaussdb:param:modify | √ | √ |
| Querying SQL throttling rules | GET /v3/{project_id}/instances/{instance_id}/sql-filter/rules | gaussdb:param:list | √ | √ |
| Deleting SQL throttling rules | DELETE /v3/{project_id}/instances/{instance_id}/sql-filter/rules | gaussdb:param:modify | √ | √ |
| Querying user session threads on a node | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/processes | gaussdb:instance:listProcesses | √ | √ |
| Terminating user session threads on a node | DELETE /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/processes | gaussdb:instance:deleteProcesses | √ | √ |
| Querying historical SQL throttling rules | GET /v3/{project_id}/instances/{instance_id}/sql-filter/history-rules | gaussdb:param:list | √ | √ |
| Enabling auto throttling | PUT /v3/{project_id}/instances/{instance_id}/auto-sql-limiting | gaussdb:param:modify | √ | √ |
| Disabling auto throttling | DELETE /v3/{project_id}/instances/{instance_id}/auto-sql-limiting | gaussdb:param:modify | √ | √ |
| Querying auto throttling rules | POST /v3/{project_id}/instances/{instance_id}/auto-sql-limiting | gaussdb:param:list | √ | √ |
| Querying auto throttling records | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/auto-sql-limiting/log | gaussdb:param:list | √ | √ |
| Querying lock wait sessions | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/process/lock-wait | gaussdb:instance:listProcesses | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Obtaining information about a task with a specified ID | GET /v3/{project_id}/jobs | gaussdb:instance:list | √ | √ |
| Obtaining instant tasks | GET /v3/{project_id}/immediate-jobs | gaussdb:instance:list | √ | √ |
| Obtaining scheduled tasks | GET /v3/{project_id}/scheduled-jobs | gaussdb:instance:list | √ | √ |
| Canceling a scheduled task | DELETE /v3/{project_id}/scheduled-jobs | gaussdb:instance:delete | √ | √ |
| Deleting a task record | DELETE /v3/{project_id}/jobs/{job_id} | gaussdb:instance:delete | √ | √ |
| Permission | API | Action | IAM Project | Enterprise Project |
|---|---|---|---|---|
| Querying abnormal instances by each metric | GET /v3/{project_id}/instances/diagnosis-instance-count | gaussdb:instance:list | √ | √ |
| Querying abnormal instance information by a specific metric | GET /v3/{project_id}/instances/diagnosis-instance-infos | gaussdb:instance:list | √ | √ |
| Querying intelligently killed sessions | GET /v3/{project_id}/instances/{instance_id}/intelligent-kill-session/history | gaussdb:instance:showIntelligentKillSession | √ | √ |
| Intelligently killing sessions | POST /v3/{project_id}/instances/{instance_id}/intelligent-kill-session | gaussdb:instance:executeIntelligentKillSession | √ | √ |
| Showing intelligently killed sessions | GET /v3/{project_id}/instances/{instance_id}/intelligent-kill-session/statistic | gaussdb:instance:showIntelligentKillSession | √ | √ |
| Collecting all real-time session information | POST /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/realtime-session | gaussdb:instance:getRealtimeSession | √ | √ |
| Checking the status of a task for collecting all real-time session information | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/realtime-session-task | gaussdb:instance:getRealtimeSession | √ | √ |
| Downloading all real-time session information | GET /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/realtime-session-result | gaussdb:instance:getRealtimeSession | √ | √ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
