Actions Supported by Policy-based Authorization
This section describes the actions supported by GaussDB in policy-based authorization.
Supported Actions
GaussDB provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: Statements in a policy that allow or deny certain operations
- APIs: REST APIs that can be called by a user who has been granted specific permissions
- Actions: specific operations that are allowed or denied in a custom policy
- Dependent actions: actions which a specific action depends on. When allowing an action for a user, you also need to allow its dependent actions for that user.
- IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.
GaussDB supports the following actions in custom policies:
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Creating a DB instance |
POST /v3/{project_id}/instances |
gaussdb:instance:create gaussdb:param:list |
√ |
√ |
|
Deleting a DB instance |
DELETE /v3/{project_id}/instances/{instance_id} |
gaussdb:instance:delete |
√ |
√ |
|
Querying DB instances |
GET /v3/{project_id}/instances |
gaussdb:instance:list |
√ |
√ |
|
Resetting a database password |
POST /v3/{project_id}/instances/{instance_id}/password |
gaussdb:instance:modifyPasswd |
√ |
√ |
|
Changing a DB instance name |
PUT /v3/{project_id}/instances/{instance_id}/name |
gaussdb:instance:rename |
√ |
√ |
|
Rebooting a DB instance |
POST /v3/{project_id}/instances/{instance_id}/restart |
gaussdb:instance:restart |
√ |
√ |
|
Switching roles of the primary and standby DNs in shards |
POST /v3/{project_id}/instances/{instance_id}/switch-shard |
gaussdb:instance:switchShard |
√ |
√ |
|
Querying the components of a DB instance |
GET /v3/{project_id}/instances/{instance_id}/components |
gaussdb:instance:list |
√ |
√ |
|
Changing vCPUs and memory of a DB instance |
PUT /v3/{project_id}/instance/{instance_id}/flavor |
gaussdb:instance:modifySpec |
√ |
√ |
|
Checking whether host load is unbalanced due to a primary/standby switchover |
GET /v3/{project_id}/instances/{instance_id}/balance |
gaussdb:instance:list |
√ |
√ |
|
Querying solution template settings |
GET /v3/{project_id}/deployment-form |
gaussdb:instance:list |
√ |
√ |
|
Querying EIPs bound to DB instances |
GET /v3/{project_id}/instances/{instance_id}/public-ips?offset={offset}&limit={limit} |
gaussdb:instance:list |
√ |
√ |
|
Binding or unbinding an EIP |
POST /v3/{project_id}/instances/{instance_id}/nodes/{node_id}/public-ip |
gaussdb:instance:bindPublicIp |
√ |
√ |
|
Querying the SSL certificate download address of a DB instance |
GET /v3/{project_id}/instances/{instance_id}/ssl-cert/download-link |
gaussdb:instance:list |
√ |
√ |
|
Querying the instance quotas of a tenant |
GET /v3/{project_id}/project-quotas?type={type} |
gaussdb:instance:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Obtaining parameter templates |
GET /v3/{project_id}/configurations?offset={offset}&limit={limit} |
gaussdb:param:list |
√ |
√ |
|
Obtaining parameters of a specified DB instance |
GET /v3/{project_id}/instances/{instance_id}/configurations |
gaussdb:param:list |
√ |
√ |
|
Modifying parameters of a specified DB instance |
PUT /v3/{project_id}/instances/{instance_id}/configurations |
gaussdb:param:modify |
√ |
√ |
|
Creating a parameter template |
POST /v3/{project_id}/configurations |
gaussdb:param:create |
√ |
√ |
|
Deleting a parameter template |
DELETE /v3/{project_id}/configurations/{config_id} |
gaussdb:param:delete |
√ |
√ |
|
Querying details about a parameter template |
GET /v3/{project_id}/configurations/{config_id} |
gaussdb:instance:list |
√ |
√ |
|
Replicating a parameter template |
POST /v3/{project_id}/configurations/{config_id}/copy |
gaussdb:param:create |
√ |
√ |
|
Resetting a parameter template |
POST /v3/{project_id}/configurations/{config_id}/reset |
gaussdb:param:modify |
√ |
√ |
|
Obtaining the differences of two parameter templates |
POST /v3/{project_id}/configurations/comparison |
gaussdb:param:list |
√ |
√ |
|
Querying instances that a parameter template can be applied to |
GET /v3/{project_id}/configurations/{config_id}/applicable-instances |
gaussdb:instance:list |
√ |
√ |
|
Checking whether a parameter template name is unique |
GET /v3/{project_id}/configurations/name-validation?name={name} |
gaussdb:instance:list |
√ |
√ |
|
Applying a parameter template |
PUT /v3/{project_id}/configurations/{config_id}/apply |
gaussdb:param:apply |
√ |
√ |
|
Querying application records of a parameter template |
GET /v3/{project_id}/configurations/{config_id}/applied-histories |
gaussdb:instance:list |
√ |
√ |
|
Querying the change history of a parameter template |
GET /v3/{project_id}/configurations/{config_id}/histories |
gaussdb:param:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Configuring an automated backup policy |
PUT /v3/{project_id}/instances/{instance_id}/backups/policy |
gaussdb:instance:modifyBackupPolicy |
√ |
√ |
|
Querying an automated backup policy |
GET /v3/{project_id}/instances/{instance_id}/backups/policy |
gaussdb:backup:list |
√ |
√ |
|
Querying backups |
GET /v3/{project_id}/backups?instance_id={instance_id}&backup_id={backup_id}&backup_type={backup_type}&offset={offset}&limit={limit}&begin_time={begin_time}&end_time={end_time} |
gaussdb:backup:list |
√ |
√ |
|
Creating a manual backup |
POST /v3/{project_id}/backups |
gaussdb:backup:create |
√ |
√ |
|
Deleting a manual backup |
DELETE /v3/{project_id}/backups/{backup_id} |
gaussdb:backup:delete |
√ |
√ |
|
Querying the restoration time range |
GET /v3/{project_id}/instances/{instance_id}/restore-time?date={date} |
gaussdb:backup:list |
√ |
√ |
|
Restoring data to a new DB instance |
POST /v3/{project_id}/instances |
gaussdb:instance:create |
√ |
√ |
|
Querying instances that can be used for backups and restorations |
GET /v3/{project_id}/restorable-instances |
gaussdb:instance:list |
√ |
√ |
|
Querying the information of the original instance based on a specific point of time or a backup file |
GET /v3/{project_id}/instance-snapshot?instance_id={instance_id}&backup_id={backup_id}&restore_time={restore_time} |
gaussdb:instance:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying DB engine versions |
GET /v3/{project_id}/datastore/versions |
gaussdb:instance:list |
√ |
√ |
|
Querying instance specifications |
GET /v3/{project_id}/flavors?limit={limit}&offset={offset}&ha_mode={ha_mode}&version={version}&spec_code={spec_code} |
gaussdb:instance:list |
√ |
√ |
|
Querying DB engines |
GET /v3/{project_id}/datastores |
gaussdb:instance:list |
√ |
√ |
|
Querying specifications that a DB instance can be changed to |
GET /v3/{project_id}/instances/{instance_id}/available-flavors |
gaussdb:instance:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Creating a database |
POST /v3/{project_id}/instances/{instance_id}/database |
gaussdb:instance:createDatabase |
√ |
√ |
|
Creating a database account |
POST /v3/{project_id}/instances/{instance_id}/db-user |
gaussdb:instance:createDatabaseUser |
√ |
√ |
|
Creating a database schema |
POST /v3/{project_id}/instances/{instance_id}/schema |
gaussdb:instance:createDatabaseSchema |
√ |
√ |
|
Authorizing a database account |
POST /v3/{project_id}/instances/{instance_id}/db-privilege |
gaussdb:instance:grantDatabasePrivilege |
√ |
√ |
|
Resetting a password for a database account |
PUT /v3/{project_id}/instances/{instance_id}/db-user/password |
gaussdb:instance:modifyDatabasePasswd |
√ |
√ |
|
Querying databases |
GET /v3/{project_id}/instances/{instance_id}/databases |
gaussdb:instance:list |
√ |
√ |
|
Querying database users |
GET /v3/{project_id}/instances/{instance_id}/db-users |
gaussdb:instance:list |
√ |
√ |
|
Querying database schemas |
GET /v3/{project_id}/instances/{instance_id}/schemas |
gaussdb:instance:list |
√ |
√ |
|
Querying the database tables of a specified DB instance |
GET /v3/{project_id}/instances/{instance_id}/tables?db_name={db_name}&schema_name={schema_name} |
gaussdb:instance:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying tags of a specific instance |
GET /v3/{project_id}/instances/{instance_id}/tags |
gaussdb:instance:list |
√ |
√ |
|
Querying tags of a project |
GET /v3/{project_id}/tags |
gaussdb:instance:list |
√ |
√ |
|
Querying predefined tags |
GET /v3/{project_id}/predefined-tags |
gaussdb:instance:list |
√ |
√ |
|
Adding tags for a DB instance |
POST /v3/{project_id}/instances/{instance_id}/tags |
gaussdb:instance:dealTag |
√ |
√ |
|
Deleting instance tags in batches |
DELETE /v3/{project_id}/instances/{instance_id}/tags |
gaussdb:instance:dealTag gaussdb:tag:delete |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying the storage usage of a DB instance |
GET /v3/{project_id}/instances/{instance_id}/volume-usage |
gaussdb:instance:list |
√ |
√ |
|
Querying the database disk type |
GET /v3/{project_id}/storage-type?version={version}&ha_mode={ha_mode} |
gaussdb:instance:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Modifying enterprise project quotas |
PUT /v3/{project_id}/enterprise-projects/quotas |
gaussdb:quota:modify |
√ |
√ |
|
Querying enterprise project quotas |
GET /v3/{project_id}/enterprise-projects/quotas |
gaussdb:instance:list |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Obtaining task information |
GET /v3/{project_id}/jobs?id={id} |
gaussdb:instance:list |
√ |
√ |
|
Querying tasks |
GET /v3/{project_id}/tasks |
gaussdb:instance:list |
√ |
√ |
|
Deleting a task record |
DELETE /v3/{project_id}/jobs/{job_id} |
gaussdb:instance:deleteTaskRecord |
√ |
√ |
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Modifying the recycling policy |
PUT /v3/{project_id}/recycle-policy |
gaussdb:instance:setRecyclePolicy |
√ |
√ |
|
Querying the recycling policy |
GET /v3/{project_id}/recycle-policy |
gaussdb:instance:list |
√ |
√ |
|
Querying all DB engine instances in the recycle bin |
GET /v3/{project_id}/recycle-instances |
gaussdb:instance:list |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
