全部产品
云数据库 RDS 版

授权访问鉴权规则

更新时间:2017-06-07 13:26:11   分享:   

当子用户通过RDS Open API进行资源访问时,RDS后台向RAM进行权限检查,以确保调用者拥有响应权限。 每个不同的RDS API会根据涉及到的资源以及API的语义来确定需要检查哪些资源的权限。具体地,每个API的鉴权规则见下表

Action 鉴权规则
CreateDBInstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DeleteDBInstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstances acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
SwitchDBInstanceNetType acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceDescription acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceMaintainTime acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
PurgeDBInstanceLog acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DeleteDatabase acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBDescription acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeFilesForSQLServer acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeImportsForSQLServer acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CancelImport acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ResetAccountPassword acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
RevokeAccountPrivilege acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DeleteAccount acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateBackup acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateTempDBInstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyBackupPolicy acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstancePerformance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSlowLogRecords acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeBinlogFiles acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSQLLogRecords acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceOnMissPK acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceOnMissIndex acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeParameters acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreatePrepaidDBInstanceForChannel acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyPrepaidDBInstanceSpec acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreatePostpaidDBInstanceForChannel acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyPostpaidDBInstanceSpec acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstanceAttribute acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
RestartDBInstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifySecurityIps acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
UpgradeDBInstanceEngineVersion acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateDatabase acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDatabases acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateUploadPathForSQLServer acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ImportDataForSQLServer acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ImportDataBaseBetweenInstances acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateAccount acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
GrantAccountPrivilege acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeAccounts acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyAccountDescription acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeBackups acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeBackupPolicy acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeResourceUsage acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSlowLogs acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeErrorLogs acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSQLLogReports acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceOnStorage acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceOnExcessIndex acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeOptimizeAdviceByDBA acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyeParameter acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid
本文导读目录
本文导读目录
以上内容是否对您有帮助?