Ru, Li Yi
48f239743a
Reviewed-by: Boka, Ladislav <ladislav.boka@t-systems.com> Co-authored-by: Ru, Li Yi <liyiru7@huawei.com> Co-committed-by: Ru, Li Yi <liyiru7@huawei.com>
63 KiB
RDS Actions
Permissions |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
Querying the DB engine version |
GET /v3/{project_id}/datastores/{database_name} |
No authorization required |
√ |
√ |
Querying database specifications |
GET /v3/{project_id}/flavors/{database_name}?version_name={version_name} |
No authorization required |
√ |
√ |
Querying database storage information |
GET /v3/{project_id}/storage-type/{database_name}?version_name={version_name} |
No authorization required |
√ |
√ |
Permissions |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
Creating a DB instance |
POST /v3/{project_id}/instances |
rds:instance:create (To create an encrypted instance, configure the KMS Administrator permission for the project.) |
√ |
√ |
Changing a DB instance name |
PUT https://{Endpoint}/v3/{project_id}/instances/{instance_id}/name |
rds:instance:modify |
√ |
√ |
Changing DB instance specifications |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:modifySpec |
√ |
√ |
Scaling up storage space |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:extendSpace |
√ |
√ |
Changing a DB instance type from single to primary/standby |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:singleToHa (The KMS Administrator permission needs to be configured for the encrypted DB instance in the project.) |
√ |
√ |
Rebooting a DB instance |
POST /v3/{project_id}/instances/{instance_id}/action |
rds:instance:restart |
√ |
√ |
Deleting a DB instance |
DELETE /v3/{project_id}/instances/{instance_id} |
rds:instance:delete |
√ |
√ |
Querying details about DB instances |
GET /v3/{project_id}/instances |
rds:instance:list |
√ |
√ |
Querying information about DB instances for which cross-region backups are created |
GET /v3/{project_id}/backups/offsite-backup-instance |
rds:instance:list |
√ |
√ |
Binding and Unbinding an EIP |
PUT /v3/{project_id}/instances/{instance_id}/public-ip |
rds:instance:modifyPublicAccess |
√ |
√ |
Changing a DB instance password |
PUT /v3/{project_id}/instances/{instance_id}/password |
rds:password:update |
√ |
√ |
Performing a manual switchover |
PUT /v3/{project_id}/instances/{instance_id}/failover |
rds:instance:switchover |
√ |
√ |
Changing a failover priority |
PUT /v3/{project_id}/instances/{instance_id}/failover/strategy |
rds:instance:modifyStrategy |
√ |
√ |
Changing a synchronize model |
PUT /v3/{project_id}/instances/{instance_id}/failover/mode |
rds:instance:modifySynchronizeModel |
√ |
√ |
Modifying a maintenance window |
PUT /v3/{project_id}/instances/{instance_id}/ops-window |
rds:instance:modify |
√ |
√ |
Migrating a standby DB instance to another AZ |
POST /v3/{project_id}/instances/{instance_id}/migrateslave |
rds:instance:create |
√ |
√ |
Permissions |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
Configuring SSL |
PUT /v3/{project_id}/instances/{instance_id}/ssl |
rds:instance:modifySSL |
√ |
√ |
Changing a database port |
PUT /v3/{project_id}/instances/{instance_id}/port |
rds:instance:modifyPort |
√ |
√ |
Changing a floating IP address |
PUT /v3/{project_id}/instances/{instance_id}/ip |
rds:instance:modifyIp |
√ |
√ |
Changing a security group |
PUT /v3/{project_id}/instances/{instance_id}/security-group |
rds:instance:modifySecurityGroup |
√ |
√ |
Permissions |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
Obtaining a parameter template list |
GET /v3/{project_id}/configurations |
rds:param:list |
√ |
√ |
Creating a parameter template |
POST /v3/{project_id}/configurations |
rds:param:create |
√ |
√ |
Modifying parameters in a parameter template |
PUT /v3/{project_id}/configurations/{config_id} |
rds:param:modify |
√ |
√ |
Applying a parameter template |
PUT /v3/{project_id}/configurations/{config_id}/apply |
rds:param:apply |
√ |
√ |
Modifying parameters of a specified DB instance |
PUT /v3/{project_id}/instances/{instance_id}/configurations |
rds:param:modify |
√ |
√ |
Obtaining the parameter template of a specified DB instance |
GET /v3/{project_id}/instances/{instance_id}/configurations |
rds:param:list |
√ |
√ |
Obtaining parameters of a specified parameter template |
GET /v3/{project_id}/configurations/{config_id} |
rds:param:list |
√ |
√ |
Deleting a parameter template |
DELETE /v3/{project_id}/configurations/{config_id} |
rds:param:delete |
√ |
√ |
Permissions |
API |
Actions |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
Setting an automated backup policy |
PUT /v3/{project_id}/instances/{instance_id}/backups/policy |
rds:instance:modifyBackupPolicy |
√ |
√ |
Setting a cross-region backup policy |
PUT /v3/{project_id}/instances/{instance_id}/backups/offsite-policy |
rds:instance:modifyBackupPolicy |
√ |
√ |
Querying an automated backup policy |
GET /v3/{project_id}/instances/{instance_id}/backups/policy |
rds:instance:list |
√ |
√ |
Querying information about a cross-region backup policy |
GET /v3/{project_id}/instances/{instance_id}/backups/offsite-policy |
rds:instance:list |
√ |
√ |
Creating a manual backup |
POST /v3/{project_id}/backups |
rds:backup:create |
√ |
√ |
Obtaining a backup list |
GET /v3/{project_id}/backups?instance_id={instance_id} |
rds:backup:list |
√ |
√ |
Querying information about a cross-region backup list |
GET /v3/{project_id}/offsite-backups?instance_id={instance_id} |
rds:backup:list |
√ |
√ |
Obtaining the link for downloading a backup file |
GET /v3/{project_id}/backup-files?backup_id={backup_id} |
rds:backup:download |
√ |
√ |
Deleting a manual backup |
DELETE /v3/{project_id}/backups/{backup_id} |
rds:backup:delete |
√ |
√ |
Querying the restoration time range |
GET /v3/{project_id}/instances/{instance_id}/restore-time |
rds:instance:list |
√ |
√ |
Querying the restoration time range of a cross-region backup |
GET /v3/{project_id}/instances/{instance_id}/offsite-restore-time |
rds:instance:list |
√ |
√ |
Restoring data to a new DB instance |
POST /v3/{project_id}/instances |
rds:instance:create (The KMS Administrator permission needs to be configured for the encrypted DB instance in the project.) |
√ |
√ |
Restoring data to an existing or original DB instance |
POST /v3/{project_id}/instances/recovery |
rds:instance:restoreInPlace |
√ |
√ |
Permissions |
API |
Actions |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
Querying a database error log |
GET /v3/{project_id}/instances/{instance_id}/errorlog?start_date={start_date}&end_date={end_date} |
rds:log:list |
√ |
√ |
Querying a database slow log |
GET /v3/{project_id}/instances/{instance_id}/slowlog?start_date={start_date}&end_date={end_date} |
rds:log:list |
√ |
√ |
Setting a policy for audit logs |
PUT /v3/{project_id}/instances/{instance_id}/auditlog-policy |
rds:auditlog:operate |
√ |
√ |
Querying the policy for audit logs |
GET /v3/{project_id}/instances/{instance_id}/auditlog-policy |
rds:auditlog:list |
√ |
√ |
Obtaining an audit log list |
GET /v3/{project_id}/instances/{instance_id}/auditlog?start_time={start_time}&end_time={end_time}&offset={offset}&limit={limit} |
rds:auditlog:list |
√ |
√ |
Obtaining the link for downloading an audit log |
POST /v3/{project_id}/instances/{instance_id}/auditlog-links |
rds:auditlog:download |
√ |
√ |
Obtaining links for downloading slow query logs |
POST /v3/{project_id}/instances/{instance_id}/slowlog-download |
rds:log:download |
√ |
√ |
Permissions |
API |
Actions |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
Creating a database |
POST /v3/{project_id}/instances/{instance_id}/database |
rds:database:create |
√ |
√ |
Querying details about databases |
GET /v3/{project_id}/instances/{instance_id}/database/detail?page={page}&limit={limit} |
rds:database:list |
√ |
√ |
Querying authorized databases of a specified account |
GET /v3/{project_id}/instances/{instance_id}/db_user/database?user-name={user-name}&page={page}&limit={limit} |
rds:database:list |
√ |
√ |
Dropping a database |
DELETE /v3/{project_id}/instances/{instance_id}/database/{db_name} |
rds:database:drop |
√ |
√ |
Creating a database account |
POST /v3/{project_id}/instances/{instance_id}/db_user |
rds:databaseUser:create |
√ |
√ |
Querying details about database accounts |
GET /v3/{project_id}/instances/{instance_id}/db_user/detail?page={page}&limit={limit} |
rds:databaseUser:list |
√ |
√ |
Querying authorized accounts of a specified database |
GET /v3/{project_id}/instances/{instance_id}/database/db_user?db-name={db-name}&page={page}&limit={limit} |
rds:databaseUser:list |
√ |
√ |
Deleting a database account |
DELETE /v3/{project_id}/instances/{instance_id}/db_user/{user_name} |
rds:databaseUser:drop |
√ |
√ |
Authorizing a database account |
POST /v3/{project_id}/instances/{instance_id}/db_privilege |
rds:databasePrivilege:grant |
√ |
√ |
Changing the password for a database account |
POST /v3/{project_id}/instances/{instance_id}/db_user/resetpwd |
rds:password:update |
√ |
√ |
Revoking permissions of a database account |
DELETE /v3/{project_id}/instances/{instance_id}/db_privilege |
rds:databasePrivilege:revoke |
√ |
√ |
Permissions |
API |
Actions |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
Modifying recycling policy |
PUT https://{Endpoint}/v3/{project_id}/instances/recycle-policy |
rds:instance:setRecycleBin |
√ |
√ |