當用戶通過 OpenAPI 進行跨賬戶的HybridDB for MySQL資源訪問時,HybridDB for MySQL后臺向RAM進行權限檢查,以確保資源擁有者已經將相關資源的相關權限授予調用者。每個不同的OpenAPI會根據涉及到的資源以及API的語義來確定需要檢查哪些資源的權限。具體每個API的鑒權規則參見API鑒權規則。
Action | 鑒權規則 |
---|---|
CreateInstance | acs:petadata:$regionid: dbinstance /$* |
DeleteInstance | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
ModifyInstanceName | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeInstanceInfo | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeInstances | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeTasks | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeSecurityIPs | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
ModifySecurityIPs | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
SwitchInstanceNetType | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeTaskStatus | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
AllocateInstancePublicConnection | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DeleteDatabase | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeDatabases | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeDatabasePartitions | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
CreateAccount | acs:petadata:$regionid: dbinstance /$* |
DeleteAccount | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeAccounts | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
ModifyAccountPassword | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
ResetAccountPassword | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeUserInfo | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeTables | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeTableInfo | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeMonitorItems | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeInstancePerformance | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeInstanceResourceUsage | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeDatabaseResourceUsage | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeDatabasePerformance | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeDatabaseBackup | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
ModifyBackupPolicy | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
DescribeBackupPolicy | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
RestoreDatabase | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |