當用戶通過 OpenAPI 進行跨賬戶的HybridDB for MySQL資源訪問時,HybridDB for MySQL后臺向RAM進行權限檢查,以確保資源擁有者已經將相關資源的相關權限授予調用者。每個不同的OpenAPI會根據涉及到的資源以及API的語義來確定需要檢查哪些資源的權限。具體每個API的鑒權規則參見API鑒權規則。
| Action | 鑒權規則 |
|---|---|
| CreateInstance | acs:petadata:$regionid: dbinstance /$* |
| DeleteInstance | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| ModifyInstanceName | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeInstanceInfo | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeInstances | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeTasks | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeSecurityIPs | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| ModifySecurityIPs | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| SwitchInstanceNetType | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeTaskStatus | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| AllocateInstancePublicConnection | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DeleteDatabase | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeDatabases | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeDatabasePartitions | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| CreateAccount | acs:petadata:$regionid: dbinstance /$* |
| DeleteAccount | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeAccounts | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| ModifyAccountPassword | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| ResetAccountPassword | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeUserInfo | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeTables | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeTableInfo | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeMonitorItems | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeInstancePerformance | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeInstanceResourceUsage | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeDatabaseResourceUsage | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeDatabasePerformance | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeDatabaseBackup | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| ModifyBackupPolicy | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| DescribeBackupPolicy | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |
| RestoreDatabase | acs:petadata:$regionid: $accountid:dbinstance/$dbinstanceid |