MongoDB API的鉴权规则
当子用户通过MongoDB OpenAPI进行资源访问时,MongoDB后台向RAM进行权限检查,以确保调用者拥有响应权限。
每个不同的MongoDB API会根据涉及到的资源以及API的语义来确定需要检查哪些资源的权限。具体每个API的鉴权规则见下表。
| Action | 鉴权规则 |
|---|---|
| CreateDBInstance | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ModifyDBInstanceSpec | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DeleteDBInstance | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| RenewDBInstance | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| CreateShardingDBInstance | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DeleteNode | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| CreateNode | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ModifyNodeSpec | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeDBInstances | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| RestartDBInstance | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ModifyDBInstanceMaintainTime | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ModifyDBInstanceDescription | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeDBInstanceAttribute | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeReplicaSetRole | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeShardingNetworkAddress | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ModifyDBInstanceNetworkType | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ModifyDBInstanceNetExpireTime | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeDBInstancePerformance | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeAccounts | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ResetAccountPassword | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeSecurityIps | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ModifySecurityIps | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeAuditRecords | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeAuditFiles | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeBackupPolicy | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| ModifyBackupPolicy | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| CreateBackup | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| RestoreDBInstance | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeBackups | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
| DescribeDBInstancePerformance | acs:dds:$regionid:$accountid:dbinstance/$dbinstanceid |
版权声明
本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。
评论