edit-icon download-icon

Authorization rules of API

Last Updated: Dec 07, 2017

When a subaccount accesses resources through ApsaraDB for MongoDB API, the ApsaraDB for MongoDB background performs a permission verification on RAM to make sure that the caller has relevant permissions. Each ApsaraDB for MongoDB API determines the resource permissions that need to be checked based on the involved resources and the API semantics. The authorization rules for each API are shown in the following table.

ActionAuthorization rules
CreateDBInstanceacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceSpecacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DeleteDBInstanceacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
RenewDBInstanceacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateShardingDBInstanceacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DeleteNodeacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateNodeacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyNodeSpecacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstancesacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
RestartDBInstanceacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceMaintainTimeacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceDescriptionacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstanceAttributeacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeReplicaSetRoleacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeShardingNetworkAddressacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceNetworkTypeacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyDBInstanceNetExpireTimeacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstancePerformanceacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeAccountsacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ResetAccountPasswordacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeSecurityIpsacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifySecurityIpsacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeAuditRecordsacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeAuditFilesacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeBackupPolicyacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
ModifyBackupPolicyacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
CreateBackupacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
RestoreDBInstanceacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeBackupsacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
DescribeDBInstancePerformanceacs:dds:$regionid:$accountid:dbinstance/$dbinstanceid
Thank you! We've received your feedback.