section>

Application Services

Database Services

Big Data and Data Analysis

Container Services

Applications and Databases

Identity and Access Management

Identity and Access Management Service

Key Management Service

Compliance

Core Services Certifications

Monitoring and Logging

Resource Management

Other

Development and Automation

Architecture Center

Blueprints

Other

RDS Actions¶

**Table 1** Common information query¶
Permissions	API	Action	IAM Project	Enterprise Project
Querying the DB engine version	GET /v3/{project_id}/datastores/{database_name}	No authorization required	Y	Y
Querying database specifications	GET /v3/{project_id}/flavors/{database_name}?version_name={version_name}	No authorization required	Y	Y
Querying database storage information	GET /v3/{project_id}/storage-type/{database_name}?version_name={version_name}	No authorization required	Y	Y

**Table 2** DB instance management¶
Permissions	API	Action	IAM Project	Enterprise Project
Creating a DB instance	POST /v3/{project_id}/instances	rds:instance:create (To create an encrypted instance, configure the KMS Administrator permission for the project.)	Y	Y
Changing a DB instance name	PUT https://{Endpoint}/v3/{project_id}/instances/{instance_id}/name	rds:instance:modify	Y	Y
Changing DB instance specifications	POST /v3/{project_id}/instances/{instance_id}/action	rds:instance:modifySpec	Y	Y
Scaling up storage space	POST /v3/{project_id}/instances/{instance_id}/action	rds:instance:extendSpace	Y	Y
Changing a DB instance type from single to primary/standby	POST /v3/{project_id}/instances/{instance_id}/action	rds:instance:singleToHa (The KMS Administrator permission needs to be configured for the encrypted DB instance in the project.)	Y	Y
Rebooting a DB instance	POST /v3/{project_id}/instances/{instance_id}/action	rds:instance:restart	Y	Y
Deleting a DB instance	DELETE /v3/{project_id}/instances/{instance_id}	rds:instance:delete	Y	Y
Querying details about DB instances	GET /v3/{project_id}/instances	rds:instance:list	Y	Y
Querying information about DB instances for which cross-region backups are created	GET /v3/{project_id}/backups/offsite-backup-instance	rds:instance:list	Y	Y
Binding and Unbinding an EIP	PUT /v3/{project_id}/instances/{instance_id}/public-ip	rds:instance:modifyPublicAccess	Y	Y
Changing a DB instance password	PUT /v3/{project_id}/instances/{instance_id}/password	rds:password:update	Y	Y
Performing a manual switchover	PUT /v3/{project_id}/instances/{instance_id}/failover	rds:instance:switchover	Y	Y
Changing a failover priority	PUT /v3/{project_id}/instances/{instance_id}/failover/strategy	rds:instance:modifyStrategy	Y	Y
Changing a synchronize model	PUT /v3/{project_id}/instances/{instance_id}/failover/mode	rds:instance:modifySynchronizeModel	Y	Y
Modifying a maintenance window	PUT /v3/{project_id}/instances/{instance_id}/ops-window	rds:instance:modify	Y	Y
Migrating a standby DB instance to another AZ	POST /v3/{project_id}/instances/{instance_id}/migrateslave	rds:instance:create	Y	Y

**Table 3** Database security¶
Permissions	API	Action	IAM Project	Enterprise Project
Configuring SSL	PUT /v3/{project_id}/instances/{instance_id}/ssl	rds:instance:modifySSL	Y	Y
Changing a database port	PUT /v3/{project_id}/instances/{instance_id}/port	rds:instance:modifyPort	Y	Y
Changing a floating IP address	PUT /v3/{project_id}/instances/{instance_id}/ip	rds:instance:modifyIp	Y	Y
Changing a security group	PUT /v3/{project_id}/instances/{instance_id}/security-group	rds:instance:modifySecurityGroup	Y	Y

**Table 4** Parameter configuration¶
Permissions	API	Action	IAM Project	Enterprise Project
Obtaining a parameter template list	GET /v3/{project_id}/configurations	rds:param:list	Y	Y
Creating a parameter template	POST /v3/{project_id}/configurations	rds:param:create	Y	Y
Modifying parameters in a parameter template	PUT /v3/{project_id}/configurations/{config_id}	rds:param:modify	Y	Y
Applying a parameter template	PUT /v3/{project_id}/configurations/{config_id}/apply	rds:param:apply	Y	Y
Modifying parameters of a specified DB instance	PUT /v3/{project_id}/instances/{instance_id}/configurations	rds:param:modify	Y	Y
Obtaining the parameter template of a specified DB instance	GET /v3/{project_id}/instances/{instance_id}/configurations	rds:param:list	Y	Y
Obtaining parameters of a specified parameter template	GET /v3/{project_id}/configurations/{config_id}	rds:param:list	Y	Y
Deleting a parameter template	DELETE /v3/{project_id}/configurations/{config_id}	rds:param:delete	Y	Y

**Table 5** Backup and restoration¶
Permissions	API	Actions	IAM Project	Enterprise Project
Setting an automated backup policy	PUT /v3/{project_id}/instances/{instance_id}/backups/policy	rds:instance:modifyBackupPolicy	Y	Y
Setting a cross-region backup policy	PUT /v3/{project_id}/instances/{instance_id}/backups/offsite-policy	rds:instance:modifyBackupPolicy	Y	Y
Querying an automated backup policy	GET /v3/{project_id}/instances/{instance_id}/backups/policy	rds:instance:list	Y	Y
Querying information about a cross-region backup policy	GET /v3/{project_id}/instances/{instance_id}/backups/offsite-policy	rds:instance:list	Y	Y
Creating a manual backup	POST /v3/{project_id}/backups	rds:backup:create	Y	Y
Obtaining a backup list	GET /v3/{project_id}/backups?instance_id={instance_id}	rds:backup:list	Y	Y
Querying information about a cross-region backup list	GET /v3/{project_id}/offsite-backups?instance_id={instance_id}	rds:backup:list	Y	Y
Obtaining the link for downloading a backup file	GET /v3/{project_id}/backup-files?backup_id={backup_id}	rds:backup:download	Y	Y
Deleting a manual backup	DELETE /v3/{project_id}/backups/{backup_id}	rds:backup:delete	Y	Y
Querying the restoration time range	GET /v3/{project_id}/instances/{instance_id}/restore-time	rds:instance:list	Y	Y
Querying the restoration time range of a cross-region backup	GET /v3/{project_id}/instances/{instance_id}/offsite-restore-time	rds:instance:list	Y	Y
Restoring data to a new DB instance	POST /v3/{project_id}/instances	rds:instance:create (The KMS Administrator permission needs to be configured for the encrypted DB instance in the project.)	Y	Y
Restoring data to an existing or original DB instance	POST /v3/{project_id}/instances/recovery	rds:instance:restoreInPlace	Y	Y

**Table 6** Log information query¶
Permissions	API	Actions	IAM Project	Enterprise Project
Querying a database error log	GET /v3/{project_id}/instances/{instance_id}/errorlog?start_date={start_date}&end_date={end_date}	rds:log:list	Y	Y
Querying a database slow log	GET /v3/{project_id}/instances/{instance_id}/slowlog?start_date={start_date}&end_date={end_date}	rds:log:list	Y	Y
Setting a policy for audit logs	PUT /v3/{project_id}/instances/{instance_id}/auditlog-policy	rds:auditlog:operate	Y	Y
Querying the policy for audit logs	GET /v3/{project_id}/instances/{instance_id}/auditlog-policy	rds:auditlog:list	Y	Y
Obtaining an audit log list	GET /v3/{project_id}/instances/{instance_id}/auditlog?start_time={start_time}&end_time={end_time}&offset={offset}&limit={limit}	rds:auditlog:list	Y	Y
Obtaining the link for downloading an audit log	POST /v3/{project_id}/instances/{instance_id}/auditlog-links	rds:auditlog:download	Y	Y
Obtaining links for downloading slow query logs	POST /v3/{project_id}/instances/{instance_id}/slowlog-download	rds:log:download	Y	Y

**Table 7** Database and account management (MySQL)¶
Permissions	API	Actions	IAM Project	Enterprise Project
Creating a database	POST /v3/{project_id}/instances/{instance_id}/database	rds:database:create	Y	Y
Querying details about databases	GET /v3/{project_id}/instances/{instance_id}/database/detail?page={page}&limit={limit}	rds:database:list	Y	Y
Querying authorized databases of a specified account	GET /v3/{project_id}/instances/{instance_id}/db_user/database?user-name={user-name}&page={page}&limit={limit}	rds:database:list	Y	Y
Dropping a database	DELETE /v3/{project_id}/instances/{instance_id}/database/{db_name}	rds:database:drop	Y	Y
Creating a database account	POST /v3/{project_id}/instances/{instance_id}/db_user	rds:databaseUser:create	Y	Y
Querying details about database accounts	GET /v3/{project_id}/instances/{instance_id}/db_user/detail?page={page}&limit={limit}	rds:databaseUser:list	Y	Y
Querying authorized accounts of a specified database	GET /v3/{project_id}/instances/{instance_id}/database/db_user?db-name={db-name}&page={page}&limit={limit}	rds:databaseUser:list	Y	Y
Deleting a database account	DELETE /v3/{project_id}/instances/{instance_id}/db_user/{user_name}	rds:databaseUser:drop	Y	Y
Authorizing a database account	POST /v3/{project_id}/instances/{instance_id}/db_privilege	rds:databasePrivilege:grant	Y	Y
Changing the password for a database account	POST /v3/{project_id}/instances/{instance_id}/db_user/resetpwd	rds:password:update	Y	Y
Revoking permissions of a database account	DELETE /v3/{project_id}/instances/{instance_id}/db_privilege	rds:databasePrivilege:revoke	Y	Y

**Table 8** Recycle bin¶
Permissions	API	Actions	IAM Project	Enterprise Project
Modifying recycling policy	PUT https://{Endpoint}/v3/{project_id}/instances/recycle-policy	rds:instance:setRecycleBin	Y	Y

last updated: 2024-09-08 01:02

© T-Systems International GmbH