CBR授权项分类
| 查询可保护资源 | GET /v3/{project_id}/protectables/{protectable_type}/instances | cbr:vaults:listProtectables | ecs:cloudServers:list, evs:volumes:list | √ | √ |
| 查询指定可保护资源 | GET /v3/{project_id}/protectables/{protectable_type}/instances/{instance_id} | cbr:vaults:getProtectables | ecs:cloudServers:list, evs:volumes:list | √ | √ |
| 查询agent状态 | POST /v3/{project_id}/agent/check | cbr:backups:checkAgent | ecs:cloudServers:list | √ | √ |
| 查询复制能力 | GET /v3/{project_id}/replication-capabilities | cbr:backups:queryReplicationCapability | | √ | √ |
存储库
| 设置存储库策略 | POST /v3/{project_id}/vaults/{vault_id}/associatepolicy | cbr:vaults:associatePolicy | | √ | √ |
| 查询指定存储库 | GET /v3/{project_id}/vaults/{vault_id} | cbr:vaults:get | | √ | √ |
| 修改存储库 | PUT /v3/{project_id}/vaults/{vault_id} | cbr:vaults:update | | √ | √ |
| 删除存储库 | DELETE /v3/{project_id}/vaults/{vault_id} | cbr:vaults:delete | | √ | √ |
| 移除资源 | POST /v3/{project_id}/vaults/{vault_id}/removeresources | cbr:vaults:removeResources | | √ | √ |
| 添加资源 | POST /v3/{project_id}/vaults/{vault_id}/addresources | cbr:vaults:addResources | ecs:cloudServers:list, evs:volumes:list | √ | √ |
| 查询存储库列表 | GET /v3/{project_id}/vaults | cbr:vaults:list | | √ | √ |
| 创建存储库 | POST /v3/{project_id}/vaults | cbr:vaults:create | ecs:cloudServers:list, evs:volumes:list | √ | x |
| 查询其他区域存储库列表 | GET /v3/{project_id}/external_vaults | cbr:vaults:listExternalVaults | cbr:vaults:listVaults | √ | √ |
| 解除存储库策略 | POST /v3/{project_id}/vaults/{vault_id}/dissociatepolicy | cbr:vaults:dissociatePolicy | | √ | √ |
| 迁移资源 | POST /v3/{project_id}/vaults/{vault_id}/migrateresources | cbr:vaults:migrateResources | cbr:vaults:addResources | √ | √ |
还原点
| 同步还原点 | POST /v3/{project_id}/checkpoints/sync | cbr:vaults:sync | | √ | √ |
| 复制备份还原点 | POST /v3/{project_id}/checkpoints/replicate | cbr:vaults:replicate | | √ | √ |
| 创建备份还原点 | POST /v3/{project_id}/checkpoints | cbr:vaults:backup | ecs:cloudServers:list, evs:volumes:list | √ | √ |
备份共享
| 权限 | 对应API接口 | 授权项 | IAM项目 (Project) | 企业项目 (Enterprise Project) |
| 创建备份成员 | POST /v3/{project_id}/backups/{backup_id}/members | cbr:member:create | √ | √ |
| 更新备份成员状态 | PUT /v3/{project_id}/backups/{backup_id}/members/{member_id} | cbr:member:update | √ | √ |
| 获取备份成员详情 | GET /v3/{project_id}/backups/{backup_id}/members/{member_id} | cbr:member:get | √ | √ |
| 获取备份成员列表 | GET /v3/{project_id}/backups/{backup_id}/members | cbr:member:list | √ | √ |
| 删除指定的备份成员 | DELETE /v3/{project_id}/backups/{backup_id}/members/{member_id} | cbr:member:delete |
相关问题与解答
答:在CBR云备份中,“可保护性”指的是系统能够识别和列出可以保护的资源,包括查询所有可保护资源、查询指定类型的可保护资源以及查询特定资源的保护状态,这些功能通过API接口实现,如查询所有可保护资源(cbr:vaults:listProtectables),查询指定可保护资源(cbr:vaults:getProtectables)以及检查代理状态(cbr:backups:checkAgent),这些操作确保了用户能够明确哪些资源可以被保护,从而进行有效的备份管理。
问题2:如何管理和控制存储库的访问权限?
答:管理和控制存储库的访问权限主要通过设置存储库策略、添加或移除资源、修改存储库信息以及解除存储库策略来实现,可以通过API接口POST /v3/{project_id}/vaults/{vault_id}/associatepolicy来设置存储库策略,通过POST /v3/{project_id}/vaults/{vault_id}/addresources来添加资源,通过PUT /v3/{project_id}/vaults/{vault_id}来修改存储库信息,通过POST /v3/{project_id}/vaults/{vault_id}/dissociatepolicy来解除存储库策略,这些操作确保了对存储库的精细管理和控制,从而保障数据的安全性和访问的合规性。
原创文章,作者:未希,如若转载,请注明出处:https://www.kdun.com/ask/1088138.html
微信扫一扫