To facilitate standard API design and development and improve user experience, ApsaraDB for MongoDB adjusted the authentication scope of some APIs on March 5, 2024.
Effective time
March 5, 2024
Applicable scope
The following APIs are adjusted:
Content
Some APIs used to query data support operation-level authentication. This allows you to grant permissions based on a specified operation (action/API).
Global permissions are required for operation-level authentication. For more information about how to create policies, see Create custom policies. The following script shows a sample policy:
{
"Version": "1",
"Statement": [
{
"Action": "dds:DescribeRegions",
"Resource": "*",
"Effect": "Allow"
}
]
}Impacts
If you use a Resource Access Management (RAM) user or an STS token to perform an operation, such as viewing the instance details page, an error message indicating insufficient permissions may be returned.
If you use a RAM user or an STS token to log on to the product buy page, the page may not be properly displayed.
To resolve the preceding issues, you can grant permissions on related APIs to the RAM user. For more information about how to create a policy for the DescribeKernelReleaseNotes or DescribeParameterTemplates operation and attach the policy to a RAM user, see Create custom policies and Grant permissions to a RAM user.
If the issues persist after you grant permissions, submit a ticket.