{"version":"2.0","statement":[{"effect":"effect","action":["action"],"resource":["resource"],"condition": {"key":{"value"}}}]}
Parameter | Required | Description |
version | Yes | Version number. Currently, only "2.0" is supported. |
statement | Yes | This element describes the details of one or more permissions. It contains a permission or permission set of other elements such as effect , action , resource , and condition . One policy has only one statement. An action (operation) describes an allowed or denied operation, which can be an API or a feature set (a set of specific APIs prefixed with permid ). |
resource | Yes | The specific resource. A resource is described in a six-segment format. Detailed resource definitions vary with the products. For more information about how to specify a resource, please see the documentation of the corresponding product. |
condition | No | The condition for the policy to take effect. A condition consists of the operator, action key, and action value. A condition value may be the time, IP address, etc. Some services allow you to specify additional values in a condition. |
effect | Yes | Describes whether the statement result is "allowed" ( allow ) or "explicitly denied" (deny ). |
qcs::tpns::uin/1000000000:app/*
*
indicates all resources at the app granularity, which can be replaced with the Access ID
. You can find the app's Access ID
in the Product Management module in the Tencent Push Notification Service Console. For the uin
, get the account ID on the Account Info page in the console and replace the uin
with it (such as 1000000000
, which is a sample Tencent Cloud ID of a root account).name/tpns:
should be used for Tencent Push Notification Service, such as name/tpns:CreateProduct
.
To specify multiple operations in a single statement, separate them with commas as shown below:"action":["tpns:action1","tpns:action2"]
"action":["tpns:Describe*"]
"action":["tpns:*"]
Operation | Description | Resource-Level Permission Supported |
AddChannelInfo | Adds vendor-specific channel | Yes |
CancelPush | Cancels scheduled push task | Yes |
CreateApp | Creates app | No |
CreateAppTrialRequest | Applies for product trial | Yes |
CreateProduct | Creates product | No |
DeleteAppInfo | Deletes app | Yes |
DeleteProductInfo | Deletes product | No |
DescribeApnsCertInfo | Queries APNS certificate information | Yes |
DescribeAppAllTags | Queries all tag information | Yes |
DescribeAppInfo | Queries app information | Yes |
DescribeAppVipInfo | Queries VIP information | Yes |
DescribeChannelInfo | Queries vendor-specific channel information | Yes |
DescribeProductInfo | Queries product information | No |
DescribeTagTokenNums | Queries the number of devices under the tag | Yes |
DownloadPushPackage | Downloads push number package | Yes |
DescribeAccountByToken | Queries account bound to device | Yes |
DescribeAccountPushStatInfo | Queries the total number of push messages under account | No |
DescribeAccountPushStatInfoAllZone | Queries the total number of messages supposed to be sent by all apps in cluster | No |
DescribeAppSecretInfo | Queries AppSecret information | Yes |
DescribeDeviceStatOverview | Queries the number of accumulated and daily active devices of app | Yes |
DescribeProductDeviceStatWithRatioOverview | Queries app statistics | Yes |
DescribePushPackaDescribeoken | Uploads number package to get temporary COS token | Yes |
DescribePushTaskGroupStatAllChannel | Queries the aggregated data of pushes in all channels | Yes |
DescribePushTaskStatAllChannel | Queries the data of each push channel | Yes |
DescribeTagsByToken | Queries tags bound to device | Yes |
DescribeTokenInfos | Queries tokenInfo information | No |
DescribePushInfos | Queries push list | Yes |
ModifyAppInfo | Updates app information | Yes |
ModifyProductInfo | Updates product information | No |
CreatePush | Creates push | Yes |
UpdateAppStatus | Updates app status | Yes |
UploadCert | Uploads iOS certificate | Yes |
UploadPushPackage | Uploads push number package | Yes |
DescribePlanPushInfos | Queries the task list under the push plan | Yes |
DescribePushPlans | Queries the list information about the push plan | Yes |
UpdatePushPlan | Modifies a push plan | Yes |
DeletePushPlan | Deletes a push plan | Yes |
CreatePushPlan | Creates a push plan | Yes |
1000000000
, and the Access_id
values of the authorized applications are 1500000000
and 1500000001
, respectively.
The corresponding policy syntax should be as follows://{"version": "2.0","statement": [{"action": ["tpns:Describe*","tpns:CancelPush","tpns:DownloadPushPackage","tpns:CreatePush","tpns:UploadPushPackage"],"resource": ["qcs::tpns::uin/1000000000:app/1500000000","qcs::tpns::uin/1000000000:app/1500000001"],"effect": "allow"},{"action": ["tpns:Describe*"],"resource": ["qcs::tpns::uin/1000000000:other/*"],"effect": "allow"}]}
1000000000
, and the Access_id
values of the authorized applications are 1500000000
and 1500000001
, respectively.
The corresponding policy syntax should be as follows://{"version": "2.0","statement": [{"action": "*","resource": ["qcs::tpns::uin/1000000000:app/1500000000","qcs::tpns::uin/1000000000:app/1500000001"],"effect": "allow"},{"action": ["tpns:Describe*"],"resource": ["qcs::tpns::uin/1000000000:other/*"],"effect": "allow"}]}
Was this page helpful?