{"version":"2.0","statement":[{"effect":"effect","action":["action"],"resource":["resource"],"condition": {"key":{"value"}}}]}
Element | Description |
version | It is required. Currently, only the value "2.0" is allowed. |
statement | It describes the details of one or more permissions. It contains a permission or permission set of multiple other elements such as `effect`, `action`, `resource`, and `condition`. One policy has only one `statement`. |
effect | It is required and describes whether the statement result is an "allow" or an explicit "deny". |
action | It is required and describes the allowed or denied action (operation). An operation can be an API (prefixed with "name") or a feature set (a set of specific APIs prefixed with "permid"). |
resource | It is required and describes the details of authorization. A resource is described in a six-segment format. Detailed resource definitions vary by product. For more information on how to specify a resource, see the product documentation corresponding to the resource statement you are writing. |
condition | It is optional and describes the condition for the policy to take effect. A condition consists of an operator, action key, and action value. A condition value may contain information such as time and IP address. Some services allow you to specify additional values in a condition. |
xxxxxx
from viewing the details of the instance lhins-e31oxxxx
. {"version": "2.0","statement": [{"effect": "allow","action": ["lighthouse:DescribeInstances"],"resource": ["*"]},{"effect": "deny","action": ["lighthouse:DescribeInstances"],"resource": ["qcs::lighthouse::uin/xxxxxx:instance/lhins-e31oxxxx"]}]}
qcs:project_id:service_type:region:account:resource
lighthouse
.
region: Describes the region information, such as ap-guangzhou
.
account: Describes the root account of the resource owner, such as uin/xxxxxx
.
resource: Detailed resource information of each product, for example, instance/instance_id1 or instance/*.
Was this page helpful?