tencent cloud

Feedback

Authorization Policy Syntax

Last updated: 2022-05-12 12:24:12

    Policy syntax

    {
    "version":"2.0",
    "statement":
    [
    {
    "effect":"effect",
    "action":["action"],
    "resource":["resource"],
    "condition": {"key":{"value"}}
    }
    ]
    }
    Element
    Description
    version
    It is required. Currently, only the value "2.0" is allowed.
    statement
    It describes the details of one or more permissions. It contains a permission or permission set of multiple other elements such as `effect`, `action`, `resource`, and `condition`. One policy has only one `statement`.
    effect
    It is required and describes whether the statement result is an "allow" or an explicit "deny".
    action
    It is required and describes the allowed or denied action (operation). An operation can be an API (prefixed with "name") or a feature set (a set of specific APIs prefixed with "permid").
    resource
    It is required and describes the details of authorization. A resource is described in a six-segment format. Detailed resource definitions vary by product. For more information on how to specify a resource, see the product documentation corresponding to the resource statement you are writing.
    condition
    It is optional and describes the condition for the policy to take effect. A condition consists of an operator, action key, and action value. A condition value may contain information such as time and IP address. Some services allow you to specify additional values in a condition.
    

    Sample CAM Policy for Lighthouse

    The following policy grants the permission to view the list of Lighthouse instances and prohibits the user xxxxxx from viewing the details of the instance lhins-e31oxxxx.
    {
    "version": "2.0",
    "statement": [
    {
    "effect": "allow",
    "action": [
    "lighthouse:DescribeInstances"
    ],
    "resource": [
    "*"
    ]
    },
    {
    "effect": "deny",
    "action": [
    "lighthouse:DescribeInstances"
    ],
    "resource": [
    "qcs::lighthouse::uin/xxxxxx:instance/lhins-e31oxxxx"
    ]
    }
    ]
    }

    Lighthouse Resource Path

    Each Lighthouse policy statement has its own applicable resources generally in the following format:
    qcs:project_id:service_type:region:account:resource
    project_id: Describes the project information, which is only used to enable compatibility with legacy CAM logic and can be left empty. service_type: Describes the product abbreviation such as lighthouse. region: Describes the region information, such as ap-guangzhou. account: Describes the root account of the resource owner, such as uin/xxxxxx. resource: Detailed resource information of each product, for example, instance/instance_id1 or instance/*.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support