- Release Notes and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Operation Overview
- Access Management
- SDK Connection
- Daily Instance Operation
- Viewing Instance Information
- Viewing Memcached Edition Instances
- Assigning Instance to Project
- Editing Instance Tag
- Setting Maintenance Time
- Changing Instance Specification
- Adjusting the Number of Connections
- Enabling/Disabling Read/Write Separation
- Clearing Instances
- Returning and Isolating Instance
- Restoring Isolated Instance
- Eliminating Instance
- Upgrading Redis Edition Instances
- Managing Redis Edition Nodes
- Multi-AZ Deployment Management
- Backup and Restoration
- Data Migration for Redis Edition Instances
- Migration Scheme Overview
- Migration with DTS
- Migrating with Redis-Port
- Version Upgrade with DTS
- Check on Migration from Standard Architecture to Cluster Architecture
- Migration Guide for Legacy Cluster Edition
- Pika-to-Redis Data Migration Scheme
- SSDB-to-Redis Data Migration Scheme
- Common Error Messages
- FAQs
- Migration with redis-port
- Account and Password (Redis Edition)
- Parameter Configuration
- Slow Query
- Network and Security
- Monitoring and Alarms
- Redis Edition Event Management
- Global Replication for Redis Edition
- Performance Optimization
- Sentinel Mode
- Development Guidelines
- Command Compatibility
- Troubleshooting
- Practical Tutorial
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- AddReplicationInstance
- AllocateWanAddress
- ChangeInstanceRole
- ChangeMasterInstance
- CleanUpInstance
- ClearInstance
- CloseSSL
- CreateInstanceAccount
- CreateReplicationGroup
- DeleteInstanceAccount
- DeleteReplicationInstance
- DescribeAutoBackupConfig
- DescribeBandwidthRange
- DescribeInstanceAccount
- DescribeInstanceDTSInfo
- DescribeInstanceZoneInfo
- DescribeInstances
- DescribeProxySlowLog
- DescribeSlowLog
- DescribeTendisSlowLog
- DestroyPostpaidInstance
- DestroyPrepaidInstance
- DisableReplicaReadonly
- EnableReplicaReadonly
- InquiryPriceCreateInstance
- InquiryPriceUpgradeInstance
- KillMasterGroup
- ModifyAutoBackupConfig
- ModifyInstance
- ModifyInstanceAccount
- ModifyInstanceReadOnly
- ModifyMaintenanceWindow
- ModifyNetworkConfig
- OpenSSL
- ReleaseWanAddress
- RenewInstance
- ResetPassword
- StartupInstance
- SwitchProxy
- UpgradeInstanceVersion
- UpgradeProxyVersion
- UpgradeSmallVersion
- UpgradeVersionToMultiAvailabilityZones
- DescribeCommonDBInstances
- ChangeReplicaToMaster
- CloneInstances
- CreateInstances
- DescribeInstanceDealDetail
- DescribeInstanceNodeInfo
- DescribeInstanceShards
- DescribeMaintenanceWindow
- DescribeParamTemplateInfo
- DescribeReplicationGroup
- DescribeSSLStatus
- DescribeTaskInfo
- DescribeTaskList
- ModfiyInstancePassword
- RemoveReplicationInstance
- UpgradeInstance
- DescribeInstanceEvents
- ModifyInstanceAvailabilityZones
- ModifyInstanceEvent
- SwitchAccessNewInstance
- DescribeInstanceSupportFeature
- Parameter Management APIs
- Other APIs
- Region APIs
- Monitoring and Management APIs
- Backup and Restoration APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Contact Us
- Release Notes and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Operation Overview
- Access Management
- SDK Connection
- Daily Instance Operation
- Viewing Instance Information
- Viewing Memcached Edition Instances
- Assigning Instance to Project
- Editing Instance Tag
- Setting Maintenance Time
- Changing Instance Specification
- Adjusting the Number of Connections
- Enabling/Disabling Read/Write Separation
- Clearing Instances
- Returning and Isolating Instance
- Restoring Isolated Instance
- Eliminating Instance
- Upgrading Redis Edition Instances
- Managing Redis Edition Nodes
- Multi-AZ Deployment Management
- Backup and Restoration
- Data Migration for Redis Edition Instances
- Migration Scheme Overview
- Migration with DTS
- Migrating with Redis-Port
- Version Upgrade with DTS
- Check on Migration from Standard Architecture to Cluster Architecture
- Migration Guide for Legacy Cluster Edition
- Pika-to-Redis Data Migration Scheme
- SSDB-to-Redis Data Migration Scheme
- Common Error Messages
- FAQs
- Migration with redis-port
- Account and Password (Redis Edition)
- Parameter Configuration
- Slow Query
- Network and Security
- Monitoring and Alarms
- Redis Edition Event Management
- Global Replication for Redis Edition
- Performance Optimization
- Sentinel Mode
- Development Guidelines
- Command Compatibility
- Troubleshooting
- Practical Tutorial
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- AddReplicationInstance
- AllocateWanAddress
- ChangeInstanceRole
- ChangeMasterInstance
- CleanUpInstance
- ClearInstance
- CloseSSL
- CreateInstanceAccount
- CreateReplicationGroup
- DeleteInstanceAccount
- DeleteReplicationInstance
- DescribeAutoBackupConfig
- DescribeBandwidthRange
- DescribeInstanceAccount
- DescribeInstanceDTSInfo
- DescribeInstanceZoneInfo
- DescribeInstances
- DescribeProxySlowLog
- DescribeSlowLog
- DescribeTendisSlowLog
- DestroyPostpaidInstance
- DestroyPrepaidInstance
- DisableReplicaReadonly
- EnableReplicaReadonly
- InquiryPriceCreateInstance
- InquiryPriceUpgradeInstance
- KillMasterGroup
- ModifyAutoBackupConfig
- ModifyInstance
- ModifyInstanceAccount
- ModifyInstanceReadOnly
- ModifyMaintenanceWindow
- ModifyNetworkConfig
- OpenSSL
- ReleaseWanAddress
- RenewInstance
- ResetPassword
- StartupInstance
- SwitchProxy
- UpgradeInstanceVersion
- UpgradeProxyVersion
- UpgradeSmallVersion
- UpgradeVersionToMultiAvailabilityZones
- DescribeCommonDBInstances
- ChangeReplicaToMaster
- CloneInstances
- CreateInstances
- DescribeInstanceDealDetail
- DescribeInstanceNodeInfo
- DescribeInstanceShards
- DescribeMaintenanceWindow
- DescribeParamTemplateInfo
- DescribeReplicationGroup
- DescribeSSLStatus
- DescribeTaskInfo
- DescribeTaskList
- ModfiyInstancePassword
- RemoveReplicationInstance
- UpgradeInstance
- DescribeInstanceEvents
- ModifyInstanceAvailabilityZones
- ModifyInstanceEvent
- SwitchAccessNewInstance
- DescribeInstanceSupportFeature
- Parameter Management APIs
- Other APIs
- Region APIs
- Monitoring and Management APIs
- Backup and Restoration APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Contact Us
CAM Policy Syntax
{"version":"2.0","statement":[{"effect":"effect","action":["action"],"resource":["resource"],"condition": {"key":{"value"}}}]}
version: it is required. Currently, only "2.0" is allowed.
statement: describes the details of one or more privileges. This element contains a privilege or privilege set of other elements such as effect, action, resource, and condition. One policy has only one statement.
effect: describes whether the result produced by the statement is "allowed" (allow) or "denied" (deny). This element is required.
action: describes the allowed or denied operation. An operation can be an API or a feature set (a set of specific APIs prefixed with "permid"). This element is required.
resource: describes the details of authorization. A resource is described in a six-piece format. Detailed resource definitions vary by product. This element is required.
condition: describes the condition for the policy to take effect. A condition consists of operator, action key, and action value. A condition value may contain information such as time and IP address. Some services allow you to specify additional values in a condition. This element is optional.
Redis Operations
In a CAM policy statement, you can specify any API operation from any service that supports CAM. APIs prefixed with "redis:" should be used for Redis, such as redis:CreateRedis or redis:DeleteInstance.
To specify multiple actions in a single statement, separate them with commas, as shown below:
"action":["redis:action1","redis:action2"]
You can also specify multiple actions using a wildcard. For example, you can specify all actions whose name begins with "Describe", as shown below:
"action":["redis:Describe*"]
If you want to specify all operations in Redis, use a wildcard "*" as shown below:
"action":["redis:*"]
Redis Resource Path
Each CAM policy statement has its own resources.
The general form of resource path is as follows:
qcs:project_id:service_type:region:account:resource
project_id: describes the project information, which is only used to enable compatibility with legacy CAM logic and can be left empty.
service_type: describes the product abbreviation such as Redis.
-region: region information, for example, bj.
account: the root account of the resource owner, such as uin/653339763.
resource: describes detailed resource information of each product, such as instanceId/instance_id1 or instanceId/*.
For example, you can specify a resource for a specific instance (crs-psllioc8) in a statement as shown below:
"resource":[ "qcs::redis:bj:uin/12345678:instance/crs-psllioc8"]
You can also use the wildcard "*" to specify all instances that belong to a specific account as shown below:
"resource":[ "qcs::redis:bj:uin/12345678:instance/*"]
If you want to specify all resources or if a specific API operation does not support resource-level permission control, you can use the wildcard "*" in the "resource" element as shown below:
"resource": ["*"]
To specify multiple resources in a single command, separate them with commas. Below is an example where two resources are specified:
"resource":["resource1","resource2"]
The table below describes the resources that can be used by Redis and the corresponding resource description methods, where words prefixed with $ are placeholders, "region" refers to a region, and "account" refers to an account ID.
Resource | Resource Description Method in Authorization Policy |
Instance | qcs::redis:$region:$account:instance/$instanceId |
VPC | qcs::vpc:$region:$account:vpc/$vpcId |
Security group | qcs::cvm:$region:$account:sg/$sgId |
Yes
No
Was this page helpful?