Policy Syntax

Overview
Access policies can be used to grant permissions related to PTS. Access policies use a JSON-based access policy language. Through this policy language, you can authorize specific principals to perform designated operations on specified PTS resources.
The access policy language describes the basic elements and usage of policies. For explanations regarding the policy language, see CAM Policy Management.
Policy Syntax
CAM Policy
{	 
        "version":"2.0", 
        "statement": 
        [ 
           { 
              "effect":"effect", 
              "action":["action"], 
              "resource":["resource"], 
               "condition": {"key":{"value"}} 
           } 
       ] 
} 
﻿
Element Usage
version: Required. Currently, only the value "2.0" is allowed.
statement: Describes the detailed information of one or more permissions. This element includes several other elements such as effect, action, resource, and condition, forming a set of permissions or a permission collection. A policy has only one statement element.
effect: This required element describes whether the statement results in "allow" or "explicitly deny". It includes two possible values: allow (allow) and deny (explicitly deny).
action: This required element describes the allowed or denied actions. Actions can be APIs (described with the prefix name) or feature sets (a group of specific APIs, described with the prefix permid).
resource: This required element describes the specific data being authorized. Resources are described using a six-segment format. The details of resource definitions vary by product. For information on how to specify resources, see the product documentation corresponding to the resource statement you write.
condition: This optional element describes the constraints under which the policy is effective. A condition consists of an operator, a key, and a value. Condition values can include information such as time or IP address. Some services allow you to specify additional values in the condition.
Specifying Effect
If access to a resource is not explicitly granted (allow), it is implicitly denied. Additionally, access to a resource can be explicitly denied (deny) to ensure that users cannot access the resource, even if other policies grant access. Below is an example specifying the effect of allowing:
"effect" : "allow"
Specifying Actions
PTS defines a set of console operations that can be specified in a policy. The specified operations are categorized into read-only APIs pts:Describe\* and all APIs pts:\*.
Examples of specifying allowed operations are as follows:
"action": [
  "name/pts:Describe*"
]
Specifying Resources
The resource element describes one or more operation objects, such as a performance testing service. All resources can be described using the following six-segment format.
qcs:project_id:service_type:region:account:resource
The parameters are described as follows:
Parameters
Description
Required
qcs
The abbreviation of qcloud service, indicating that it is the cloud service of Tencent Cloud.
Yes
project_id
The description of the project information. It is usually left blank as it is only for compatibility with the early logic of CAM.
No
service_type
Product abbreviation. It is PTS here.
Yes
account
Description of the root account information of the resource owner, namely the ID of the root account, represented as uin/${OwnerUin}, such as uin/100000000001.
Yes
resource
Description of details of a specific resource, with the prefix instance.
Yes
Below is an example of a four-segment description of the performance testing service:
"resource":["qcs::pts:uin/1250000000:ProjectId/project-bx123456"]
Examples
Based on the resource ID, assign read/write permissions for the specified resource. The root account ID is 1250000000.
Example: Assign the sub-account permissions to query the project (ID: project-bx123456).
{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "pts:DescribeProjects"
            ],
            "resource": [
                "qcs::pts:uin/1250000000:ProjectId/project-bx123456"
            ]
        }
    ]
}
List of APIs that Support Resource-Level Authorization
API Operations
API Description
API Operations
API Description
AbortJob
Stops a task.
CreateProject
Creates a project.
CreateScenario
Creates scenarios.
DeleteJobs
Delete Task
DeleteProjects
Delete Project
DeleteScenarios
Deletes scenarios.
DescribeAllLabels
Queries all metrics' labels.
DescribeCheckSummary
Queries checkpoint summary information.
DescribeJobs
Queries the task list.
DescribeLabelValues
Queries tag content.
DescribeProjects
Queries project lists.
DescribeRegions
Querying region list.
DescribeSampleBatchQuery
Queries metrics in batches, returning metric content at fixed time points.
DescribeSampleQuery
Queries metrics, returning metric content at fixed time points.
DescribeSampleStreamBatchQuery
Queries metric sequences in batches.
DescribeSampleStreamQuery
Queries metric sequences within a time range.
DescribeScenarioWithJobs
Queries scenario configurations and include the content of executed tasks.
DescribeScenarios
Queries scenario lists.
DescribeServiceSummary
Queries service summary information.
DescribeZones
Querying availablity zone list.
GenerateTmpKey
Generates temporary COS credentials.
StartJob
Creates and starts tasks.
UpdateJob
Updates tasks.
UpdateProject
Updates projects.
UpdateScenario
Updates scenarios.
List of APIs That Do not Support Resource-Level Authorization
For PTS API operations that do not support resource-level permissions, you can still grant users permissions to conduct these operations, but the resource element of the policy statement should be specified as *.
API Operations
API Description
CreateProject
Creates PTS service instances.
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Parameters	Description	Required
qcs	The abbreviation of qcloud service, indicating that it is the cloud service of Tencent Cloud.	Yes
project_id	The description of the project information. It is usually left blank as it is only for compatibility with the early logic of CAM.	No
service_type	Product abbreviation. It is PTS here.	Yes
account	Description of the root account information of the resource owner, namely the ID of the root account, represented as `uin/${OwnerUin}`, such as uin/100000000001.	Yes
resource	Description of details of a specific resource, with the prefix instance.	Yes

API Operations	API Description
API Operations	API Description
AbortJob	Stops a task.
CreateProject	Creates a project.
CreateScenario	Creates scenarios.
DeleteJobs	Delete Task
DeleteProjects	Delete Project
DeleteScenarios	Deletes scenarios.
DescribeAllLabels	Queries all metrics' labels.
DescribeCheckSummary	Queries checkpoint summary information.
DescribeJobs	Queries the task list.
DescribeLabelValues	Queries tag content.
DescribeProjects	Queries project lists.
DescribeRegions	Querying region list.
DescribeSampleBatchQuery	Queries metrics in batches, returning metric content at fixed time points.
DescribeSampleQuery	Queries metrics, returning metric content at fixed time points.
DescribeSampleStreamBatchQuery	Queries metric sequences in batches.
DescribeSampleStreamQuery	Queries metric sequences within a time range.
DescribeScenarioWithJobs	Queries scenario configurations and include the content of executed tasks.
DescribeScenarios	Queries scenario lists.
DescribeServiceSummary	Queries service summary information.
DescribeZones	Querying availablity zone list.
GenerateTmpKey	Generates temporary COS credentials.
StartJob	Creates and starts tasks.
UpdateJob	Updates tasks.
UpdateProject	Updates projects.
UpdateScenario	Updates scenarios.

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

Financial Services

Financial Services Solution

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Real Estate

Tencent Cloud LinkBase(Weiling)

E-commerce

E-commerce retail solutions

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha