- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on the Official Launch of the VOD Scene Transcoding Feature
- Announcement about the addition of mobile player SDK premium features authorization verification
- Announcement about the addition of web player SDK license authorization verification
- Announcement on the Official Launch of the Video on Demand Real-Time Log Analysis Feature
- Notice about the adjustment of the VOD adding domain feature
- Announcement on official commercial billing of Video on Demand STANDARD_IA data retrieval and Application Management functions
- Announcement on the Official Launch of the Media Quality Inspection and Play Channel Features
- Announcement on the official launch of the Video-on-Demand QUIC Acceleration feature
- VOD Launched Remaster Feature
- Prepaid Packages Supported for Monthly Billed Accounts
- Cost Allocation by Tag Supported
- Content Moderation Upgraded
- VOD Player Signature Upgrade
- Live Clipping to Become Paid Feature
- Content Recognition to Become Paid Feature
- The “startPlay” API of the Player SDK Renamed
- TESHD Renamed as TSC
- Announcement on VOD Video Acceleration Price Change
- Launching Video on Demand (VOD) Features for Regions Outside the Chinese Mainland
- About Changing the Billing Rule of Transcoding Service for VOD/MPS
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Service Overview
- Application Management
- Media Management
- Package Management
- License Management
- Real-Time Log Analysis
- Practical Tutorial
- Media Upload
- Smart Cold Storage of VOD Media Asset Files
- Video Processing
- Distribution and Playback
- How to Receive Event Notification
- How to Migrate Files from Origin Server to VOD
- Live Recording
- How to Make VOD Videos Live Streaming-Like
- Using VOD and WordPress to Build a Website
- How to Pull from Custom Origin Servers
- Development Guide
- Player SDK
- Server APIs
- History
- Introduction
- API Category
- Other APIs
- Media processing related API
- No longer recommended APIs
- Task Management APIs
- Media Upload APIs
- Media Management APIs
- Event Notification Relevant API
- Media Categorization APIs
- Distribution APIs
- AI-based Sample Management APIs
- Region Management APIs
- Statistics APIs
- Just In Time Transcode APIs
- Making API Requests
- AI-based image processing APIs
- Parameter Template APIs
- CreateWatermarkTemplate
- CreateSnapshotByTimeOffsetTemplate
- CreateSampleSnapshotTemplate
- CreateImageSpriteTemplate
- CreateAnimatedGraphicsTemplate
- CreateAdaptiveDynamicStreamingTemplate
- CreateAIAnalysisTemplate
- ModifyWatermarkTemplate
- ModifySnapshotByTimeOffsetTemplate
- ModifySampleSnapshotTemplate
- ModifyImageSpriteTemplate
- ModifyAnimatedGraphicsTemplate
- ModifyAdaptiveDynamicStreamingTemplate
- ModifyAIAnalysisTemplate
- DescribeTranscodeTemplates
- DescribeWatermarkTemplates
- ModifyAIRecognitionTemplate
- DescribeSnapshotByTimeOffsetTemplates
- DescribeSampleSnapshotTemplates
- DescribeImageSpriteTemplates
- DescribeAnimatedGraphicsTemplates
- DescribeAdaptiveDynamicStreamingTemplates
- DescribeAIAnalysisTemplates
- DeleteTranscodeTemplate
- DescribeAIRecognitionTemplates
- DeleteWatermarkTemplate
- DeleteSnapshotByTimeOffsetTemplate
- DeleteSampleSnapshotTemplate
- DeleteImageSpriteTemplate
- DeleteAnimatedGraphicsTemplate
- DeleteAdaptiveDynamicStreamingTemplate
- DeleteReviewTemplate
- DeleteAIRecognitionTemplate
- DeleteAIAnalysisTemplate
- DeleteHeadTailTemplate
- DeleteImageProcessingTemplate
- DescribeReviewTemplates
- CreateReviewTemplate
- CreateTranscodeTemplate
- ModifyReviewTemplate
- ModifyTranscodeTemplate
- CreateHeadTailTemplate
- CreateImageProcessingTemplate
- CreateAIRecognitionTemplate
- DescribeHeadTailTemplates
- DescribeImageProcessingTemplates
- ModifyHeadTailTemplate
- CreateQualityInspectTemplate
- DeleteQualityInspectTemplate
- DescribeQualityInspectTemplates
- ModifyQualityInspectTemplate
- CreateEnhanceMediaTemplate
- DeleteEnhanceMediaTemplate
- ModifyEnhanceMediaTemplate
- DescribeEnhanceMediaTemplates
- Task Flow APIs
- Domain Name Management APIs
- Playlist APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- VOD Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on the Official Launch of the VOD Scene Transcoding Feature
- Announcement about the addition of mobile player SDK premium features authorization verification
- Announcement about the addition of web player SDK license authorization verification
- Announcement on the Official Launch of the Video on Demand Real-Time Log Analysis Feature
- Notice about the adjustment of the VOD adding domain feature
- Announcement on official commercial billing of Video on Demand STANDARD_IA data retrieval and Application Management functions
- Announcement on the Official Launch of the Media Quality Inspection and Play Channel Features
- Announcement on the official launch of the Video-on-Demand QUIC Acceleration feature
- VOD Launched Remaster Feature
- Prepaid Packages Supported for Monthly Billed Accounts
- Cost Allocation by Tag Supported
- Content Moderation Upgraded
- VOD Player Signature Upgrade
- Live Clipping to Become Paid Feature
- Content Recognition to Become Paid Feature
- The “startPlay” API of the Player SDK Renamed
- TESHD Renamed as TSC
- Announcement on VOD Video Acceleration Price Change
- Launching Video on Demand (VOD) Features for Regions Outside the Chinese Mainland
- About Changing the Billing Rule of Transcoding Service for VOD/MPS
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Service Overview
- Application Management
- Media Management
- Package Management
- License Management
- Real-Time Log Analysis
- Practical Tutorial
- Media Upload
- Smart Cold Storage of VOD Media Asset Files
- Video Processing
- Distribution and Playback
- How to Receive Event Notification
- How to Migrate Files from Origin Server to VOD
- Live Recording
- How to Make VOD Videos Live Streaming-Like
- Using VOD and WordPress to Build a Website
- How to Pull from Custom Origin Servers
- Development Guide
- Player SDK
- Server APIs
- History
- Introduction
- API Category
- Other APIs
- Media processing related API
- No longer recommended APIs
- Task Management APIs
- Media Upload APIs
- Media Management APIs
- Event Notification Relevant API
- Media Categorization APIs
- Distribution APIs
- AI-based Sample Management APIs
- Region Management APIs
- Statistics APIs
- Just In Time Transcode APIs
- Making API Requests
- AI-based image processing APIs
- Parameter Template APIs
- CreateWatermarkTemplate
- CreateSnapshotByTimeOffsetTemplate
- CreateSampleSnapshotTemplate
- CreateImageSpriteTemplate
- CreateAnimatedGraphicsTemplate
- CreateAdaptiveDynamicStreamingTemplate
- CreateAIAnalysisTemplate
- ModifyWatermarkTemplate
- ModifySnapshotByTimeOffsetTemplate
- ModifySampleSnapshotTemplate
- ModifyImageSpriteTemplate
- ModifyAnimatedGraphicsTemplate
- ModifyAdaptiveDynamicStreamingTemplate
- ModifyAIAnalysisTemplate
- DescribeTranscodeTemplates
- DescribeWatermarkTemplates
- ModifyAIRecognitionTemplate
- DescribeSnapshotByTimeOffsetTemplates
- DescribeSampleSnapshotTemplates
- DescribeImageSpriteTemplates
- DescribeAnimatedGraphicsTemplates
- DescribeAdaptiveDynamicStreamingTemplates
- DescribeAIAnalysisTemplates
- DeleteTranscodeTemplate
- DescribeAIRecognitionTemplates
- DeleteWatermarkTemplate
- DeleteSnapshotByTimeOffsetTemplate
- DeleteSampleSnapshotTemplate
- DeleteImageSpriteTemplate
- DeleteAnimatedGraphicsTemplate
- DeleteAdaptiveDynamicStreamingTemplate
- DeleteReviewTemplate
- DeleteAIRecognitionTemplate
- DeleteAIAnalysisTemplate
- DeleteHeadTailTemplate
- DeleteImageProcessingTemplate
- DescribeReviewTemplates
- CreateReviewTemplate
- CreateTranscodeTemplate
- ModifyReviewTemplate
- ModifyTranscodeTemplate
- CreateHeadTailTemplate
- CreateImageProcessingTemplate
- CreateAIRecognitionTemplate
- DescribeHeadTailTemplates
- DescribeImageProcessingTemplates
- ModifyHeadTailTemplate
- CreateQualityInspectTemplate
- DeleteQualityInspectTemplate
- DescribeQualityInspectTemplates
- ModifyQualityInspectTemplate
- CreateEnhanceMediaTemplate
- DeleteEnhanceMediaTemplate
- ModifyEnhanceMediaTemplate
- DescribeEnhanceMediaTemplates
- Task Flow APIs
- Domain Name Management APIs
- Playlist APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- VOD Policy
- Contact Us
- Glossary
Note:This document describes access management for VOD. For information about the access management of other Tencent Cloud products, see CAM-Enabled Products.
VOD has been connected to Tencent Cloud Cloud Access Management (CAM). You can grant specified VOD permissions to sub-accounts as needed. The VOD access control feature can be used directly once the VOD service is activated.
This document assumes that you already have some knowledge of Tencent Cloud CAM and VOD's subapplication system. The main concepts involved in this document include:
- CAM: user type, API key, policy, and policy syntax
- VOD: subapplication
Use Cases
The typical use cases of VOD access control are as follows:
- Permission isolation at Tencent Cloud product level
Among the various departments using Tencent Cloud in an organization, department A takes charge of the VOD service. Staff of department A need permission to access VOD but not other Tencent Cloud products. To this end, you can create a sub-user and only grant it VOD-related permissions, and then provide it to department A. - Permission isolation at VOD subapplication level
When multiple businesses in an organization are using VOD, isolation is generally needed. Isolation involves resource isolation and permission isolation, of which the former is enabled by VOD's subapplication system and the latter implemented by VOD access control. In this case, sub-users can be created for each business and granted permission to the corresponding subapplications, so that each business can only access the specified subapplication. - Permission isolation at VOD operation level
Product operations staff of a business using VOD in an organization need to access the VOD Console to get statistics (e.g., geographical distribution of traffic and number of playbacks), but they should be forbidden to perform sensitive operations (e.g., deleting files or disabling domain names) so as to protect the business against any faulty operations. To meet such needs, you can create a custom policy that has permissions to log in to the VOD Console and call statistics APIs, create a sub-user and bind it to that policy, and then deliver the sub-user information to the product operations staff.
Resource Granularity and Operation Granularity
The core feature of CAM is to allow or forbid an account to perform some operations or manipulate some resources. For VOD, the resource granularity is subapplication, and the operation granularity is server API.
Limits
- VOD access control supports authorization at subapplication level but not at finer-grained resource level (e.g., media files and domain names).
APIs Supporting Authorization at Resource Level
VOD access control supports authorization at resource level. All its APIs, except those with special limits, support authorization at resource level. Please see below for details.
List of APIs not supporting authorization at resource level
| API Name | Feature | Description |
|---|---|---|
| DescribeSubAppIds | Queries the list of subapplications | All subusers have permission to call this API with no authorization required, and subapplications do not need to be specified. |
| ModifySubAppIdStatus | Modifies the status of a subapplication | This API can disable specified subapplications, which is highly risky. Therefore, it is available to only subusers with full VOD permissions (i.e., QcloudVODFullAccess as described in Preset Policies). Subusers that are granted write permissions to certain subapplications but not QcloudVODFullAccess cannot call this API. |
List of APIs supporting authorization at resource level
Except those in the above list, all APIs outlined in API Overview support authorization at resource level. In policy syntax, resource descriptions for these APIs are all in the format of qcs::vod::uin/$uin:subAppId/$subAppId.
Yes
No
Was this page helpful?