- Release Notes and Announcements
- Announcements
- Price Adjustment of Global SMS in Certain Countries/Regions on September 1, 2024
- Price Adjustment of Global SMS in Certain Countries/Regions
- Optimization of Tencent Cloud SMS Template Types
- SMSes in Malaysia prohibited from containing URLs, phone numbers and requests for personal numbers
- Prohibition on Sending Non-compliant Messages
- Adjustment of Calculation Rule for Global SMS Message Length
- Price Adjustment of Global SMS
- Announcements
- Product Introduction
- Review Standards
- Global SMS
- Console Guide
- Practical Tutorial
- API Documentation
- SDK Documentation
- FAQ
- Service Agreement
- Contact Us
- Release Notes and Announcements
- Announcements
- Price Adjustment of Global SMS in Certain Countries/Regions on September 1, 2024
- Price Adjustment of Global SMS in Certain Countries/Regions
- Optimization of Tencent Cloud SMS Template Types
- SMSes in Malaysia prohibited from containing URLs, phone numbers and requests for personal numbers
- Prohibition on Sending Non-compliant Messages
- Adjustment of Calculation Rule for Global SMS Message Length
- Price Adjustment of Global SMS
- Announcements
- Product Introduction
- Review Standards
- Global SMS
- Console Guide
- Practical Tutorial
- API Documentation
- SDK Documentation
- FAQ
- Service Agreement
- Contact Us
Note:
This document describes the access management feature of SMS. For more information on access management for other Tencent Cloud services, please see CAM-Enabled Products.
It is convenient to use a default policy in SMS access control to implement authorization, but its granularity of permission control is coarse and cannot be refined to the SMS application and the TencentCloud API levels. If you need fine-grained permissions control, you need to create custom policies.
Custom Policy Creation Methods
There are multiple ways to create a custom policy. The table below shows a comparison of various methods. For detailed directions, please see further below.
Creation Entry | Creation Method | Effect | Resource | Action | Flexibility |
Policy generator | Manual selection | Syntax description | Manual selection | Medium | |
Policy syntax | Syntax description | Syntax description | Syntax description | High | |
CAM server API | Syntax description | Syntax description | Syntax description | High |
Note:
SMS does not support creating custom policies by product feature or project.
Manual selection means that you can select an object from the candidate list displayed in the console.
Syntax description means that you can describe objects through the authorization policy syntax.
Authorization Policy Syntax
Resource syntax description
As mentioned above, the resource granularity of permission management in SMS is the application. The application description in the policy syntax follows the CAM resource description method. In the example below, the developer's root account ID is 12345678, and the developer has created three applications with an
App of 1400000000, 1400000001, and 1400000002, respectively.Policy syntax description for all SMS applications
"resource": ["qcs::sms::uin/12345678:app/*"]
Policy syntax description for a single SMS application
"resource": [ "qcs::sms::uin/12345678:app/1400000001"]
Policy syntax description for multiple SMS applications
"resource": [ "qcs::sms::uin/12345678:app/1400000000","qcs::sms::uin/12345678:app/1400000001"]
Action syntax description
As mentioned above, the action granularity of permission management in SMS is the TencentCloud API. For more information, please see Authorizable Resources and Actions. TencentCloud APIs such as
DescribeAppList (getting application list) and DescribeAppInfo (getting application information) are used as examples below.Policy syntax description for all SMS TencentCloud APIs
"action": ["name/sms:*"]
Policy syntax description for a single TencentCloud API
"action": ["name/sms:DescribeAppList"]
Policy syntax description for multiple TencentCloud APIs
"action": ["name/sms:DescribeAppList","name/sms:DescribeAppInfo"]
Custom Policy Use Cases
Using the policy generator
In the example below, we will create a custom policy, which allows all actions except the console API
DeleteAppInfo to be performed on the SMS application 1400000001.1. Access the Policy page in the CAM console using a Tencent Cloud root account and click Create Custom Policy.
2. Select Create by Policy Generator to access the policy creation page.
3. Select the service and action.
Select Allow for Effect.
Select Short Message Service (sms) for Service.
Check all items for Action.
Enter
qcs::sms::uin/12345678:app/1400000001 for Resource according to the resource syntax description.The Condition configuration item does not need to be configured.
Click Add Statement and a statement saying that "Any action is allowed on the SMS application 1400000001" will appear at the bottom of the page.
4. Continue adding another statement on the same page.
Select Deny for Effect.
Select Short Message Service (sms) for Service.
Check
DeleteAppInfo (which can be quickly found using the search engine) for Action.Enter
qcs::sms::uin/12345678:app/1400000001 for Resource according to the resource syntax description.The Condition configuration item does not need to be configured.
Click Add Statement and a statement saying that "The
DeleteAppInfo action is denied on the SMS application 1400000001" will appear at the bottom of the page.5. Click Next and rename the policy as needed (or leave it unchanged).
6. Click Done to create the custom policy.
Subsequently, this policy can be granted to other sub-accounts in the same way as granting full access to SMS to an existing sub-account.
Using the policy syntax
In the example below, we will create a custom policy, which allows all actions to be performed on SMS applications 1400000001 and 1400000002 but denies
DeleteAppInfo for application 1400000001.1. Access the Policy page in the CAM console using a Tencent Cloud root account and click Create Custom Policy.
2. Select Create by Policy Syntax to access the policy creation page.
3. In the Select a template type box, select Blank Template.
Note:
A policy template is used to create a policy by copying an existing policy (preset or custom) and then making adjustments to the copy. During actual use, you can choose an appropriate policy template based on the actual conditions to reduce the difficulty and workload of writing the policy content.
4. Click Next and rename the policy as needed (or leave it unchanged).
5. Enter the following policy content in the Policy Content box:
{"version": "2.0","statement": [{"effect": "allow","action": ["name/SMS:*"],"resource": ["qcs::sms::uin/12345678:app/1400000001","qcs::sms::uin/12345678:app/1400000002"]},{"effect": "deny","action": ["name/SMS: DeleteAppInfo "],"resource": ["qcs::SMS::uin/12345678:app/1400000001"]}]}
Note:
The policy content should follow the CAM policy syntax logic, where the syntax of "resource" and "action" is as shown above in the Resource syntax description and the Action syntax description.
6. Click Complete to create the custom policy.
Subsequently, this policy can be granted to other sub-accounts in the same way as granting full access to SMS to existing sub-accounts.
Yes
No
Was this page helpful?