Getting Started Configuration

Last updated: 2020-07-07 11:21:44

    This document describes how to create and authorize sub-users. If you have never used Tencent Cloud Access Management (CAM), please read this document for more information on the configuration.

    TPNS uses CAM for permission management. You need to authorize applications, create sub-users, and grant application permissions to the sub-users. For detailed directions, please see the following sections.

    Creating Sub-User

    1. Log in to the CAM Console and click Create User.
    2. Configure login information of the sub-user as instructed and grant the sub-user application permissions on the "Setting User Permission" page.

    Granting Application Permissions

    Granting permissions of all applications in a centralized manner

    1. Continue from the last step in the previous section
    1. Enter "TPNS" in the search box. In the search results, there are two default preset permissions as shown below:
    Policy Name Permission Scope
    QcloudTPNSFullAccess Grants all permissions of all applications under the root account
    QcloudTPNSReadOnlyAccess Grants read and push permissions of all applications under the root account

    Granting permissions of selected applications

    1. Click Create Custom Policy.

    2. On the displayed page, select Create by Policy Syntax

    3. Select the blank template.

    1. Click "Next" to enter the syntax creating page

    Copy the following syntax code:

    {
        "version": "2.0",
        "statement": [
            { 
                "action": [
                    "tpns:Describe*",
                    "tpns:CancelPush",
                    "tpns:DownloadPushPackage",
                    "tpns:CreatePush",
                    "tpns:UploadPushPackage"
                ],
                "resource": [
                    "qcs::tpns::uin/1000000000:app/1500000000"
                ],
                "effect": "allow"
            },
            {
                "action": [
                    "tpns:Describe*"
                ],
                "resource": [
                    "qcs::tpns::uin/1000000000:/*"
                ],
                "effect": "allow"
            }
    
         ]
    }

    Replace parameters in the syntax code as follows:

    • Replace the ID of the root account: enter the Account Info page under the current root account, copy the account ID, and replace 1000000000 in the syntax above with it.

      If your current login account is a collaborator or sub-account, you need to get the account ID from the owner of the root account that grants you permissions.

    • Replace the application Access_ID: log in to the TPNS Console, copy the Access_ID of the application whose permissions you want to grant, and replace 1500000000 in the syntax above with it. If you want to grant permissions of multiple applications, you can change resource to:
      "qcs::tpns::uin/1000000000:app/{application Access_ID1}","qcs::tpns::uin/1000000000:app/{application Access_ID2}"

    Please delete "{" and "}" in actual use. For detailed directions, please see Advanced Custom Configuration.

    1. Return to the user creating page.

      Search for the created policy by name, select it, click Next, and click Complete.

    2. After the permission configuration, you can select "Sub-User Login" on the login page to verify the account permissions.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help