Sample Access Control Policy

Last updated: 2021-06-04 15:01:30

    Overview

    Cloud Access Management (CAM) is used to manage the access permissions for the resources under Tencent Cloud accounts. With CAM, you can use the identity management and policy management features to control which Tencent Cloud resources can be accessed by which sub-accounts. This document describes how to use certain policies in the console.

    Samples

    Full access policy in Private DNS

    To grant a user the permission to create and manage private domains in Private DNS, associate the QcloudPrivateDNSFullAccess policy with the user.
    Associate the preset policy QcloudPrivateDNSFullAccess with the user as instructed in Authorization Management.
    The policy syntax is as follows:

    
    {
     "version": "2.0",
     "statement": [
     {
       "action": [
           "privatedns:*"
        ],
        "resource": "*",
        "effect": "allow"
      }
     ]
    }
    

    Read-only policy in Private DNS

    To grant a user the permission to view private domains in Private DNS but not create or delete them, associate the QcloudPrivateDNSReadOnlyAccess policy with the user.
    Associate the preset policy QcloudCVMInnerReadOnlyAccess with the user as instructed in Authorization Management.
    The policy syntax is as follows:

    
    {
     "version": "2.0",
     "statement": [
     {
       "action": [
          "privatedns:Describe*"
        ],
        "resource": "*",
        "effect": "allow"
       }
     ]
    }