tencent cloud

Direct Connect

Release Notes and Announcements
Release Notes
Announcements
Product Introduction
Overview
Features
Application Scenarios
Use Limits
Connection Access Point
Relevant Products
Network Planning
Purchase Guide
Billing Overview
Purchasing in the Console
Renewing Connections
Getting Started
Operation Guide
Connections
Direct Connect Gateways
Dedicated Tunnels
Monitoring and Alarming
MACsec Encryption
Cloud Exchange
Cloud Access Management
Overview
Access Policy Types
Access Policy Syntax
Practical Tutorial
Connecting a Local IDC to CVM by Using a VPC NAT Gateway and Direct Connect
Hybrid Cloud Primary/Secondary Communication (DC and VPN)
Best Practices on Direct Connect High Availability and Hybrid Cloud Network
Migrating Cross-Region Dedicated Tunnel to CCN
Migrating IDC to the Cloud Through CCN
Accelerating Routing Convergence Through BGP+BFD (Layer 3)
IDC Local Configuration
Establishing Direct Connect Between Tencent Cloud and Various Cloud Vendors Through Equinix
API Documentation
History
Introduction
API Category
Making API Requests
Direct Connect APIs
Data Types
Error Codes
FAQ
Basic FAQs
Billing Issues
Function Issues
Troubleshooting
General Troubleshooting Solutions
Access Failure and Packet Loss
Agreements
Tencent Cloud Direct Connect Service Level Agreement
Tencent Cloud Direct Connect Service Agreement
Tencent Cloud Direct Connect Review Standards
Contact Us
Glossary
DocumentationDirect ConnectCloud Access ManagementAccess Policy Syntax

Access Policy Syntax

PDF
Focus Mode
Font Size
Last updated: 2024-01-13 16:02:36
This document describes CAM access policy syntax and use cases.

CAM Policy Syntax

CAM policy:
{     
        "version":"2.0", 
        "statement": 
        [ 
           { 
              "effect":"effect", 
              "action":["action"], 
              "resource":["resource"], 
               "condition": {"key":{"value"}} 
           } 
       ] 
}
version is required. Currently, only the value "2.0" is allowed.
statement describes the details of one or more permissions, and therefore contains the permission(s) of other elements such as effect, action, resource, and condition. One policy has only one statement.
1.1 effect is required. It describes the result of a statement. The result can be "allow" or an explicit "deny".
1.2 action is required. It describes the allowed or denied operation. An operation can be an API (prefixed with “name” or a feature set (a set of specific APIs prefixed with "permit").
1.3 resource is required. It describes the details of authorization. A resource is described in a six-segment format. Detailed resource definitions vary by product. For more information on how to specify a resource, see the documentation for the product whose resources you are writing a statement for.
1.4 condition is optional. It describes the condition for the policy to take effect. A condition consists of operator, action key, and action value. A condition value may contain information such as time and IP address. Some services allow you to specify additional values in a condition.

Policy Examples

Specify a full read/write permission policy for dedicated tunnel as follows:
Grant the sub-accounts all operation permissions for dedicated tunnels, such as creation and management.
Policy name: QcloudDCFullAccess
{
"version": "2.0",
"statement": [
    {
        "action": [
            "dc:*"
        ],
        "resource": "*",
        "effect": "allow"
    }
]
}
Specify a read-only permission policy for dedicated tunnel as follows:
Grant the sub-account read-only permission for dedicated tunnels. The authorized sub-account can view all resources of the dedicated tunnels, but cannot create, update or delete resources.
Policy name: QcloudDCReadOnlyAccess
{
"version": "2.0",
"statement": [
    {
        "action": [
            "dc:Describe*",
            "dc:Is*"
        ],
        "resource": "*",
        "effect": "allow"
    }
]
Previous Topic: Access Policy TypesNext Topic: Connecting a Local IDC to CVM by Using a VPC NAT Gateway and Direct Connect

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback