This document has not been translated into this language yet. The following contents are machine translated by Tencent Mr.Translator.

Tencent Mr. Translator

Tencent Cloud Documentation

Help & DocumentationCloud Block StorageProduct IntroductionAccess ManagementAuthorization policy syntax

Authorization policy syntax

Last updated: 2020-02-17 14:17:05

PDF

Policy Syntax

CAM Policy:

{     
        "version":"2.0", 
        "statement": 
        [ 
           { 
              "effect":"effect", 
              "action":["action"], 
              "resource":["resource"], 
               "condition": {"key":{"value"}} 
           } 
       ] 
}

Version version : is required. Currently, only the allowed value is "2.0" .
Statement statement Is used to describe one or more pieces of Permission's detailed information. This element includes the Permission or Permission collection of many other elements, such as effect, action, resource, condition, and so on. A policy has one and only one statement element.

Operation action Used to describe an operation that is allowed or denied The operation can be API (described with the name prefix) or a feature set (a specific set of API described with the permid prefix). This element is required.
Resource resource Describe the specific data of the authorization Resources are described in six paragraphs. The details of the resource definition for each product will vary. This element is required.
Effective condition condition Describes the constraints under which the policy takes effect Conditions include operators, action keys, and operation values. Condition values can include information such as time, IP address, and so on. Some services allow you to specify other values in the condition. This element is not required.
Affect effect Describe whether the result of the statement is "allowed" or "Explicit refused". It includes two cases: allow (allowed) and deny (Explicit refused). This element is required.

Operation of CBS

In the CAM policy statement, you can specify any API operation from any service that supports CAM. For CBS, use the name/cvm: The API that is the prefix. For example: name/cvm:CreateDisks or name/cvm:DescribeDisks .
If you want to specify multiple actions in a single statement, separate them with commas, as follows:

"action":["name/cvm:action1","name/cvm:action2"]

You can also use wildcards to specify multiple actions. For example, you can specify all actions whose names begin with the word "Describe", as follows:

"action":["name/cvm:Describe*"]

If you want to specify all the actions corresponding to the CVM, use the * Wildcards, as follows:

"action"：["name/cvm:*"]

Resource path of CBS

Each CAM policy statement has its own resources. The general form of a resource path is as follows:

qcs:project_id:service_type:region:account:resource

Project_id Describe the project information only to be compatible with the early logic of CAM, without the need for Enter.
Service_type Product abbreviation, such as CVM.
Region : region information, such as bj.
File ext The root account information of the resource owner, such as uin/164256472
Resource Details of the specific resources of each product, such as volume/diskid1 or volume/ * .

For example, you can specify it in a statement using a specific CBS resource (disk-abcdefg), as follows:

"resource":[ "qcs::cvm:bj:uin/164256472:volume/disk-abcdefg"]

You can also use the * Wildcards specify all CBS resources that belong to a particular account, as follows:

"resource":[ "qcs::cvm:bj:uin/164256472:volume/*"]

You want to specify all resources, or if a specific API operation does not support resource-level Permission, use the in the Resource element * Wildcards, as follows:

"resource": ["*"]

If you want to specify multiple resources at the same time in a single instruction, separate them with commas, as an example of specifying two resources is shown below:

"resource":["resource1","resource2"]

Conditional key of CBS

In a policy statement, you can optionally specify conditions that control when the policy takes effect. Each condition contains one or more key-value pairs. Conditional keys are not case sensitive.

If you specify multiple conditions or multiple keys in a single condition, we will evaluate them through a logical AND operation.
If you specify a key with multiple values in a single condition, we will evaluate it through a logical OR operation. All conditions must be matched before Permission can be awarded.
The following table describes the conditional keys that CBS uses for service-specific purposes:

Conditional key Reference type Key-value pair

Conditional key	Reference type	Key-value pair
Cvm:region	String	Cvm:region=`Region` among`Region`Refers to a region (for example, ap-guangzhou)
Cvm:disk_type	String	Cvm_disk_type=`Disk_type` among`Disk_type`Refers to the disk type (for example, CLOUD_PREMIUM)

Cvm:region

String

Cvm:region=Region

amongRegionRefers to a region (for example, ap-guangzhou)

Cvm:disk_type

String

Cvm_disk_type=Disk_type

amongDisk_typeRefers to the disk type (for example, CLOUD_PREMIUM)

Previous: Authorized resource types Next: Related Products

Feedback

Sales Support

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

Hong Kong, China

+852 800-964-163 (Toll Free)

United States

+1 888-652-2736 (Toll Free)

Others

+86 75595716

Tencent Cloud Documentation

Authorization policy syntax

Contents：

Policy Syntax

Operation of CBS

Resource path of CBS

Conditional key of CBS

Contact Us

User Center

Documentation

Support

7x24 Hotline