- Release Notes and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Resource Management
- Permission Management
- Log Collection
- Collection Overview
- Collection by LogListener
- Uploading Log via Kafka
- Uploading Logs via Logback Appender
- Uploading Logs via Loghub log4j Appender
- Collection via SDK
- Importing Data
- Tencent Cloud Service Log Access
- Log Storage
- Log Search and Analytic
- Overview and Syntax Rules
- Configuring Index
- Analysis Syntax
- Analytic Functions
- String Function
- Date and Time Functions
- IP Geographic Function
- URL Function
- Mathematical Calculation Functions
- Mathematical Statistical Function
- General Aggregate Functions
- Geospatial Function
- Binary String Function
- Estimation Function
- Type Conversion Function
- Logical Function
- Operators
- Bitwise Operation
- Regular Expression Function
- Lambda Function
- Conditional Expressions
- Array Functions
- Interval-Valued Comparison and Periodicity-Valued Comparison Functions
- JSON Functions
- Window Functions
- Quick Analysis
- Context Search and Analysis
- Downloading Log
- Visual Analysis
- Data Processing
- Creating a Processing Task
- Viewing Data Processing Details
- Data Processing Functions
- Function Overview
- Key-Value Extraction Functions
- Enrichment Functions
- Flow Control
- Row Processing Functions
- Field Processing Functions
- Value Structuring Functions
- Regular Expression Processing Functions
- Time Value Processing Functions
- String Processing Functions
- Type Conversion Functions
- Logical Expression Functions
- Processing Cases
- Log Shipping
- Monitoring Alarm
- Function Processing
- Historical Documentation
- Best Practices
- Developer Guide
- API Documentation
- History
- API Category
- Making API Requests
- Log Topic APIs
- Logset APIs
- Topic Partition APIs
- Collection APIs
- Index APIs
- Log APIs
- Alarm Policy APIs
- Collection Configuration APIs
- COS Shipping Task APIs
- CKafka Shipping Task APIs
- Native Kafka Production and Consumption APIs
- Data Types
- Error Codes
- CLS API 2017
- Request Signature
- API Overview
- Collection Configuration
- Consumption Management
- Common Request Headers
- Common Response Headers
- Log Management
- Logset Management
- Log Topic Management
- Shipping Task Management (COS)
- Shipping Task Management (SCF)
- Shipping Task Management (CKafka)
- Machine Group Management
- Consumption Management
- Index Management
- Error Codes
- FAQs
- CLS Service Level Agreement
- Contact Us
- Glossary
- Release Notes and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Resource Management
- Permission Management
- Log Collection
- Collection Overview
- Collection by LogListener
- Uploading Log via Kafka
- Uploading Logs via Logback Appender
- Uploading Logs via Loghub log4j Appender
- Collection via SDK
- Importing Data
- Tencent Cloud Service Log Access
- Log Storage
- Log Search and Analytic
- Overview and Syntax Rules
- Configuring Index
- Analysis Syntax
- Analytic Functions
- String Function
- Date and Time Functions
- IP Geographic Function
- URL Function
- Mathematical Calculation Functions
- Mathematical Statistical Function
- General Aggregate Functions
- Geospatial Function
- Binary String Function
- Estimation Function
- Type Conversion Function
- Logical Function
- Operators
- Bitwise Operation
- Regular Expression Function
- Lambda Function
- Conditional Expressions
- Array Functions
- Interval-Valued Comparison and Periodicity-Valued Comparison Functions
- JSON Functions
- Window Functions
- Quick Analysis
- Context Search and Analysis
- Downloading Log
- Visual Analysis
- Data Processing
- Creating a Processing Task
- Viewing Data Processing Details
- Data Processing Functions
- Function Overview
- Key-Value Extraction Functions
- Enrichment Functions
- Flow Control
- Row Processing Functions
- Field Processing Functions
- Value Structuring Functions
- Regular Expression Processing Functions
- Time Value Processing Functions
- String Processing Functions
- Type Conversion Functions
- Logical Expression Functions
- Processing Cases
- Log Shipping
- Monitoring Alarm
- Function Processing
- Historical Documentation
- Best Practices
- Developer Guide
- API Documentation
- History
- API Category
- Making API Requests
- Log Topic APIs
- Logset APIs
- Topic Partition APIs
- Collection APIs
- Index APIs
- Log APIs
- Alarm Policy APIs
- Collection Configuration APIs
- COS Shipping Task APIs
- CKafka Shipping Task APIs
- Native Kafka Production and Consumption APIs
- Data Types
- Error Codes
- CLS API 2017
- Request Signature
- API Overview
- Collection Configuration
- Consumption Management
- Common Request Headers
- Common Response Headers
- Log Management
- Logset Management
- Log Topic Management
- Shipping Task Management (COS)
- Shipping Task Management (SCF)
- Shipping Task Management (CKafka)
- Machine Group Management
- Consumption Management
- Index Management
- Error Codes
- FAQs
- CLS Service Level Agreement
- Contact Us
- Glossary
Overview
Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access to your Tencent Cloud resources. Using CAM, you can create, manage, and terminate users (user groups), and control who can access and use your Tencent Cloud resources through identity and policy management. For more information about CAM policies and how to use them, see Policy.
A root account can grant a sub-account or collaborator access to specified CLS resources.
Preset Access Policies
CLS offers two preset access policies to meet your basic access management demand.
- QcloudCLSFullAccess: access to all CLS resources and actions, including creating log topics, modifying index configuration, deleting log topics, searching for logs, uploading logs, etc.
- QcloudCLSReadOnlyAccess: only read access to CLS data; no CRUD access
For how to use the policies, see Authorization Management.
Custom Access Policies
You can use a custom access policy to grant access at a finer granularity, for example, to allow a specific user to view the data of a specific log topic.
A custom access policy consists of two parts:
- Action: the action a user is allowed to perform, such as searching for logs, modifying index configuration, uploading logs, and creating alarm policies
- Resource: the resources a user is allowed to operate on, such as a specific log topic, dashboard, data processing task
For the authorizable resource types and related APIs supported by CLS, see Authorizable Resource Types. For how to configure custom access policies, see Creating Custom Policy.
Configuring custom access policies can be a demanding process. The examples we offer in Examples of Custom Access Policies should meet most access management needs. You can also modify the examples based on your requirements.
- Log in to the console with the root account (or an account with CAM access). On the Policies page, click Create Custom Policy.
- In the pop-up window, click Create by Policy Syntax.
- Select Blank Template and click Next.
- Enter a policy name and policy content. For the latter, you can copy content from Examples of Custom Access Policies.
- Click Complete to save the policy.
After creating a custom access policy, you can associate it with a user/user group to grant the user/user group the corresponding access.
Yes
No
Was this page helpful?