- Release Notes and Announcements
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Resource Management
- Permission Management
- Log Collection
- Collection Overview
- Collecting Logs in Self-Built Kubernetes Cluster
- Collecting Syslog
- Collection by LogListener
- Collecting Text Log
- Uploading Log over Kafka
- Uploading Logs via Anonymous Write
- Uploading Logs via Logback Appender
- Uploading Logs via Log4j Appender
- Uploading Log via SDK
- Uploading Log via API
- Importing Data
- Tencent Cloud Service Log Access
- Log Storage
- Search and Analysis
- Syntax and Rules
- Statistical Analysis (SQL)
- Quick Analysis
- SQL Syntax
- SQL Functions
- String Function
- Date and Time Functions
- IP Geographic Function
- URL Function
- Mathematical Calculation Functions
- Mathematical Statistical Function
- General Aggregate Function
- Geospatial Function
- Binary String Function
- Estimation Function
- Type Conversion Function
- Logical Function
- Operators
- Bitwise Operation
- Regular Expression Function
- Lambda Function
- Conditional Expressions
- Array Functions
- Interval-Valued Comparison and Periodicity-Valued Comparison Functions
- JSON Functions
- Window Functions
- Sampling Analysis
- Configuring Indexes
- Reindexing
- Context Search and Analysis
- Downloading Log
- Dashboard
- Data Processing documents
- Data Processing
- Creating Processing Task
- Viewing Data Processing Details
- Data Processing Functions
- Function Overview
- Key-Value Extraction Functions
- Enrichment Functions
- Flow Control
- Row Processing Functions
- Field Processing Functions
- Value Structuring Functions
- Regular Expression Processing Functions
- Time Value Processing Functions
- String Processing Functions
- Type Conversion Functions
- Logical and Mathematical Functions
- Encoding and Decoding Functions
- IP Parsing Functions
- Processing Cases
- Scheduled SQL Analysis
- SCF
- Data Processing
- Shipping and Consumption
- Log Shipping
- Monitoring Alarm
- Historical Documentation
- Best Practices
- Developer Guide
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Topic Management APIs
- Log Set Management APIs
- Index APIs
- Topic Partition APIs
- Machine Group APIs
- Collection Configuration APIs
- Log APIs
- Metric APIs
- Alarm Policy APIs
- Data Processing APIs
- Kafka Protocol Consumption APIs
- CKafka Shipping Task APIs
- Kafka Data Subscription APIs
- COS Shipping Task APIs
- SCF Delivery Task APIs
- Scheduled SQL Analysis APIs
- COS Data Import Task APIs
- Data Types
- Error Codes
- FAQs
- CLS Service Level Agreement
- CLS Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Resource Management
- Permission Management
- Log Collection
- Collection Overview
- Collecting Logs in Self-Built Kubernetes Cluster
- Collecting Syslog
- Collection by LogListener
- Collecting Text Log
- Uploading Log over Kafka
- Uploading Logs via Anonymous Write
- Uploading Logs via Logback Appender
- Uploading Logs via Log4j Appender
- Uploading Log via SDK
- Uploading Log via API
- Importing Data
- Tencent Cloud Service Log Access
- Log Storage
- Search and Analysis
- Syntax and Rules
- Statistical Analysis (SQL)
- Quick Analysis
- SQL Syntax
- SQL Functions
- String Function
- Date and Time Functions
- IP Geographic Function
- URL Function
- Mathematical Calculation Functions
- Mathematical Statistical Function
- General Aggregate Function
- Geospatial Function
- Binary String Function
- Estimation Function
- Type Conversion Function
- Logical Function
- Operators
- Bitwise Operation
- Regular Expression Function
- Lambda Function
- Conditional Expressions
- Array Functions
- Interval-Valued Comparison and Periodicity-Valued Comparison Functions
- JSON Functions
- Window Functions
- Sampling Analysis
- Configuring Indexes
- Reindexing
- Context Search and Analysis
- Downloading Log
- Dashboard
- Data Processing documents
- Data Processing
- Creating Processing Task
- Viewing Data Processing Details
- Data Processing Functions
- Function Overview
- Key-Value Extraction Functions
- Enrichment Functions
- Flow Control
- Row Processing Functions
- Field Processing Functions
- Value Structuring Functions
- Regular Expression Processing Functions
- Time Value Processing Functions
- String Processing Functions
- Type Conversion Functions
- Logical and Mathematical Functions
- Encoding and Decoding Functions
- IP Parsing Functions
- Processing Cases
- Scheduled SQL Analysis
- SCF
- Data Processing
- Shipping and Consumption
- Log Shipping
- Monitoring Alarm
- Historical Documentation
- Best Practices
- Developer Guide
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Topic Management APIs
- Log Set Management APIs
- Index APIs
- Topic Partition APIs
- Machine Group APIs
- Collection Configuration APIs
- Log APIs
- Metric APIs
- Alarm Policy APIs
- Data Processing APIs
- Kafka Protocol Consumption APIs
- CKafka Shipping Task APIs
- Kafka Data Subscription APIs
- COS Shipping Task APIs
- SCF Delivery Task APIs
- Scheduled SQL Analysis APIs
- COS Data Import Task APIs
- Data Types
- Error Codes
- FAQs
- CLS Service Level Agreement
- CLS Policy
- Contact Us
- Glossary
CLS Permission Overview
Last updated: 2024-01-20 16:56:41
This document introduces the authorization policies for CLS features and corresponding management and read-only permissions. You can configure the corresponding authorization policy statements based on the CLS features to be authorized.
Authorization Directions
You need to perform 3 steps: use the root account (
CompanyExample) to create a custom policy, grant the sub-account (Developer) all permissions for the log topic (TopicA), and then access CLS using the sub-account (Developer). The procedure for creating a custom policy using the root account is as follows:1. Log in to the CAM console as the root account (
CompanyExample).2. On the left sidebar, click Policies to go to the policy management page.
3. Click Create Custom Policy.
4. In the pop-up window, select Create by Policy Syntax.
5. On the Create by Policy Syntax page, select Blank Template and click Next.
6. On the policy editing page, set the policy name and content, and click Done.
For example, you can set the policy name to
CLS-TopicA-Access. Configure the policy content by referring to the following:Authorization Policy Statements for Data Collection
Authorize the minimum permission for log upload via LogListener
{"version": "2.0","statement": [{"action": ["cls:pushlog","cls:listLogset","cls:getConfig","cls:agentHeartBeat"],"resource": "*","effect": "allow"}]}
Configure LogListener collection rules
Management permission
Authorization for all log topics
{"version": "2.0","statement": [{"action": ["cls:DescribeLogsets","cls:DescribeConfigs","cls:ModifyConfig","cls:DescribeIndex","cls:DescribeIndex","cls:ModifyIndex"],"resource": ["*"],"effect": "allow"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"action": ["cls:DescribeLogsets","cls:DescribeConfigs","cls:ModifyConfig","cls:DescribeIndex","cls:DescribeIndex","cls:ModifyIndex"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}},"effect": "allow"}]}
Read-only permission
Authorization for all log topics
{"version": "2.0","statement": [{"action": ["cls:DescribeLogsets","cls:DescribeConfigs","cls:DescribeIndex","cls:DescribeIndex"]"resource": ["*"],"effect": "allow"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeLogsets","cls:DescribeConfigs","cls:DescribeIndex","cls:DescribeIndex"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}}]}
Authorize the minimum permission for log upload via API
{"version": "2.0","statement": [{"action": ["cls:CreateTopic","cls:CreateLogset","cls:UploadLog",],"resource": "*","effect": "allow"}]}
Authorization Policy Statements for Search and Analysis
Log search via console
Management permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeAsyncContextResult","cls:DescribeAsyncSearchResult","cls:DescribeExports","cls:DescribeIndex","cls:DescribeLatestJsonLog","cls:DescribeLogContext","cls:DescribeLogFastAnalysis","cls:DescribeLogHistogram","cls:DescribePartitions","cls:DescribeTopics","cls:GetFastAnalysis","cls:GetHistogram","cls:GetLog","cls:SearchLog","cls:ShowContext","cls:getIndex","cls:getLogset","cls:getTopic","cls:searchLog","cls:DescribeAsyncContextTasks","cls:DescribeAsyncSearchTasks","cls:DescribeLogsets","cls:listLogset","cls:listTopic","cls:listPartitions","cls:CreateAsyncContextTask","cls:CreateAsyncSearchTask","cls:CreateExport","cls:CreateIndex","cls:DeleteAsyncContextTask","cls:DeleteAsyncSearchTask","cls:DeleteExport","cls:DeleteIndex","cls:DeleteLogset","cls:DeleteTopic","cls:MergePartition","cls:ModifyIndex","cls:ModifyLogset","cls:ModifyTopic","cls:SplitPartition","cls:deleteLogset","cls:deleteTopic","cls:downloadLog","cls:modifyIndex","cls:modifyLogset","cls:modifyTopic","cls:updatePartition","cls:GetDeliverFunction","cls:CreateLogset","cls:CreateTopic","cls:createLogset","cls:createTopic"],"resource": ["*"]}]}
Authorization for log topics with a specified tag
Note:
During configuration, you also need to bind tags to log topics and logsets.
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeAsyncContextResult","cls:DescribeAsyncSearchResult","cls:DescribeExports","cls:DescribeIndex","cls:DescribeLatestJsonLog","cls:DescribeLogContext","cls:DescribeLogFastAnalysis","cls:DescribeLogHistogram","cls:DescribePartitions","cls:DescribeTopics","cls:GetFastAnalysis","cls:GetHistogram","cls:GetLog","cls:SearchLog","cls:ShowContext","cls:getIndex","cls:getLogset","cls:getTopic","cls:searchLog","cls:DescribeAsyncContextTasks","cls:DescribeAsyncSearchTasks","cls:DescribeLogsets","cls:listLogset","cls:listTopic","cls:listPartitions","cls:CreateAsyncContextTask","cls:CreateAsyncSearchTask","cls:CreateExport","cls:CreateIndex","cls:DeleteAsyncContextTask","cls:DeleteAsyncSearchTask","cls:DeleteExport","cls:DeleteIndex","cls:DeleteLogset","cls:DeleteTopic","cls:MergePartition","cls:ModifyIndex","cls:ModifyLogset","cls:ModifyTopic","cls:SplitPartition","cls:deleteLogset","cls:deleteTopic","cls:downloadLog","cls:modifyIndex","cls:modifyLogset","cls:modifyTopic","cls:updatePartition","cls:GetDeliverFunction"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["testCAM&test1"]}}}]}
Read-only permission
Authorization for log topics with a specified tag
Note:
During configuration, you also need to bind tags to log topics and logsets.
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeAsyncContextResult","cls:DescribeAsyncSearchResult","cls:DescribeExports","cls:DescribeIndex","cls:DescribeLatestJsonLog","cls:DescribeLogContext","cls:DescribeLogFastAnalysis","cls:DescribeLogHistogram","cls:DescribePartitions","cls:DescribeTopics","cls:GetFastAnalysis","cls:GetHistogram","cls:GetLog","cls:SearchLog","cls:ShowContext","cls:getIndex","cls:getLogset","cls:getTopic","cls:searchLog","cls:DescribeAsyncContextTasks","cls:DescribeAsyncSearchTasks","cls:DescribeLogsets","cls:listLogset","cls:listTopic","cls:listPartitions"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}}]}
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeAsyncContextResult","cls:DescribeAsyncSearchResult","cls:DescribeExports","cls:DescribeIndex","cls:DescribeLatestJsonLog","cls:DescribeLogContext","cls:DescribeLogFastAnalysis","cls:DescribeLogHistogram","cls:DescribePartitions","cls:DescribeTopics","cls:GetFastAnalysis","cls:GetHistogram","cls:GetLog","cls:SearchLog","cls:ShowContext","cls:getIndex","cls:getLogset","cls:getTopic","cls:searchLog","cls:DescribeAsyncContextTasks","cls:DescribeAsyncSearchTasks","cls:DescribeLogsets","cls:listLogset","cls:listTopic","cls:listPartitions"],"resource": ["*"]}]}
Visual dashboard
Management permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:GetChart","cls:GetDashboard","cls:ListChart","cls:CreateChart","cls:CreateDashboard","cls:DeleteChart","cls:DeleteDashboard","cls:ModifyChart","cls:ModifyDashboard","cls:ListDashboard"],"resource": "*"},{"effect": "allow","action": ["cls:SearchLog","cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:GetChart","cls:GetDashboard","cls:ListChart","cls:CreateChart","cls:DeleteChart","cls:DeleteDashboard","cls:ModifyChart","cls:ModifyDashboard"],"resource": "*"},{"effect": "allow","action": ["cls:ListDashboard"],"resource": "*"},{"effect": "allow","action": ["cls:SearchLog","cls:DescribeTopics"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}}]}
Read-only permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:GetChart","cls:GetDashboard","cls:ListChart"],"resource": "*"},{"effect": "allow","action": ["cls:ListDashboard"],"resource": "*"},{"effect": "allow","action": ["cls:SearchLog","cls:DescribeTopics"],"resource": "*"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:GetChart","cls:GetDashboard","cls:ListChart"],"resource": "*"},{"effect": "allow","action": ["cls:ListDashboard"],"resource": "*"},{"effect": "allow","action": ["cls:SearchLog","cls:DescribeTopics"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}}]}
Authorization Policy Statements for Monitoring Alarms
Management permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeLogsets","cls:DescribeTopics"],"resource": ["*"]},{"effect": "allow","action": ["cls:DescribeAlarms","cls:CreateAlarm","cls:ModifyAlarm","cls:DeleteAlarm","cls:DescribeAlarmNotices","cls:CreateAlarmNotice","cls:ModifyAlarmNotice","cls:DeleteAlarmNotice","cam:ListGroups","cam:DescribeSubAccountContacts","cls:GetAlarmLog","cls:DescribeAlertRecordHistory","cls:CheckAlarmRule","cls:CheckAlarmChannel"],"resource": "*"}]}
Authorization for log topics with a specified tag (monitoring alarms currently do not fully support permission management by tag)
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeLogsets","cls:DescribeTopics"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["testCAM&test1"]}}},{"effect": "allow","action": ["cls:DescribeAlarms","cls:CreateAlarm","cls:ModifyAlarm","cls:DeleteAlarm","cls:DescribeAlarmNotices","cls:CreateAlarmNotice","cls:ModifyAlarmNotice","cls:DeleteAlarmNotice","cam:ListGroups","cam:DescribeSubAccountContacts","cls:GetAlarmLog","cls:DescribeAlertRecordHistory","cls:CheckAlarmRule","cls:CheckAlarmChannel"],"resource": "*"}]}
Read-only permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeLogsets","cls:DescribeTopics"],"resource": ["*"]},{"effect": "allow","action": ["cls:DescribeAlarms","cls:DescribeAlarmNotices","cls:GetAlarmLog","cls:DescribeAlertRecordHistory","cam:ListGroups","cam:DescribeSubAccountContacts"],"resource": "*"}]}
Authorization for log topics with a specified tag (monitoring alarms currently do not fully support permission management by tag)
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeLogsets","cls:DescribeTopics"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["testCAM&test1"]}}},{"effect": "allow","action": ["cls:DescribeAlarms","cls:DescribeAlarmNotices","cls:GetAlarmLog","cls:DescribeAlertRecordHistory","cam:ListGroups","cam:DescribeSubAccountContacts"],"resource": "*"}]}
Authorization Policy Statements for Data Shipping
Shipping to CKafka
Management permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*",},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cam:ListAttachedRolePolicies","ckafka:DescribeInstances","ckafka:DescribeTopic","ckafka:DescribeInstanceAttributes","cls:modifyConsumer","cls:getConsumer"],"resource": "*"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*","condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["age&13","name&vinson"]}}},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cam:ListAttachedRolePolicies","ckafka:DescribeInstances","ckafka:DescribeTopic","ckafka:DescribeInstanceAttributes","cls:modifyConsumer","cls:getConsumer"],"resource": "*"}]}
Read-only permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*"},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cam:ListAttachedRolePolicies","ckafka:DescribeInstances","ckafka:DescribeTopic","ckafka:DescribeInstanceAttributes","cls:getConsumer"],"resource": "*"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*","condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cam:ListAttachedRolePolicies","ckafka:DescribeInstances","ckafka:DescribeTopic","ckafka:DescribeInstanceAttributes","cls:getConsumer"],"resource": "*"}]}
Shipping to COS
Management permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets","cls:DescribeIndex"],"resource": "*"},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cls:CreateShipper","cls:ModifyShipper","cls:DescribeShippers","cls:DeleteShipper","cls:DescribeShipperTasks","cls:RetryShipperTask","cam:ListAttachedRolePolicies","cos:GetService",],"resource": "*"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets","cls:DescribeIndex"],"resource": "*","condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cls:CreateShipper","cls:ModifyShipper","cls:DescribeShippers","cls:DeleteShipper","cls:DescribeShipperTasks","cls:RetryShipperTask","cam:ListAttachedRolePolicies","cos:GetService",],"resource": "*"}]}
Read-only permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets" ],"resource": "*"},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cls:DescribeShippers","cls:DescribeShipperTasks","cls:RetryShipperTask","cam:ListAttachedRolePolicies"],"resource": "*"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets" ],"resource": "*","condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cls:DescribeShippers","cls:DescribeShipperTasks","cls:RetryShipperTask","cam:ListAttachedRolePolicies"],"resource": "*"}]}
Shipping to SCF
Management permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*"},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cam:ListAttachedRolePolicies","cls:CreateDeliverFunction","cls:DeleteDeliverFunction","cls:ModifyDeliverFunction","cls:GetDeliverFunction","scf:ListFunctions","scf:ListAliases","scf:ListVersionByFunction"],"resource": "*"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*","condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cam:ListAttachedRolePolicies","cls:CreateDeliverFunction","cls:DeleteDeliverFunction","cls:ModifyDeliverFunction","cls:GetDeliverFunction","scf:ListFunctions","scf:ListAliases","scf:ListVersionByFunction"],"resource": "*"}]}
Read-only permission
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*"},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cam:ListAttachedRolePolicies","cls:GetDeliverFunction","scf:ListFunctions","scf:ListAliases","scf:ListVersionByFunction"],"resource": "*"}]}
Authorization for log topics with a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:DescribeTopics","cls:DescribeLogsets"],"resource": "*","condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["key&value"]}}},{"effect": "allow","action": ["tag:DescribeResourceTagsByResourceIds","tag:DescribeTagKeys","tag:DescribeTagValues","cam:ListAttachedRolePolicies","cls:GetDeliverFunction","scf:ListFunctions","scf:ListAliases","scf:ListVersionByFunction"],"resource": "*"}]}
Authorization Policy Statements for Developers
Permission to display on Grafana
Authorization for all log topics
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:searchLog"],"resource": ["*"]}]}
Authorization for log topics of a specified tag
{"version": "2.0","statement": [{"effect": "allow","action": ["cls:searchLog"],"resource": ["*"],"condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["testCAM&test1"]}}}]}
Yes
No
Was this page helpful?