Manageable Resources and Actions

Last updated: 2022-01-27 16:53:05
    Note:

    This document describes the management of access to TRTC. For access management of other Tencent Cloud services, see CAM-Enabled Products.

    In essence, CAM enables you to allow or forbid specified accounts to access certain resources. TRTC access management supports resource-level authorization. The granularity of manageable resources is TRTC applications, and the granularity of authorizable actions is TencentCloud APIs, including server APIs and APIs that may be needed to access the TRTC console.

    If you need to manage access to TRTC, please log in to the console with a Tencent Cloud root account and use a preset policy or a custom policy to grant permissions.

    Type of Manageable Resources

    • TRTC access management allows you to control access to applications.

    APIs Supporting Resource-Level Authorization

    Barring a few exceptions, all API actions listed in this section support resource-level authorization. Authorization policies related to these API actions use the same syntax conventions. See below for details.

    • Authorizing access to all applications: qcs::trtc::uin/${uin}:sdkappid/*
    • Authorizing access to single applications: qcs::trtc::uin/${uin}:sdkappid/${SdkAppId}.

    Server API actions

    API Category Description
    DismissRoom Room management Closes a room.
    RemoveUser Room management Removes a user.
    RemoveUserByStrRoomId Room management Removes a user (string room ID).
    DismissRoomByStrRoomId Room management Closes a room (string room ID).
    StartMCUMixTranscode Stream mixing and transcoding Starts On-Cloud MixTranscoding.
    StopMCUMixTranscode Stream mixing and transcoding Stops On-Cloud MixTranscoding.
    StartMCUMixTranscodeByStrRoomId Stream mixing and transcoding Starts On-Cloud MixTranscoding (string room ID).
    StopMCUMixTranscodeByStrRoomId Stream mixing and transcoding Stops On-Cloud MixTranscoding (string room ID).
    CreateTroubleInfo Call quality monitoring Generates information about exceptional conditions.
    DescribeAbnormalEvent Call quality monitoring Queries abnormal events.
    DescribeCallDetail Call quality monitoring Queries user list and call metrics.
    DescribeHistoryScale Call quality monitoring Queries room and user numbers in the past.
    DescribeRealtimeNetwork Call quality monitoring Queries network conditions in real time.
    DescribeRealtimeQuality Call quality monitoring Queries quality data in real time.
    DescribeRealtimeScale Call quality monitoring Queries room and user numbers in real time.
    DescribeRoomInformation Call quality monitoring Queries room list.
    DescribeUserInformation Call quality monitoring Queries the list of historical users.

    Console API actions

    APIConsoleDescription
    DescribeAppStatList TRTC console: Gets application list.
    DescribeSdkAppInfo TRTC console: Application Management > Application Info Gets application information.
    ModifyAppInfo TRTC console: Application Management > Application Info Modifies application information.
    ChangeSecretKeyFlag TRTC console: Application Management > Application Info Enables/Disables encryption keys.
    CreateWatermark TRTC console: Application Management > Material Management Uploads an image.
    DeleteWatermark TRTC console: Application Management > Material Management Deletes an image.
    ModifyWatermark TRTC console: Application Management > Material Management Edits an image.
    DescribeWatermark TRTC console: Application Management > Material Management Searches an image.
    CreateSecret TRTC console: Application Management > Quick Start Generates a symmetric encryption key.
    ToggleSecretVersion TRTC console:Application Management > Quick Start Switches between asymmetric keys (private and public keys) and symmetric keys.
    DescribeSecret TRTC console: Gets a symmetric encryption key.
    DescribeTrtcAppAndAccountInfo TRTC console: Development Assistance > UserSig Generation & Verification Gets application and account information to obtain a pair of public and private keys.
    CreateSecretUserSig TRTC console: Development Assistance > UserSig Generation & Verification Uses a symmetric encryption key to generate a UserSig.
    DescribeSig TRTC console: Gets a UserSig generated using a pair of public and private keys.
    VerifySecretUserSig TRTC console: Development Assistance > UserSig Generation & Verification Verifies a UserSig generated using a symmetric encryption key.
    VerifySig TRTC console: Development Assistance > UserSig Generation & Verification Verifies a UserSig generated using a pair of public and private keys.
    CreateSpearConf TRTC console: Application Management > Image Settings Adds an image setting. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality
    DeleteSpearConf TRTC console: Application Management > Image Settings Deletes an image setting. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality
    ModifySpearConf TRTC console: Application Management > Image Settings Modifies image settings. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality
    DescribeSpearConf TRTC console: Application Management > Image Settings Gets image settings. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality
    ToggleSpearScheme TRTC console: Application Management > Image Settings Switches image setting scenarios. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality

    APIs Not Supporting Resource-Level Authorization

    Due to special restrictions, the following APIs do not support resource-level authorization.

    Server API actions

    API Category Description Restriction
    DescribeDetailEvent Call quality monitoring Queries specific events. The parameters entered do not include SDKAppID, making resource-level authorization impossible.
    DescribeRecordStatistic Other APIs Queries the billing period of on-cloud recording. For business reasons, resource-level authorization is not supported currently.
    DescribeTrtcInteractiveTime Other APIs Queries the billing period for audio/video interactive features. For business reasons, resource-level authorization is not supported currently.
    DescribeTrtcMcuTranscodeTime Other APIs Queries the billing period of relayed transcoding. For business reasons, resource-level authorization is not supported currently.

    Console API actions

    APIConsoleDescriptionRestriction
    DescribeTrtcStatistic TRTC console: Gets usage statistics. This API returns the statistics of all `SDKAppIDs`. Limiting a query to specific `SDKAppIDs` will lead to an error. You can use `DescribeAppStatList` to specify a list of applications to query.
    DescribeDurationPackages TRTC console: Gets the list of prepaid packages. A prepaid package is shared by all TRTC applications under the same Tencent Cloud account. There is no `SDKAppID` parameter in the package information, so resource-level authorization cannot be performed.
    GetUserList TRTC console: Monitoring Dashboard Gets user list. The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
    GetUserInfo TRTC console: Monitoring Dashboard Gets user information. The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
    GetCommState TRTC console: Monitoring Dashboard Gets call status. The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
    GetElasticSearchData TRTC console: Monitoring Dashboard Queries Elasticsearch data. The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
    CreateTrtcApp TRTC console: Creates a TRTC application. The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. `SDKAppID` is the unique ID of a TRTC application and is generated after application creation.
    HardDescribeMixConf TRTC console: Application Management > Function Configuration Queries relayed push status. The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
    ModifyMixConf TRTC console: Application Management > Function Configuration Enables/Disables relayed push. The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
    RemindBalance TRTC console: Package Management Gets the balance alarm information of a prepaid package. A prepaid package is shared by all TRTC applications under the same Tencent Cloud account. There is no `SDKAppID` parameter in the package information, so resource-level authorization cannot be performed.
    Note:

    You can use a custom policy to control access to an API that does not support resource-level authorization. In the policy statement, set the resource element to *.