- Release Notes and Announcements
- Release Notes
- TRTC Conference Official Editions Launched
- The commercial version of Conference is coming soon
- Terms and Conditions Applicable to $9.9 Starter Package
- Rules for the "First Subscription $100 Discount" Promotion
- Announcement on the Start of Beta Testing for Multi-person Audio and Video Conference
- TRTC Call Official Editions Launched
- License Required for Video Playback in New Version of LiteAV SDK
- TRTC to Offer Monthly Packages
- Product Introduction
- Purchase Guide
- Billing Overview
- RTC-Engine Packages
- TRTC Call Monthly Packages
- TRTC Conference Monthly Packages
- Pay-As-You-Go
- Billing Explanation for Subscription Package Duration
- Billing of On-Cloud Recording
- Billing of MixTranscoding and Relay to CDN
- Free Minutes
- FAQs
- Billing of Monitoring Dashboard
- Billing of Recording Delivery
- Overdue and Suspension Policy
- Refund Policies
- User Tutorial
- Free Demo
- Video Calling (Including UI)
- Overview (TUICallKit)
- Activate the Service(TUICallKit)
- Integration (TUICallKit)
- UI Customization (TUICallKit)
- Offline Call Push (TUICallKit)
- On-Cloud Recording (TUICallKit)
- Additional Features(TUICallKit)
- Server APIs (TUICallKit)
- Client APIs (TUICallKit)
- ErrorCode
- Release Notes (TUICallKit)
- FAQs(TUICallKit)
- Multi-Participant Conference (with UI)
- Live Streaming (Including UI)
- Voice Chat Room (with UI)
- Integration (No UI)
- SDK Download
- API Examples
- Integration Guide
- Client APIs
- Advanced Features
- Relay to CDN
- Enabling Advanced Permission Control
- RTMP Streaming with TRTC
- Utilizing Beautification Effects
- Testing Hardware Devices
- Testing Network Quality
- On-Cloud Recording
- Custom Capturing and Rendering
- Custom Audio Capturing and Playback
- Sending and Receiving Messages
- Event Callbacks
- Access Management
- How to push stream to TRTC room with OBS WHIP
- Server APIs
- Console Guide
- Solution
- FAQs
- Legacy Documentation
- Protocols and Policies
- TRTC Policy
- Glossary
- Release Notes and Announcements
- Release Notes
- TRTC Conference Official Editions Launched
- The commercial version of Conference is coming soon
- Terms and Conditions Applicable to $9.9 Starter Package
- Rules for the "First Subscription $100 Discount" Promotion
- Announcement on the Start of Beta Testing for Multi-person Audio and Video Conference
- TRTC Call Official Editions Launched
- License Required for Video Playback in New Version of LiteAV SDK
- TRTC to Offer Monthly Packages
- Product Introduction
- Purchase Guide
- Billing Overview
- RTC-Engine Packages
- TRTC Call Monthly Packages
- TRTC Conference Monthly Packages
- Pay-As-You-Go
- Billing Explanation for Subscription Package Duration
- Billing of On-Cloud Recording
- Billing of MixTranscoding and Relay to CDN
- Free Minutes
- FAQs
- Billing of Monitoring Dashboard
- Billing of Recording Delivery
- Overdue and Suspension Policy
- Refund Policies
- User Tutorial
- Free Demo
- Video Calling (Including UI)
- Overview (TUICallKit)
- Activate the Service(TUICallKit)
- Integration (TUICallKit)
- UI Customization (TUICallKit)
- Offline Call Push (TUICallKit)
- On-Cloud Recording (TUICallKit)
- Additional Features(TUICallKit)
- Server APIs (TUICallKit)
- Client APIs (TUICallKit)
- ErrorCode
- Release Notes (TUICallKit)
- FAQs(TUICallKit)
- Multi-Participant Conference (with UI)
- Live Streaming (Including UI)
- Voice Chat Room (with UI)
- Integration (No UI)
- SDK Download
- API Examples
- Integration Guide
- Client APIs
- Advanced Features
- Relay to CDN
- Enabling Advanced Permission Control
- RTMP Streaming with TRTC
- Utilizing Beautification Effects
- Testing Hardware Devices
- Testing Network Quality
- On-Cloud Recording
- Custom Capturing and Rendering
- Custom Audio Capturing and Playback
- Sending and Receiving Messages
- Event Callbacks
- Access Management
- How to push stream to TRTC room with OBS WHIP
- Server APIs
- Console Guide
- Solution
- FAQs
- Legacy Documentation
- Protocols and Policies
- TRTC Policy
- Glossary
notice
This document describes the management of access to TRTC. For access management of other Tencent Cloud services, see CAM-Enabled Products.
It may be convenient to use a preset policy for access management in TRTC, but with preset policies, the granularity level of permissions is low, and permission granting cannot be specific to TRTC applications or TencentCloud APIs. To perform fine-grained authorization, you need to create custom policies.
Custom Policy Creation
There are multiple ways to create a custom policy. The table below offers a comparison of different methods. For detailed directions, see the remaining part of the document.
Access | Tool | Effect | Resource | Action | Flexibility | Complexity |
Policy generator | Manual selection | Syntax conventions | Manual selection | Medium | Medium | |
Policy syntax | Syntax conventions | Syntax conventions | Syntax conventions | High | High | |
CAM server API | Syntax conventions | Syntax conventions | Syntax conventions | High | High |
explain
TRTC does not support custom policy creation by product feature or project.
Manual selection means that you can select an object from a list of candidates offered in the console.
Syntax conventions means using the permission policy syntax to describe an object.
Permission Policy Syntax
Resource syntax conventions
The granularity level of manageable resources in TRTC access management is applications. Syntax conventions of permission policies for applications are in line with the Resource Description Method. In the example below, the developer (root account ID:
12345678) has created three applications, whose SDKAppIDs are 1400000000, 1400000001, and 1400000002.Syntax convention of permission policy for all TRTC applications
"resource": ["qcs::trtc::uin/12345678:sdkappid/*"]
Syntax convention of permission policy for single TRTC applications
"resource": ["qcs::trtc::uin/12345678:sdkappid/1400000001"]
Syntax convention of permission policy for multiple TRTC applications
"resource": ["qcs::trtc::uin/12345678:sdkappid/1400000000","qcs::trtc::uin/12345678:sdkappid/1400000001"]
Action syntax conventions
The granularity level of authorizable actions in TRTC access management is TencentCloud APIs. For details, see Manageable Resources and Actions. The examples below use TencentCloud APIs such as
DescribeAppList (gets application list) and DescribeAppInfo (gets application information).Syntax convention of permission policy for all TencentCloud APIs
"action": ["name/trtc:*"]
Syntax convention of permission policy for single TencentCloud APIs
"action": ["name/trtc:DescribeAppStatList"]
Syntax convention of permission policy for multiple TencentCloud APIs
"action": ["name/trtc:DescribeAppStatList","name/trtc:DescribeTrtcAppAndAccountInfo"]
Examples of Using Custom Policies
Using the policy generator
In the example below, we create a custom policy that allows all actions under TRTC application
1400000001 except calling the server API RemoveUser.1. Go to the Policy page of the CAM console using a Tencent Cloud root account and click Create Custom Policy.
2. Select Create by Policy Generator.
3. Select the service and action.
For Effect, select Allow.
For Service, select Tencent Real-Time Communication (trtc) .
For Action, check all the items.
For Resource, enter
qcs::trtc::uin/12345678:sdkappid/1400000001, which aligns with the syntax described in Resource syntax conventions.No configuration is needed for Condition.
Click Add Statement, and a statement indicating that any action is allowed under TRTC application
1400000001 appears below.4. Add another statement on the same page.
For Effect, select Deny.
For Service, select Tencent Real-Time Communication (trtc).
For Action, select
RemoveUser. You can use the search feature to quickly locate the action.For Resource, enter
qcs::trtc::uin/12345678:sdkappid/1400000001, which aligns with the syntax described in Resource syntax conventions.No configuration is needed for Condition.
Click Add Statement, and a statement indicating that calling
RemoveUser is forbidden under TRTC application 1400000001 appears below.5. Click Next and rename the policy if necessary.
6. Click Done to complete the creation.
You can then grant the policy to other sub-accounts as described in Granting read-and-write permission to existing sub-account.
Using the policy syntax
In the example below, we create a custom policy that allows all actions under TRTC application
1400000002 and all actions but calling RemoveUser under 1400000001.1. Go to the Policy page of the CAM console using a Tencent Cloud root account and click Create Custom Policy.
2. Select Create by Policy Syntax.
3. In the Select a template type section, select Blank Template.
explain
A policy template allows you to create a policy by modifying a copy of an existing policy (preset or custom). You can choose a policy template that fits your actual conditions to reduce the complexity and workload of writing permission policies.
4. Click Next and rename the policy if necessary.
5. Enter the following content in the Policy Content box.
{"version": "2.0","statement":[{"effect": "allow","action": ["name/trtc:*"],"resource": ["qcs::trtc::uin/12345678:sdkappid/1400000001","qcs::trtc::uin/12345678:sdkappid/1400000002"]},{"effect": "deny","action": ["name/trtc:RemoveUser"],"resource": ["qcs::trtc::uin/12345678:sdkappid/1400000001"]}]}
explain
Policy content must align with the Syntax Logic. About the syntax of the resource and action elements, see Resource syntax conventions and Action syntax conventions above.
6. Click Create Policy to complete the creation.
You can then grant the policy to other sub-accounts as described in Granting read-and-write permission to existing sub-account.
Using server APIs provided by CAM
Managing access in the console can meet the business needs of most developers, but to automate and systematize your access management, you need to use server APIs.
Permission policy-related server APIs belong to CAM. For details, see CAM documentation. Only a few main APIs are listed below:
Yes
No
Was this page helpful?