- Release Notes and Announcements
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Logging In to Linux Instances
- Logging in Windows Instance
- Managing Instances
- Working with Cloud Disks
- Managing Keys
- Managing Firewall
- Managing Snapshot
- Managing Image
- Private Network Interconnection
- OPS and Monitoring
- Access Management
- Transfering File
- Uploading Local Files to Lighthouse
- Uploading File from Windows to Linux Lighthouse Instance via WinSCP
- Uploading File from Windows to Lighthouse Instance via FTP
- Uploading File from Windows to Windows Lighthouse Instance via Remote Desktop Connection
- Uploading File from Linux or macOS to Linux Lighthouse Instance via SCP
- Uploading File from Linux or macOS to Lighthouse Instance via FTP
- Uploading File from Linux to Windows Lighthouse Instance via rdesktop
- Uploading File from macOS to Windows Lighthouse Instance via MRD
- Best Practices
- Ops Guide
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- RenewInstances
- DescribeInstanceVncUrl
- DescribeInstancesDeniedActions
- DescribeInstancesDiskNum
- DescribeInstancesReturnable
- DescribeInstancesTrafficPackages
- DescribeModifyInstanceBundles
- DescribeResetInstanceBlueprints
- IsolateInstances
- ModifyInstancesBundle
- RebootInstances
- ResetInstance
- ResetInstancesPassword
- StartInstances
- StopInstances
- ModifyInstancesAttribute
- ModifyInstancesRenewFlag
- CreateInstances
- DescribeInstances
- TerminateInstances
- CBS APIs
- Snapshot APIs
- Key APIs
- CCN APIs
- Image APIs
- Firewall APIs
- Scene APIs
- Package APIs
- Quota APIs
- Region APIs
- Other APIs
- Data Types
- Error Codes
- FAQs
- Contact Us
- lighthouse Policy
- Release Notes and Announcements
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Logging In to Linux Instances
- Logging in Windows Instance
- Managing Instances
- Working with Cloud Disks
- Managing Keys
- Managing Firewall
- Managing Snapshot
- Managing Image
- Private Network Interconnection
- OPS and Monitoring
- Access Management
- Transfering File
- Uploading Local Files to Lighthouse
- Uploading File from Windows to Linux Lighthouse Instance via WinSCP
- Uploading File from Windows to Lighthouse Instance via FTP
- Uploading File from Windows to Windows Lighthouse Instance via Remote Desktop Connection
- Uploading File from Linux or macOS to Linux Lighthouse Instance via SCP
- Uploading File from Linux or macOS to Lighthouse Instance via FTP
- Uploading File from Linux to Windows Lighthouse Instance via rdesktop
- Uploading File from macOS to Windows Lighthouse Instance via MRD
- Best Practices
- Ops Guide
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- RenewInstances
- DescribeInstanceVncUrl
- DescribeInstancesDeniedActions
- DescribeInstancesDiskNum
- DescribeInstancesReturnable
- DescribeInstancesTrafficPackages
- DescribeModifyInstanceBundles
- DescribeResetInstanceBlueprints
- IsolateInstances
- ModifyInstancesBundle
- RebootInstances
- ResetInstance
- ResetInstancesPassword
- StartInstances
- StopInstances
- ModifyInstancesAttribute
- ModifyInstancesRenewFlag
- CreateInstances
- DescribeInstances
- TerminateInstances
- CBS APIs
- Snapshot APIs
- Key APIs
- CCN APIs
- Image APIs
- Firewall APIs
- Scene APIs
- Package APIs
- Quota APIs
- Region APIs
- Other APIs
- Data Types
- Error Codes
- FAQs
- Contact Us
- lighthouse Policy
Policy syntax
{
"version":"2.0",
"statement":
[
{
"effect":"effect",
"action":["action"],
"resource":["resource"],
"condition": {"key":{"value"}}
}
]
}
| Element | Description |
|---|---|
| version | It is required. Currently, only the value "2.0" is allowed. |
| statement | It describes the details of one or more permissions. It contains a permission or permission set of multiple other elements such as `effect`, `action`, `resource`, and `condition`. One policy has only one `statement`. |
| effect | It is required and describes whether the statement result is an "allow" or an explicit "deny". |
| action | It is required and describes the allowed or denied action (operation). An operation can be an API (prefixed with "name") or a feature set (a set of specific APIs prefixed with "permid"). |
| resource | It is required and describes the details of authorization. A resource is described in a six-segment format. Detailed resource definitions vary by product. For more information on how to specify a resource, see the product documentation corresponding to the resource statement you are writing. |
| condition | It is optional and describes the condition for the policy to take effect. A condition consists of an operator, action key, and action value. A condition value may contain information such as time and IP address. Some services allow you to specify additional values in a condition. |
Sample CAM Policy for Lighthouse
The following policy grants the permission to view the list of Lighthouse instances and prohibits the user xxxxxx from viewing the details of the instance lhins-e31oxxxx.
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"lighthouse:DescribeInstances"
],
"resource": [
"*"
]
},
{
"effect": "deny",
"action": [
"lighthouse:DescribeInstances"
],
"resource": [
"qcs::lighthouse::uin/xxxxxx:instance/lhins-e31oxxxx"
]
}
]
}
Lighthouse Resource Path
Each Lighthouse policy statement has its own applicable resources generally in the following format:
qcs:project_id:service_type:region:account:resource
project_id: Describes the project information, which is only used to enable compatibility with legacy CAM logic and can be left empty.
service_type: Describes the product abbreviation such as lighthouse.
region: Describes the region information, such as ap-guangzhou.
account: Describes the root account of the resource owner, such as uin/xxxxxx.
resource: Detailed resource information of each product, for example, instance/instance_id1 or instance/*.
Yes
No
Was this page helpful?