tencent cloud

Tencent Cloud TCHouse-C

DocumentationTencent Cloud TCHouse-COperation GuideCAMPolicy Structure

Policy Structure

Download
Focus Mode
Font Size
Last updated: 2026-05-27 10:19:31

CAM Policy Configuration Example

{     
        "version":"2.0", 
        "statement": 
        [ 
           { 
              "effect":"effect",
              "action":["action"], 
              "resource":["resource"], 
               "condition": {"key":{"value"}} 
           } 
       ] 
}
version: Required. Currently, the value must be "2.0" (this value represents the cloud API version accepted by CAM).
statement: Used to describe the details of one or more permissions. This element contains permissions or a permission set that includes other elements such as effect, action, resource, and condition. A policy has exactly one statement element.
action: Used to describe allowed or denied operations. The action is actually filled in as "cdwch:", and this element is required.
resource: Describes the specific data authorized. Resources are described using a six-segment format. The details of resource definitions vary by product. This element is required.
condition: Used to describe the constraints under which a policy takes effect. A condition consists of an operator, an operation key, and an operation value. Condition values can include information such as time and IP addresses. Some services allow you to specify other values in conditions. This element is optional.
effect: Describes whether the result of a statement is "allow" or "explicitly deny". It includes two cases: allow and deny (explicitly deny). This element is required.
Note:
The keyword for the cloud data warehouse TCHouse-C in the CAM API is cdwch.

Cloud Data Warehouse Operations

In a cloud data warehouse policy statement, you can specify any API operation from services that support the cloud data warehouse TCHouse-C. For TCHouse-C, use APIs prefixed with cdwch:.
When you need to specify multiple operations in a single statement, separate them with English commas, as shown below: "action":["cdwch:action1","chwch:action2"].
You can also use wildcards to specify multiple operations. For example, you can specify all operations whose names start with the word "Describe", as shown below: "action":["chwch:Describe*"].
To specify all operations in the cloud database, use the * wildcard, as shown below: "action":["cdwch:*"].

Cloud Data Warehouse Resources

Each CAM policy statement has its own applicable resources. The general format of resources is as follows:
qcs:project_id:service_type:region:account:resource
project_id: Used to describe project information. It is retained only for compatibility with earlier CAM logic and does not need to be filled in.
service_type: The abbreviated name of the product, such as mariadb.
region: Region information, such as ap-guangzhou. For details, see Region-related Information.
account: The root account information of the resource owner, such as uin/65xxx763.
resource: The specific resource details for each product, such as instance/instance_id1 or instance/*.
The following table describes the resources that can be used by the TCHouse-C cloud data warehouse and the corresponding resource description methods. In the table, words prefixed with $ are placeholders.
Here, region refers to a region.
Here, account refers to the account ID.
Resource
Resource Description Method in Authorization Policies
Cluster
qcs::cdwch:$region:$account:cdwchInstance/$cdwchInstanceId

Previous Topic: OverviewNext Topic: Granularity Details for API Authorization of TCHouse-C Cloud Data Warehouse Accessing CAM

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback