- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement about the addition of mobile player SDK premium features authorization verification
- Announcement about the addition of web player SDK license authorization verification
- Announcement on the Official Launch of the Video on Demand Real-Time Log Analysis Feature
- Notice about the adjustment of the VOD adding domain feature
- Announcement on official commercial billing of Video on Demand STANDARD_IA data retrieval and Application Management functions
- Announcement on the Official Launch of the Media Quality Inspection and Play Channel Features
- Announcement on the official launch of the Video-on-Demand QUIC Acceleration feature
- VOD Launched Remaster Feature
- Prepaid Packages Supported for Monthly Billed Accounts
- Cost Allocation by Tag Supported
- Content Moderation Upgraded
- VOD Player Signature Upgrade
- Live Clipping to Become Paid Feature
- Content Recognition to Become Paid Feature
- The “startPlay” API of the Player SDK Renamed
- TESHD Renamed as TSC
- Announcement on VOD Video Acceleration Price Change
- Launching Video on Demand (VOD) Features for Regions Outside the Chinese Mainland
- About Changing the Billing Rule of Transcoding Service for VOD/MPS
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Service Overview
- Application Management
- Media Management
- Package Management
- License Management
- Real-Time Log Analysis
- Best Practice
- Media Upload
- Smart Cold Storage of VOD Media Asset Files
- Video Processing
- Distribution and Playback
- How to Receive Event Notification
- How to Migrate Files from Origin Server to VOD
- Live Recording
- How to Make VOD Videos Live Streaming-Like
- Using VOD and WordPress to Build a Website
- How to Pull from Custom Origin Servers
- Development Guide
- Player SDK
- Server APIs
- History
- Introduction
- API Category
- Other APIs
- Media processing related API
- No longer recommended APIs
- Task Management APIs
- Media Upload APIs
- Media Management APIs
- Media Categorization APIs
- Distribution APIs
- AI-based Sample Management APIs
- Region Management APIs
- Statistics APIs
- Just In Time Transcode APIs
- Making API Requests
- AI-based image processing APIs
- Parameter Template APIs
- CreateWatermarkTemplate
- CreateSnapshotByTimeOffsetTemplate
- CreateSampleSnapshotTemplate
- CreateImageSpriteTemplate
- CreateAnimatedGraphicsTemplate
- CreateAdaptiveDynamicStreamingTemplate
- CreateAIAnalysisTemplate
- ModifyWatermarkTemplate
- ModifySnapshotByTimeOffsetTemplate
- ModifySampleSnapshotTemplate
- ModifyImageSpriteTemplate
- ModifyAnimatedGraphicsTemplate
- ModifyAdaptiveDynamicStreamingTemplate
- ModifyAIRecognitionTemplate
- ModifyAIAnalysisTemplate
- DescribeTranscodeTemplates
- DescribeWatermarkTemplates
- DescribeSnapshotByTimeOffsetTemplates
- DescribeSampleSnapshotTemplates
- DescribeImageSpriteTemplates
- DescribeAnimatedGraphicsTemplates
- DescribeAdaptiveDynamicStreamingTemplates
- DescribeAIRecognitionTemplates
- DescribeAIAnalysisTemplates
- DeleteTranscodeTemplate
- DeleteWatermarkTemplate
- DeleteSnapshotByTimeOffsetTemplate
- DeleteSampleSnapshotTemplate
- DeleteImageSpriteTemplate
- DeleteAnimatedGraphicsTemplate
- DeleteAdaptiveDynamicStreamingTemplate
- DeleteReviewTemplate
- DeleteAIRecognitionTemplate
- DeleteAIAnalysisTemplate
- DeleteHeadTailTemplate
- DeleteImageProcessingTemplate
- DescribeReviewTemplates
- CreateReviewTemplate
- CreateTranscodeTemplate
- ModifyReviewTemplate
- ModifyTranscodeTemplate
- CreateAIRecognitionTemplate
- CreateHeadTailTemplate
- CreateImageProcessingTemplate
- DescribeHeadTailTemplates
- DescribeImageProcessingTemplates
- ModifyHeadTailTemplate
- CreateQualityInspectTemplate
- DeleteQualityInspectTemplate
- DescribeQualityInspectTemplates
- ModifyQualityInspectTemplate
- CreateEnhanceMediaTemplate
- DeleteEnhanceMediaTemplate
- ModifyEnhanceMediaTemplate
- DescribeEnhanceMediaTemplates
- Task Flow APIs
- Event Notification Relevant API
- Domain Name Management APIs
- Playlist APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- VOD Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement about the addition of mobile player SDK premium features authorization verification
- Announcement about the addition of web player SDK license authorization verification
- Announcement on the Official Launch of the Video on Demand Real-Time Log Analysis Feature
- Notice about the adjustment of the VOD adding domain feature
- Announcement on official commercial billing of Video on Demand STANDARD_IA data retrieval and Application Management functions
- Announcement on the Official Launch of the Media Quality Inspection and Play Channel Features
- Announcement on the official launch of the Video-on-Demand QUIC Acceleration feature
- VOD Launched Remaster Feature
- Prepaid Packages Supported for Monthly Billed Accounts
- Cost Allocation by Tag Supported
- Content Moderation Upgraded
- VOD Player Signature Upgrade
- Live Clipping to Become Paid Feature
- Content Recognition to Become Paid Feature
- The “startPlay” API of the Player SDK Renamed
- TESHD Renamed as TSC
- Announcement on VOD Video Acceleration Price Change
- Launching Video on Demand (VOD) Features for Regions Outside the Chinese Mainland
- About Changing the Billing Rule of Transcoding Service for VOD/MPS
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Service Overview
- Application Management
- Media Management
- Package Management
- License Management
- Real-Time Log Analysis
- Best Practice
- Media Upload
- Smart Cold Storage of VOD Media Asset Files
- Video Processing
- Distribution and Playback
- How to Receive Event Notification
- How to Migrate Files from Origin Server to VOD
- Live Recording
- How to Make VOD Videos Live Streaming-Like
- Using VOD and WordPress to Build a Website
- How to Pull from Custom Origin Servers
- Development Guide
- Player SDK
- Server APIs
- History
- Introduction
- API Category
- Other APIs
- Media processing related API
- No longer recommended APIs
- Task Management APIs
- Media Upload APIs
- Media Management APIs
- Media Categorization APIs
- Distribution APIs
- AI-based Sample Management APIs
- Region Management APIs
- Statistics APIs
- Just In Time Transcode APIs
- Making API Requests
- AI-based image processing APIs
- Parameter Template APIs
- CreateWatermarkTemplate
- CreateSnapshotByTimeOffsetTemplate
- CreateSampleSnapshotTemplate
- CreateImageSpriteTemplate
- CreateAnimatedGraphicsTemplate
- CreateAdaptiveDynamicStreamingTemplate
- CreateAIAnalysisTemplate
- ModifyWatermarkTemplate
- ModifySnapshotByTimeOffsetTemplate
- ModifySampleSnapshotTemplate
- ModifyImageSpriteTemplate
- ModifyAnimatedGraphicsTemplate
- ModifyAdaptiveDynamicStreamingTemplate
- ModifyAIRecognitionTemplate
- ModifyAIAnalysisTemplate
- DescribeTranscodeTemplates
- DescribeWatermarkTemplates
- DescribeSnapshotByTimeOffsetTemplates
- DescribeSampleSnapshotTemplates
- DescribeImageSpriteTemplates
- DescribeAnimatedGraphicsTemplates
- DescribeAdaptiveDynamicStreamingTemplates
- DescribeAIRecognitionTemplates
- DescribeAIAnalysisTemplates
- DeleteTranscodeTemplate
- DeleteWatermarkTemplate
- DeleteSnapshotByTimeOffsetTemplate
- DeleteSampleSnapshotTemplate
- DeleteImageSpriteTemplate
- DeleteAnimatedGraphicsTemplate
- DeleteAdaptiveDynamicStreamingTemplate
- DeleteReviewTemplate
- DeleteAIRecognitionTemplate
- DeleteAIAnalysisTemplate
- DeleteHeadTailTemplate
- DeleteImageProcessingTemplate
- DescribeReviewTemplates
- CreateReviewTemplate
- CreateTranscodeTemplate
- ModifyReviewTemplate
- ModifyTranscodeTemplate
- CreateAIRecognitionTemplate
- CreateHeadTailTemplate
- CreateImageProcessingTemplate
- DescribeHeadTailTemplates
- DescribeImageProcessingTemplates
- ModifyHeadTailTemplate
- CreateQualityInspectTemplate
- DeleteQualityInspectTemplate
- DescribeQualityInspectTemplates
- ModifyQualityInspectTemplate
- CreateEnhanceMediaTemplate
- DeleteEnhanceMediaTemplate
- ModifyEnhanceMediaTemplate
- DescribeEnhanceMediaTemplates
- Task Flow APIs
- Event Notification Relevant API
- Domain Name Management APIs
- Playlist APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- VOD Policy
- Contact Us
- Glossary
Note:This document describes the access management feature of VOD. For more information on access management for other Tencent Cloud services, please see CAM-Enabled Products.
It is convenient to use a preset policy in CAM to implement authorization, but its granularity of permission control is coarse and cannot be refined to the subapplication and API levels. If you require fine-grained permissions control, you need to create custom policies.
Custom Policy Creation Method
There are multiple ways to create a custom policy. The table below shows a comparison of various methods. For detailed directions, please see further below.
| Creation Entry | Creation Method | Effect |
Resource |
Action |
Flexibility | Difficulty |
|---|---|---|---|---|---|---|
| Console | Policy builder | Manual selection | Syntax description | Manual selection | Medium | Medium |
| Console | Policy syntax | Syntax description | Syntax description | Syntax description | High | High |
| Server API | CreatePolicy | Syntax description | Syntax description | Syntax description | High | High |
Note:
- VOD does not support creating custom policies by product feature.
- Manual selection means that you can select an object from the candidate list displayed in the console, while syntax description means that you can describe objects through policy syntax.
Policy Syntax Description for Resource
As mentioned above, the resource granularity of permission control in VOD is subapplication. The subapplication description in policy syntax follows the CAM rules. In the example below, the developer's root account ID is 12345678, APPID is 1250000001 (which is equivalent to the primary application ID), and the developer has created two VOD subapplications with IDs of 1400000001 and 1400000002 respectively.
Policy syntax description for all VOD resources
"resource": [ "qcs::vod::uin/12345678:subAppId/*" ]Policy syntax description for the primary application
"resource": [ "qcs::vod::uin/12345678:subAppId/1250000001" ]Policy syntax description for a single subapplication
"resource": [ "qcs::vod::uin/12345678:subAppId/1400000001" ]Policy syntax description for the primary application and a single subapplication
"resource": [ "qcs::vod::uin/12345678:subAppId/1250000001", "qcs::vod::uin/12345678:subAppId/1400000001" ]
Policy Syntax Description for Action
As mentioned above, the action granularity of permission control in VOD is server API. Server APIs such as DescribeMediaInfos and DescribeAllClass are used as examples below.
Policy syntax description for all VOD server APIs
"action": [ "name/vod:*" ]Policy syntax description for a single server API
"action": [ "name/vod:DescribeMediaInfos" ]Policy syntax description for multiple server APIs
"action": [ "name/vod:DescribeMediaInfos", "name/vod:DescribeAllClass" ]
Custom Policy Use Cases
Using policy builder
In the example below, we will create a custom policy, which allows all actions except the server API ProcessMedia to be performed on VOD subapplication 1400000001.
- Access the Policy page in the CAM Console as a root account and click Create Custom Policy.
- Select Create by Policy Generator to enter the policy creation page.
- Select services and actions.
- Select Allow for Effect.
- Select VOD for Service.
- Check all items for Action.
- Enter
qcs::vod::uin/12345678:subAppId/1400000001for Resource according to the syntax description for resource. - The Condition configuration item does not need to be configured.
4. Click Next and rename the policy name as needed (or leave it unchanged).
5. Click Complete to create the custom policy. Subsequently, this policy can be granted to subusers in the same way as granting full permissions of VOD to existing subusers.
Using policy syntax
In the example below, we will create a custom policy, which allows all actions to be performed on VOD subapplications 1400000001 and 1400000002 but denies ProcessMedia for subapplication 1400000001.
- Access the Policy page in the CAM Console as a root account and click Create Custom Policy.
- Select Create by Policy Syntax to enter the policy creation page.
- In the Select Template Type box, select Blank Template.
Note:
A policy template is used to create a policy by copying an existing policy (preset or custom) and then making adjustment to the copy. In actual use, you can choose an appropriate policy template based on the actual conditions to reduce the difficulty and workload of writing policy content.
- Click Next and rename the policy name as needed (or leave it unchanged).
- Enter the following policy content in the Edit Policy Content box:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "name/vod:*" ], "resource": [ "qcs::vod::uin/12345678:subAppId/1400000001", "qcs::vod::uin/12345678:subAppId/1400000002" ] }, { "effect": "deny", "action": [ "name/vod:ProcessMedia" ], "resource": [ "qcs::vod::uin/12345678:subAppId/1400000001" ] } ] }
Note:The policy content should follow the CAM policy syntax rules, where the syntax of "resource" and "action" is as shown above in Policy Syntax Description for Resource and Policy Syntax Description for Action.
- Click Create Policy to create the custom policy. Subsequently, this policy can be granted to subusers in the same way as the example of granting full permissions of VOD to existing subusers.
Using server API
For most developers, performing permission management operations in the console can meet their business needs. However, if you need to automate and systematize your permission management capabilities, you can use server APIs.
The server APIs related to policies belongs to CAM. For more information, please see the CAM documentation. Only a few main APIs are listed below:
Yes
No
Was this page helpful?