The resource
element describes one or multiple operation objects such as CVM resources and COS buckets. This document describes the resource information in CAM.
resource
is *
, it indicates all resources; that is, you can grant the action
(operation) permission of all resources.*
for resource
to grant the permission of all resources in the Tencent Cloud service or the action
permission of all resources.You can describe the permissions of one or multiple resources in the following six-segment format for authorization. Each service has its own resources and detailed resource definition.
The six-segment format is defined as follows:
qcs:project_id:service_type:region:account:resource
A six-segment resource description contains six fields as detailed below:
Field | Description and Valid Values | Required | Example |
---|---|---|---|
qcs | Tencent Cloud service abbreviation, which indicates a resource of Tencent Cloud. | Yes | qcs |
project_id | Project information, which is only compatible with legacy CAM logic. It cannot be entered in the current policy syntax and can be left empty. | No | Empty |
service_type | No | ||
region | Region information. For more information on region names, see "Region List" in Common Params. If this field is left empty, it indicates all regions. |
No | |
account | Root account information of the resource owner. Currently, either uin or uid can be used to describe the resource owner.uin is the root account ID in uin/${uin} format.uid is the root account's APPID in uid/${appid} format, and only COS and CAS resource owners can be described in this way. |
No | |
resource | Resource details of the product. Currently, you can describe a resource in the following two formats: resource_type/${resourceid} and <resource_type>/<resource_path> . resource_type/${resourceid} : resourcetype is the resource prefix, which describes the resource type. ${resourceid} is the specific resource ID, which can be viewed in the corresponding product console. * indicates all resources of this type. <resource_type>/<resource_path> : resourcetype is the resource prefix, which describes the resource type. <resource_path> is the resource path. This format supports directory-level prefix match. |
Yes | prefix//10001234/bucket1/* , which indicates all files in bucket1 . Various COS resource types are supported. For more information, see Working with COS API Authorization Policies. |
CAM resources include users, user groups, and policies. A CAM resource can be described as follows:
qcs::cam::uin/164256472:uin/164256472
Or
qcs::cam::uin/164256472:root
qcs::cam::uin/164256472:uin/73829520
qcs::cam::uin/164256472:groupid/2340
*
qcs::cam::uin/12345678:policyid/*
Or
qcs::cam::uin/12345678:policyid/12423
For more information on service-specific resource definitions, see the corresponding product documentation in CAM-Enabled Products.
Was this page helpful?