tencent cloud

Tencent Real-Time Communication

Release Notes and Announcements
Release Notes
Recent Product Announcement
TRTC Live (TUILiveKit) Product Launch Announcement
TRTC Conference Official Editions Launched
The commercial version of Conference is coming soon
Terms and Conditions Applicable to $9.9 Starter Package
Rules for the "First Subscription $100 Discount" Promotion
Announcement on the Start of Beta Testing for Multi-person Audio and Video Conference
TRTC Call Official Editions Launched
License Required for Video Playback in New Version of LiteAV SDK
TRTC to Offer Monthly Packages
Product Introduction
Overview
Concepts
Features
Strengths
Use Cases
Performance Statistics
Tencent RTC Quickplay: Experience Ultimate Real-Time Audio and Video Interaction!
Purchase Guide
Billing Overview
Free Minutes
Monthly subscription
Pay-as-you-go
TRTC Overdue and Suspension Policy
FAQs
Refund Instructions
User Tutorial
Free Demo
Call
Overview
Activate the Service
Run Demo
Integration
Offline Call Push
Conversational Chat
On-Cloud Recording
AI Noise Reduction
UI Customization
Calls integration to Chat
Additional Features
No UI Integration
Server APIs
Client APIs
Solution
ErrorCode
Release Notes
FAQs
Conference
Overview(TUIRoomKit)
Activate the Service (TUIRoomKit)
Run Demo(TUIRoomKit)
Integration(TUIRoomKit)
Screen Sharing (TUIRoomKit)
Schedule a meeting (TUIRoomKit)
In-meeting Call (TUIRoomKit)
UI Customization(TUIRoomKit)
Virtual Background (TUIRoomKit)
Conference Control (TUIRoomKit)
Cloud Recording (TUIRoomKit)
AI Noise Reduction (TUIRoomKit)
In-Conference Chat (TUIRoomKit)
Robot Streaming (TUIRoomKit)
Enhanced Features (TUIRoomKit)
Client APIs (TUIRoomKit)
Server APIs (TUIRoomKit)
FAQs (TUIRoomKit)
Error Code (TUIRoomKit)
SDK Update Log (TUIRoomKit)
Live
Billing of Video Live Component
Overview
Activating the Service (TUILiveKit)
Run Demo
No UI Integration
UI Customization
Live Broadcast Monitoring
Video Live Streaming
Voice Chat Room
Advanced Features
Client APIs
Server APIs
Error Codes
Release Notes
FAQs
RTC Engine
Activate Service
SDK Download
API Examples
Usage Guidelines
API Reference Manual
Advanced Features
AI Integration
Overview
Configure MCP Server
Install Skills
Integration Guide
FAQ
RTC RESTFUL API
History
Introduction
API Category
Room Management APIs
Stream mixing and relay APIs
On-cloud recording APIs
Data Monitoring APIs
Pull stream Relay Related interface
Web Record APIs
AI Service APIs
Cloud Slicing APIs
Cloud Moderation APIs
Making API Requests
Call Quality Monitoring APIs
Usage Statistics APIs
Data Types
Appendix
Error Codes
Console Guide
Application Management
Package Management
Usage Statistics
Monitoring Dashboard
Development Assistance
Solution
Real-Time Chorus
FAQs
Migration Guide
Billing
Features
UserSig
Firewall Restrictions
How to Downsize Installation Package
Android and iOS
Web
Flutter
Electron
TRTCCalling for Web
Audio and Video Quality
Others
Legacy Documentation
RTC RoomEngine SDK(Old)
Integrating TUIRoom (Web)
Integrating TUIRoom (Android)
Integrating TUIRoom (iOS)
Integrating TUIRoom (Flutter)
Integrating TUIRoom (Electron)
TUIRoom APIs
On-Cloud Recording and Playback (Old)
RTC Analytics Monthly Packages (Previous Version)
Protocols and Policies
Compliance
Security White Paper
Notes on Information Security
Service Level Agreement
Apple Privacy Policy: PrivacyInfo.xcprivacy
TRTC Policy
Privacy Policy
Data Processing And Security Agreement
Glossary
DocumentationTencent Real-Time CommunicationRTC EngineAdvanced FeaturesAccess ManagementManageable Resources and Actions

Manageable Resources and Actions

PDF
Focus Mode
Font Size
Last updated: 2026-01-16 21:42:23
Note:
This document describes the management of access to TRTC. For access management of other Tencent Cloud services, see CAM-Enabled Products.
In essence, CAM enables you to allow or forbid specified accounts to access certain resources. TRTC access management supports resource-level authorization. The granularity of manageable resources is TRTC applications, and the granularity of authorizable actions is TencentCloud APIs, including server APIs and APIs that may be needed to access the TRTC console.
If you need to manage access to TRTC, please log in to the console with a Tencent Cloud root account and use a preset policy or a custom policy to grant permissions.

Type of Manageable Resources

TRTC access management allows you to control access to applications.

APIs Supporting Resource-Level Authorization

Barring a few exceptions, all API actions listed in this section support resource-level authorization. Authorization policies related to these API actions use the same syntax conventions. See below for details.
Authorizing access to all applications: qcs::trtc::uin/${uin}:sdkappid/*
Authorizing access to single applications: qcs::trtc::uin/${uin}:sdkappid/${SdkAppId}.

Server API actions

API
Category
Description
Room management
Closes a room.
Room management
Removes a user.
Room management
Removes a user (string room ID).
Room management
Closes a room (string room ID).
Stream mixing and transcoding
Starts On-Cloud MixTranscoding.
Stream mixing and transcoding
Stops On-Cloud MixTranscoding.
Stream mixing and transcoding
Starts On-Cloud MixTranscoding (string room ID).
Stream mixing and transcoding
Stops On-Cloud MixTranscoding (string room ID).
Call quality monitoring
Generates information about exceptional conditions.
Call quality monitoring
Queries abnormal events.
Call quality monitoring
Queries user list and call metrics.
Call quality monitoring
Queries room and user numbers in the past.
Call quality monitoring
Queries room list.
Call quality monitoring
Queries the list of historical users.

Console API actions

API
Console
Description
DescribeAppStatList
TRTC console:

Overview
Usage Statistics
Monitoring Dashboard
Development Assistance > UserSig Generation & Verification
Application Management
Gets application list.
DescribeSdkAppInfo
Gets application information.
ModifyAppInfo
Modifies application information.
ChangeSecretKeyFlag
Enables/Disables encryption keys.
CreateWatermark
Uploads an image.
DeleteWatermark
Deletes an image.
ModifyWatermark
Edits an image.
DescribeWatermark
Searches an image.
CreateSecret
Generates a symmetric encryption key.
ToggleSecretVersion
Switches between asymmetric keys (private and public keys) and symmetric keys.
DescribeSecret
TRTC console:

Development Assistance > Demo Quick Run
Development Assistance > UserSig Generation & Verification
Application Management > Quick Start
Gets a symmetric encryption key.
DescribeTrtcAppAndAccountInfo
Gets application and account information to obtain a pair of public and private keys.
CreateSecretUserSig
Uses a symmetric encryption key to generate a UserSig.
DescribeSig
TRTC console:

Development Assistance > UserSig Generation & Verification
Application Management > Quick Start
Gets a UserSig generated using a pair of public and private keys.
VerifySecretUserSig
Verifies a UserSig generated using a symmetric encryption key.
VerifySig
Verifies a UserSig generated using a pair of public and private keys.
CreateSpearConf
Adds an image setting. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality
DeleteSpearConf
Deletes an image setting. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality
ModifySpearConf
Modifies image settings. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality
DescribeSpearConf
Gets image settings. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality
ToggleSpearScheme
Switches image setting scenarios. This module is available only in iLiveSDK 1.9.6 and earlier versions. For TRTC SDK 6.0 and later versions, see Setting Image Quality

APIs Not Supporting Resource-Level Authorization

Due to special restrictions, the following APIs do not support resource-level authorization.

Server API actions

API
Category
Description
Restriction
DescribeDetailEvent
Call quality monitoring
Queries specific events.
The parameters entered do not include SDKAppID, making resource-level authorization impossible.
DescribeRecordStatistic
Other APIs
Queries the billing period of on-cloud recording.
For business reasons, resource-level authorization is not supported currently.
DescribeTrtcInteractiveTime
Other APIs
Queries the billing period for audio/video interactive features.
For business reasons, resource-level authorization is not supported currently.
DescribeTrtcMcuTranscodeTime
Other APIs
Queries the billing period of relayed transcoding.
For business reasons, resource-level authorization is not supported currently.

Console API actions

API
Console
Description
Restriction
DescribeTrtcStatistic
TRTC console:

Overview
Usage Statistics
Gets usage statistics.
This API returns the statistics of all `SDKAppIDs`. Limiting a query to specific `SDKAppIDs` will lead to an error. You can use `DescribeAppStatList` to specify a list of applications to query.
DescribeDurationPackages
TRTC console:

Overview
Package Management
Gets the list of prepaid packages.
A prepaid package is shared by all TRTC applications under the same Tencent Cloud account. There is no `SDKAppID` parameter in the package information, so resource-level authorization cannot be performed.
GetUserList
TRTC console: Monitoring Dashboard
Gets user list.
The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
GetUserInfo
TRTC console: Monitoring Dashboard
Gets user information.
The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
GetCommState
TRTC console: Monitoring Dashboard
Gets call status.
The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
GetElasticSearchData
TRTC console: Monitoring Dashboard
Queries Elasticsearch data.
The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
CreateTrtcApp
TRTC console:

Development Assistance > Demo Quick Run
Application Management
Creates a TRTC application.
The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. `SDKAppID` is the unique ID of a TRTC application and is generated after application creation.
HardDescribeMixConf
Queries relayed push status.
The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
ModifyMixConf
Enables/Disables relayed push.
The parameters entered do not include `SDKAppID`, making resource-level authorization impossible. You can use `DescribeAppStatList` to specify a list of applications to query.
RemindBalance
TRTC console: Package Management
Gets the balance alarm information of a prepaid package.
A prepaid package is shared by all TRTC applications under the same Tencent Cloud account. There is no `SDKAppID` parameter in the package information, so resource-level authorization cannot be performed.
Note:
You can use a custom policy to control access to an API that does not support resource-level authorization. In the policy statement, set the resource element to *.
Previous Topic: OverviewNext Topic: Preset Policies

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback