tencent cloud

Tencent Real-Time Communication

Release Notes and Announcements
Release Notes
Recent Product Announcement
TRTC Live (TUILiveKit) Product Launch Announcement
TRTC Conference Official Editions Launched
The commercial version of Conference is coming soon
Terms and Conditions Applicable to $9.9 Starter Package
Rules for the "First Subscription $100 Discount" Promotion
Announcement on the Start of Beta Testing for Multi-person Audio and Video Conference
TRTC Call Official Editions Launched
License Required for Video Playback in New Version of LiteAV SDK
TRTC to Offer Monthly Packages
Product Introduction
Overview
Concepts
Features
Strengths
Use Cases
Performance Statistics
Tencent RTC Quickplay: Experience Ultimate Real-Time Audio and Video Interaction!
Purchase Guide
Billing Overview
Free Minutes
Monthly subscription
Pay-as-you-go
TRTC Overdue and Suspension Policy
FAQs
Refund Instructions
User Tutorial
Free Demo
Call
Overview
Activate the Service
Run Demo
Integration
Offline Call Push
Conversational Chat
On-Cloud Recording
AI Noise Reduction
UI Customization
Calls integration to Chat
Additional Features
No UI Integration
Server APIs
Client APIs
Solution
ErrorCode
Release Notes
FAQs
Conference
Overview(TUIRoomKit)
Activate the Service (TUIRoomKit)
Run Demo(TUIRoomKit)
Integration(TUIRoomKit)
Screen Sharing (TUIRoomKit)
Schedule a meeting (TUIRoomKit)
In-meeting Call (TUIRoomKit)
UI Customization(TUIRoomKit)
Virtual Background (TUIRoomKit)
Conference Control (TUIRoomKit)
Cloud Recording (TUIRoomKit)
AI Noise Reduction (TUIRoomKit)
In-Conference Chat (TUIRoomKit)
Robot Streaming (TUIRoomKit)
Enhanced Features (TUIRoomKit)
Client APIs (TUIRoomKit)
Server APIs (TUIRoomKit)
FAQs (TUIRoomKit)
Error Code (TUIRoomKit)
SDK Update Log (TUIRoomKit)
Live
Billing of Video Live Component
Overview
Activating the Service (TUILiveKit)
Run Demo
No UI Integration
UI Customization
Live Broadcast Monitoring
Video Live Streaming
Voice Chat Room
Advanced Features
Client APIs
Server APIs
Error Codes
Release Notes
FAQs
RTC Engine
Activate Service
SDK Download
API Examples
Usage Guidelines
API Reference Manual
Advanced Features
AI Integration
Overview
Configure MCP Server
Install Skills
Integration Guide
FAQ
RTC RESTFUL API
History
Introduction
API Category
Room Management APIs
Stream mixing and relay APIs
On-cloud recording APIs
Data Monitoring APIs
Pull stream Relay Related interface
Web Record APIs
AI Service APIs
Cloud Slicing APIs
Cloud Moderation APIs
Making API Requests
Call Quality Monitoring APIs
Usage Statistics APIs
Data Types
Appendix
Error Codes
Console Guide
Application Management
Package Management
Usage Statistics
Monitoring Dashboard
Development Assistance
Solution
Real-Time Chorus
FAQs
Migration Guide
Billing
Features
UserSig
Firewall Restrictions
How to Downsize Installation Package
Android and iOS
Web
Flutter
Electron
TRTCCalling for Web
Audio and Video Quality
Others
Legacy Documentation
RTC RoomEngine SDK(Old)
Integrating TUIRoom (Web)
Integrating TUIRoom (Android)
Integrating TUIRoom (iOS)
Integrating TUIRoom (Flutter)
Integrating TUIRoom (Electron)
TUIRoom APIs
On-Cloud Recording and Playback (Old)
RTC Analytics Monthly Packages (Previous Version)
Protocols and Policies
Compliance
Security White Paper
Notes on Information Security
Service Level Agreement
Apple Privacy Policy: PrivacyInfo.xcprivacy
TRTC Policy
Privacy Policy
Data Processing And Security Agreement
Glossary
DocumentationTencent Real-Time CommunicationRTC EngineAdvanced FeaturesAccess ManagementCustom Policies

Custom Policies

PDF
Focus Mode
Font Size
Last updated: 2026-01-16 21:42:23
Note:
This document describes the management of access to TRTC. For access management of other Tencent Cloud services, see CAM-Enabled Products.
It may be convenient to use a preset policy for access management in TRTC, but with preset policies, the granularity level of permissions is low, and permission granting cannot be specific to TRTC applications or TencentCloud APIs. To perform fine-grained authorization, you need to create custom policies.

Custom Policy Creation

There are multiple ways to create a custom policy. The table below offers a comparison of different methods. For detailed directions, see the remaining part of the document.
Access
Tool
Effect
Resource
Action
Flexibility
Complexity
Policy generator
Manual selection
Syntax conventions
Manual selection
Medium
Medium
Policy syntax
Syntax conventions
Syntax conventions
Syntax conventions
High
High
CAM server API
Syntax conventions
Syntax conventions
Syntax conventions
High
High
Note:
TRTC does not support custom policy creation by product feature or project.
Manual selection means that you can select an object from a list of candidates offered in the console.
Syntax conventions means using the permission policy syntax to describe an object.

Permission Policy Syntax

Resource syntax conventions

The granularity level of manageable resources in TRTC access management is applications. Syntax conventions of permission policies for applications are in line with the Resource Description Method. In the example below, the developer (root account ID: 12345678) has created three applications, whose SDKAppIDs are 1400000000, 1400000001, and 1400000002.
Syntax convention of permission policy for all TRTC applications
"resource": [
  "qcs::trtc::uin/12345678:sdkappid/*"
]
Syntax convention of permission policy for single TRTC applications
"resource": [
  "qcs::trtc::uin/12345678:sdkappid/1400000001"
]
Syntax convention of permission policy for multiple TRTC applications
"resource": [
  "qcs::trtc::uin/12345678:sdkappid/1400000000",
  "qcs::trtc::uin/12345678:sdkappid/1400000001"
]

Action syntax conventions

The granularity level of authorizable actions in TRTC access management is TencentCloud APIs. For details, see Manageable Resources and Actions. The examples below use TencentCloud APIs such as DescribeAppList (gets application list) and DescribeAppInfo (gets application information).
Syntax convention of permission policy for all TencentCloud APIs
"action": [
  "name/trtc:*"
]
Syntax convention of permission policy for single TencentCloud APIs
"action": [
  "name/trtc:DescribeAppStatList"
]
Syntax convention of permission policy for multiple TencentCloud APIs
"action": [
  "name/trtc:DescribeAppStatList",
  "name/trtc:DescribeTrtcAppAndAccountInfo"
]

Examples of Using Custom Policies

Using the policy generator

In the example below, we create a custom policy that allows all actions under TRTC application 1400000001 except calling the server API RemoveUser.
1. Go to the Policy page of the CAM console using a Tencent Cloud root account and click Create Custom Policy.
2. Select Create by Policy Generator.
3. Select the service and action.
For Effect, select Allow.
For Service, select Tencent Real-Time Communication (trtc) .
For Action, check all the items.
For Resource, enter qcs::trtc::uin/12345678:sdkappid/1400000001, which aligns with the syntax described in Resource syntax conventions.
No configuration is needed for Condition.
Click Add Statement, and a statement indicating that any action is allowed under TRTC application 1400000001 appears below.
4. Add another statement on the same page.
For Effect, select Deny.
For Service, select Tencent Real-Time Communication (trtc).
For Action, select RemoveUser. You can use the search feature to quickly locate the action.
For Resource, enter qcs::trtc::uin/12345678:sdkappid/1400000001, which aligns with the syntax described in Resource syntax conventions.
No configuration is needed for Condition.
Click Add Statement, and a statement indicating that calling RemoveUser is forbidden under TRTC application 1400000001 appears below.
5. Click Next and rename the policy if necessary.
6. Click Done to complete the creation.
You can then grant the policy to other sub-accounts as described in Granting read-and-write permission to existing sub-account.

Using the policy syntax

In the example below, we create a custom policy that allows all actions under TRTC application 1400000002 and all actions but calling RemoveUser under 1400000001.
1. Go to the Policy page of the CAM console using a Tencent Cloud root account and click Create Custom Policy.
2. Select Create by Policy Syntax.
3. In the Select a template type section, select Blank Template.
Note:
A policy template allows you to create a policy by modifying a copy of an existing policy (preset or custom). You can choose a policy template that fits your actual conditions to reduce the complexity and workload of writing permission policies.
4. Click Next and rename the policy if necessary.
5. Enter the following content in the Policy Content box.
{
 "version": "2.0",
 "statement":[
     {
         "effect": "allow",
         "action": [
             "name/trtc:*"
         ],
         "resource": [
             "qcs::trtc::uin/12345678:sdkappid/1400000001",
             "qcs::trtc::uin/12345678:sdkappid/1400000002"
         ]
     },
     {
         "effect": "deny",
         "action": [
             "name/trtc:RemoveUser"
         ],
         "resource": [
             "qcs::trtc::uin/12345678:sdkappid/1400000001"
         ]
     }
 ]
}
Note:
Policy content must align with the Syntax Logic. About the syntax of the resource and action elements, see Resource syntax conventions and Action syntax conventions above.
6. Click Create Policy to complete the creation.
You can then grant the policy to other sub-accounts as described in Granting read-and-write permission to existing sub-account.

Using server APIs provided by CAM

Managing access in the console can meet the business needs of most developers, but to automate and systematize your access management, you need to use server APIs. Permission policy-related server APIs belong to CAM. For details, see CAM documentation. Only a few main APIs are listed below:
CreatePolicy
DeletePolicy
AttachUserPolicy
DetachUserPolicy
Previous Topic: Preset PoliciesNext Topic: Flutter

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback