tencent cloud

Cloud Infinite

Release Notes and Announcements
Release Notes
Announcements
Product Introduction
Product Overview
Product Strengths
Use Cases
Feature Overview
Regions and Domains
Specifications and Limits
Billing
Billing Overview
Billing Mode
Billable Items
Free Tier
Payment Overdue
Viewing Bill Details
FAQs
Getting Started
Registering and Logging In
Bind Bucket
Uploading and Processing File
Downloading and Deleting Images
Unbinding Buckets
Using CI via COS
Features
Image Processing
Media Processing
Content Moderation
AI Content Recognition
File Processing
Smart Voice
File processing
User Guide
Overview
Bucket Management
Smart Toolbox
Job and Workflow
Data Monitoring
Usage statistics
Use Cases
Copyright Protection Solutions
Image Processing Practices
Working with API Authorization Policies
Workflow Practices
API Documentation
API Overview
Structure
Common Request Headers
Common Response Headers
Activate Vast Service
Image Processing
AI-Based Content Recognition
Smart Audio
Media Processing
Content Moderation
Document Processing
File Processing
Job and Workflow
Cloud Virus Detection
Error Codes
Request Signature
SDK Documentation
SDK Overview
Android SDK
iOS SDK
COS Android SDK
C SDK
C++ SDK
.NET(C#) SDK
Go SDK
COS iOS SDK
Java SDK
JavaScript SDK
Node.js SDK
PHP SDK
Python SDK
Mini Program SDK
Personal Information Protection Policy for SDK
Security and Compliance
Permission ‍Management
FAQs
Basic Settings
Document Processing
Media Processing
Content Recognition
Smart Audio
Agreements
Service Level Agreement
Contact Us
Glossary
文档Cloud InfiniteSecurity and CompliancePermission ‍ManagementAuthorization Policy Syntax

Authorization Policy Syntax

聚焦模式
字号
最后更新时间: 2025-12-04 10:30:09

Policy Syntax

The following is the CAM policy:
{     
        "version":"2.0", 
        "statement": 
        [ 
           { 
              "effect":"effect", 
              "action":["action"], 
              "resource":["resource"], 
              "condition": {"key":{"value": "example_value"}} 
           } 
       ] 
}

Parameter Description

version : This field is required and currently only allows the value "2.0".
statement: This is used to describe the details of one or more permissions. This element includes permissions or a set of permissions for other elements such as effect, action, resource, and condition. A policy has exactly one statement element.
Action: Describes the operations that are allowed or denied. Action can be APIs (described with the name prefix) or a feature set (a set of specific APIs described with the permid prefix). This element is required.
Resource: Describes the specific data being authorized. Resources are described in a six-segment format. This element is required. For detailed description, see the following Resource Six-Segment Description.
Condition: Describes the constraints under which the policy takes effect. Conditions consist of operators, keys, and values. Condition values may include information such as time and IP addresses. This element is optional.
Effect : Describes whether the statement produces an "allow" or "explicit deny" result. There are two situations: Allow (permit) and deny (explicitly deny). This element is required.

Resource Six-Segment Description

qcs: is short for qcloud service, indicating Tencent Cloud resources. This field is required.
project_id: Describes project information, only for compatibility with CAM's early logic. If not necessary, no need to fill it in.
service_type: Product abbreviation. Cloud Infinite is ci.
region: Region information, for example, ap-shanghai.
account: The primary account information of the resource owner, for example, uid/1250000001.
resource: Details of the specific resource, for example, bucket/examplebucket-1250000001/*.
For example, you can use a specific Bucket (examplebucket-1250000001), described in the statement as follows:
"resource":[ "qcs::ci:ap-shanghai:uid/1250000001:bucket/examplebucket-1250000001/*"]
If you want to specify multiple resources in one instruction, separate them with commas. The following is an example of specifying two resources:
"resource":["resource1","resource2"]

Authorization Example

The following is a syntax example for granting a sub-account permission to submit Media Processing task information in Bucket examplebucket-1250000001.
{     
        "version":"2.0", 
        "statement": 
        [ 
           { 
              "effect":"allow",
              "action":[
                  "name/ci:CreateMediaJobs"
              ],
              "resource":[
                  "qcs::ci:ap-shanghai:uid/1250000001:bucket/examplebucket-1250000001/*"
              ]
           } 
       ] 
}

上一篇: Overview下一篇: Authorization Granularity Details

帮助和支持

本页内容是否解决了您的问题?

填写满意度调查问卷,共创更好文档体验。

文档反馈