tencent cloud

Performance Testing Service

Overview
Purchase Guide
Billing Overview
Pay-as-You-Go (postpaid)
Purchasing Channels
Payment Overdue
Refund Instructions
Quick Start
Operation Guide
Performance Testing in Simple Mode
Performance Testing in Script Mode
Performance Testing in JMeter Mode
Project Management
Scenario Management
Traffic Recording
Environment Management
Scheduled Performance Testing
Performance Testing Report
Access Control
Alarm Management
Tag Management
Error Code Manual
Practice Tutorial
Using Prometheus To Monitor Performance Testing Metrics
Using PTS to Playback Requests Recorded by GoReplay
API Documentation
History
Introduction
API Category
Making API Requests
PTS-related APIs
Data Types
Error Codes
JavaScript API List
Overview of JavaScript API List
pts/global
pts/http
pts
pts/dataset
pts/grpc
pts/jsonpath
pts/protobuf
pts/redis
pts/sql
pts/url
pts/util
pts/ws
pts/socketio
pts/socket
FAQs
Related Agreements
Service Level Agreement
Use Limits
Privacy Policy
Data Processing And Security Agreement
DocumentationPerformance Testing ServiceOperation GuideAccess ControlPolicy Syntax

Policy Syntax

PDF
Focus Mode
Font Size
Last updated: 2025-03-10 16:55:56

Overview

Access policies can be used to grant permissions related to PTS. Access policies use a JSON-based access policy language. Through this policy language, you can authorize specific principals to perform designated operations on specified PTS resources.
The access policy language describes the basic elements and usage of policies. For explanations regarding the policy language, see CAM Policy Management.

Policy Syntax

CAM Policy

{	 
        "version":"2.0", 
        "statement": 
        [ 
           { 
              "effect":"effect", 
              "action":["action"], 
              "resource":["resource"], 
               "condition": {"key":{"value"}} 
           } 
       ] 
} 


Element Usage

version: Required. Currently, only the value "2.0" is allowed.
statement: Describes the detailed information of one or more permissions. This element includes several other elements such as effect, action, resource, and condition, forming a set of permissions or a permission collection. A policy has only one statement element.
effect: This required element describes whether the statement results in "allow" or "explicitly deny". It includes two possible values: allow (allow) and deny (explicitly deny).
action: This required element describes the allowed or denied actions. Actions can be APIs (described with the prefix name) or feature sets (a group of specific APIs, described with the prefix permid).
resource: This required element describes the specific data being authorized. Resources are described using a six-segment format. The details of resource definitions vary by product. For information on how to specify resources, see the product documentation corresponding to the resource statement you write.
condition: This optional element describes the constraints under which the policy is effective. A condition consists of an operator, a key, and a value. Condition values can include information such as time or IP address. Some services allow you to specify additional values in the condition.

Specifying Effect

If access to a resource is not explicitly granted (allow), it is implicitly denied. Additionally, access to a resource can be explicitly denied (deny) to ensure that users cannot access the resource, even if other policies grant access. Below is an example specifying the effect of allowing:
"effect" : "allow"

Specifying Actions

PTS defines a set of console operations that can be specified in a policy. The specified operations are categorized into read-only APIs pts:Describe\\* and all APIs pts:\\*.
Examples of specifying allowed operations are as follows:
"action": [
  "name/pts:Describe*"
]

Specifying Resources

The resource element describes one or more operation objects, such as a performance testing service. All resources can be described using the following six-segment format.
qcs:project_id:service_type:region:account:resource
The parameters are described as follows:
Parameters
Description
Required
qcs
The abbreviation of qcloud service, indicating that it is the cloud service of Tencent Cloud.
Yes
project_id
The description of the project information. It is usually left blank as it is only for compatibility with the early logic of CAM.
No
service_type
Product abbreviation. It is PTS here.
Yes
account
Description of the root account information of the resource owner, namely the ID of the root account, represented as uin/${OwnerUin}, such as uin/100000000001.
Yes
resource
Description of details of a specific resource, with the prefix instance.
Yes
Below is an example of a four-segment description of the performance testing service:
"resource":["qcs::pts:uin/1250000000:ProjectId/project-bx123456"]

Examples

Based on the resource ID, assign read/write permissions for the specified resource. The root account ID is 1250000000. Example: Assign the sub-account permissions to query the project (ID: project-bx123456).
{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "pts:DescribeProjects"
            ],
            "resource": [
                "qcs::pts:uin/1250000000:ProjectId/project-bx123456"
            ]
        }
    ]
}

List of APIs that Support Resource-Level Authorization

API Operations
API Description
API Operations
API Description
AbortJob
Stops a task.
CreateProject
Creates a project.
CreateScenario
Creates scenarios.
DeleteJobs
Delete Task
DeleteProjects
Delete Project
DeleteScenarios
Deletes scenarios.
DescribeAllLabels
Queries all metrics' labels.
DescribeCheckSummary
Queries checkpoint summary information.
DescribeJobs
Queries the task list.
DescribeLabelValues
Queries tag content.
DescribeProjects
Queries project lists.
DescribeRegions
Querying region list.
DescribeSampleBatchQuery
Queries metrics in batches, returning metric content at fixed time points.
DescribeSampleQuery
Queries metrics, returning metric content at fixed time points.
DescribeSampleStreamBatchQuery
Queries metric sequences in batches.
DescribeSampleStreamQuery
Queries metric sequences within a time range.
DescribeScenarioWithJobs
Queries scenario configurations and include the content of executed tasks.
DescribeScenarios
Queries scenario lists.
DescribeServiceSummary
Queries service summary information.
DescribeZones
Querying availablity zone list.
GenerateTmpKey
Generates temporary COS credentials.
StartJob
Creates and starts tasks.
UpdateJob
Updates tasks.
UpdateProject
Updates projects.
UpdateScenario
Updates scenarios.
List of APIs That Do not Support Resource-Level Authorization
For PTS API operations that do not support resource-level permissions, you can still grant users permissions to conduct these operations, but the resource element of the policy statement should be specified as *.
API Operations
API Description
CreateProject
Creates PTS service instances.

Previous Topic: OverviewNext Topic: Associating With Policies

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback