Skip to main content

Security Rules

The API for security rules can be invoked via commonService.

Permission Category

The following first 4 types are simple permissions, while CUSTOM is specific to security rules.

  • READONLY: Readable by all users, writable only by the creator and administrators.
  • PRIVATE: Readable and writable only by the creator and administrators.
  • ADMINWRITE: Readable by all users, writable only by administrators.
  • ADMINONLY: Readable and writable only by administrators
  • CUSTOM: Custom security rules

Obtaining Database Simple Permissions

1. API Description

API Feature: Obtain Database Simple Permissions

API declaration: manager.commonService().call({Action: 'DescribeDatabaseACL',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
CollectionNameRequiredStringCollection name
EnvIdRequiredStringEnvironment ID

3. Return Results

FieldRequiredTypeDescription
RequestIdRequiredStringUnique identifier of the request
AclTagNoStringPermission category

4. Sample Code

const cloudbaseConfig = {
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
};

let manager = new CloudBase(cloudbaseConfig);

async function test() {
  const res = await manager.commonService().call({
    Action: "DescribeDatabaseACL",
    Param: {
      CollectionName: "xxx",
      EnvId: cloudbaseConfig.envId
    }
  });

  console.log(res.AclTag); // Log permission category
}

test();

Modifying Database Simple Permissions

1. API Description

API feature: Modifying Database Simple Permissions

API declaration: manager.commonService().call({Action: 'ModifyDatabaseACL',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
CollectionNameRequiredStringCollection name
AclTagRequiredStringPermission category READONLY PRIVATE ADMINWRITE ADMINONLY
EnvIdRequiredStringEnvironment ID

3. Return Results

FieldRequiredTypeDescription
RequestIdStringRequiredUnique identifier of the request

4. Sample Code

const cloudbaseConfig = {
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
};

let manager = new CloudBase(cloudBaseConfig);

async function test() {
  const res = await manager.commonService().call({
    Action: "ModifyDatabaseACL",
    Param: {
      CollectionName: "xxx",
      EnvId: cloudbaseConfig.envId,
      AclTag: "PRIVATE"
    }
  });
  console.log(res);
}

test();

Setting Database Security Rules

1. API Description

API Feature: Setting Database Security Rules

API declaration: manager.commonService().call({Action: 'ModifySafeRule',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
CollectionNameRequiredStringCollection name
EnvIdYesStringEnvironment ID
AclTagYesStringPermission category
RuleNoStringRequired when the permission category is set to CUSTOM (Database Security Rules Documentation)

3. Return Results

FieldRequiredTypeDescription
RequestIdRequiredStringUnique identifier of the request

4. Sample Code

const cloudbaseConfig = {
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
};

let manager = new CloudBase(cloudBaseConfig);

async function test() {
  const res = await manager.commonService().call({
    Action: "ModifySafeRule",
    Param: {
      CollectionName: "coll-1",
      AclTag: "CUSTOM",
      EnvId: "xxx",
      Rule: JSON.stringify({
        read: true,
        write: "doc._openid == auth.openid"
      })
    }
  });
  console.log(res);
}

test();

Querying Database Security Rules

1. API Description

API Feature: Querying Database Security Rules

API declaration: manager.commonService().call({Action: 'DescribeSafeRule',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
CollectionNameRequiredStringCollection name
EnvIdRequiredStringEnvironment ID

3. Return Results

FieldRequiredTypeDescription
RequestIdRequiredStringUnique identifier of the request
AclTagRequiredStringPermission category
RuleRequiredString or nullSecurity rule

4. Sample Code

const cloudbaseConfig = {
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
};

let manager = new CloudBase(cloudBaseConfig);

async function test() {
  const res = await manager.commonService().call({
    Action: "DescribeSafeRule",
    Param: {
      CollectionName: "coll-1",
      EnvId: cloudbaseConfig.envId
    }
  });
  console.log(res.AclTag);
  console.log(res.Rule);
}
test();

Setting SCF Security Rules

1. API Description

API feature: Setting SCF Security Rules

API declaration: manager.commonService().call({Action: 'ModifySecurityRule',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
AclTagYesStringEnter CUSTOM
EnvIdYesStringEnvironment ID
ResourceTypeYesStringEnter FUNCTION
RuleRequiredStringRefer to SCF security rules documentation

3. Return Results

FieldRequiredTypeDescription
RequestIdRequiredStringUnique identifier of the request

4. Sample Code

const manager = new CloudBase({
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
});

const { env } = manager;

async function test() {
  const res = await manager.commonService().call({
    Action: "ModifySecurityRule",
    Param: {
      AclTag: "CUSTOM",
      EnvId: envId,
      ResourceType: "FUNCTION",
      Rule: JSON.stringify({
        "*": {
          invoke: true
        }
      })
    }
  });
  console.log(res);
}
test();

Querying SCF Security Rules

1. API Description

API feature: Querying SCF Security Rules

API declaration: manager.commonService().call({Action: 'DescribeSecurityRule',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
ResourceTypeYesStringEnter FUNCTION
EnvIdYesStringEnvironment ID

3. Return Results

FieldRequiredTypeDescription
RequestIdRequiredStringUnique identifier of the request
AclTagRequiredStringPermission category
RuleRequiredString or nullSecurity rule

4. Sample Code

const cloudbaseConfig = {
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
};

let manager = new CloudBase(cloudBaseConfig);

async function test() {
  const res = await manager.commonService().call({
    Action: "DescribeSecurityRule",
    Param: {
      EnvId: "hello-tcb-9glo12vd5bd3bd0d",
      ResourceType: "FUNCTION"
    }
  });
  console.log(res.AclTag);
  console.log(res.Rule);
}

test();

Setting Storage Security Rules

1. API Description

API Feature: Setting Storage Security Rules

API declaration: manager.commonService().call({Action: 'ModifyStorageSafeRule',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
BucketYesStringBucket name
AclTagYesStringPermission category
EnvIdYesStringEnvironment ID
RuleNoStringSet this field when the permission category is CUSTOM (Storage Security Rules Documentation)

3. Return Results

FieldRequiredTypeDescription
RequestIdRequiredStringUnique identifier of the request

4. Sample Code

const manager = new CloudBase({
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
});

const { env } = manager;

// First obtain the bucket name
const {
  EnvInfo: { Storages }
} = await env.getEnvInfo();
const { Bucket } = Storages[0];

async function test() {
  const res = await manager.commonService().call({
    Action: "ModifyStorageSafeRule",
    Param: {
      Bucket,
      AclTag: "CUSTOM",
      EnvId: envId,
      Rule: JSON.stringify({
        read: true,
        write: "resource.openid == auth.uid"
      })
    }
  });
  console.log(res);
}
test();

Querying Storage Security Rules

1. API Description

API Feature: Querying Storage Security Rules

API declaration: manager.commonService().call({Action: 'DescribeStorageSafeRule',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
BucketYesStringBucket name
EnvIdYesStringEnvironment ID

3. Return Results

FieldRequiredTypeDescription
RequestIdRequiredStringUnique identifier of the request
AclTagRequiredStringPermission category
RuleRequiredString or nullSecurity rule

4. Sample Code

const cloudbaseConfig = {
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
};

let manager = new CloudBase(cloudBaseConfig);

async function test() {
  const res = await manager.commonService().call({
    Action: "DescribeStorageSafeRule",
    Param: {
      Bucket: "xxx",
      EnvId: cloudBaseConfig.envId
    }
  });
  console.log(res.AclTag);
  console.log(res.Rule);
}

test();

Query Storage Security Rules Modification Asynchronous Task Status

1. API Description

API feature: Query the status of the asynchronous task for modifying storage security rules

API declaration: manager.commonService().call({Action: 'DescribeCDNChainTask',Param: {}}): Promise<Object>

⚠️ Starting from version 3.0.0, commonService is used as a method in this API with request parameters (service?: string, version?: string), which is an incompatible change.

2. Input Parameters

FieldRequiredTypeDescription
ActionYesStringAPI name
ParamYesObjectAPI parameters

Param Field Description

FieldRequiredTypeDescription
BucketYesStringBucket name
EnvIdYesStringEnvironment ID

3. Return Results

FieldRequiredTypeDescription
RequestIdRequiredStringUnique identifier of the request
StatusRequiredStringStatus of the hotlink protection on/off task. WAITING, PENDING, FINISHED, ERROR

4. Sample Code

const cloudbaseConfig = {
  secretId: "Your SecretId",
  secretKey: "Your SecretKey",
  envId: "Your envId" // TCB environment ID, which can be obtained from the Tencent Cloud TCB console
};

let manager = new CloudBase(cloudBaseConfig);

async function test() {
  // Obtain environment information and get bucket
  const {
    EnvInfo: { Storages }
  } = await env.getEnvInfo();
  console.log(Storages);
  const { Bucket } = Storages[0];
  const res = await manager.commonService().call({
    Action: "ModifyStorageSafeRule",
    Param: {
      Bucket,
      AclTag: "CUSTOM",
      EnvId: envId,
      Rule: JSON.stringify({
        read: true,
        write: "resource.openid == auth.uid"
      })
    }
  });
  console.log(res);
  expect(res.RequestId !== undefined).toBe(true);

  let status = "";
  do {
    status = (
      await commonService.call({
        Action: "DescribeCDNChainTask",
        Param: {
          Bucket,
          EnvId: envId
        }
      })
    ).Status;
    console.log(status);
  } while (status !== "FINISHED" && status !== "ERROR");
}

test();