Policy Structure Introduction

Policy structure includes authorization sentence list. Every authorization sentence includes permission and resource.

Policy structure:

Support JSON format description

For now, it only supports JSON format description. When you create or update policy, the cloud check if JSON format is correct or not. About JSON grammar, please see RFC 7159. Users can also use some online JSON format checker or editor to test the JSON text’s validity

Policy grammar

Grammar description symbol instruction

1. the JSON symbol of Policy:
   { } [ ] " , :
2. special symbol of grammar:
   = < > ( ) |
3. when an element has multiple values, use comma and ellipsis:
   [<resource_string>, <resource_string>, ...]
4. the elements between double quotation marks is string:
   <permission_block> = "Permission" : "<permission_string>, <permission_string>, ..."

grammar description

policy  = {

<statement_block> = "Statement" : [ <statement>, <statement>, ... ]

<statement> = {

<permission_block> = "Permission" : "<permission_string>, <permission_string>, ..."

<resource_block> = "Resource" : [<resource_string>, <resource_string>, ...]

Policy grammar description:

  • A policy can has many statement。
  • in one statement, permission is a string support multiple authorizations, resource is a list which support multiple objects。

permission supports multiple values, the values must be accepted at ezviz platform:

Permission Resource type description
Update dev、cam Edit resource, for example, edit device’s name, channel name
Get dev、cam Search resource information, includes configuration
DevCtrl dev、cam Device control all, includes, Real、Replay、Alarm、Capture、Video、Ptz、Upgrade、Format、Pipe、Config and other defined device operation permissions and the device operation permissions which will be defined in the future.
Real dev、cam live view
Replay dev、cam Play back (includes local, and cloud)
Alarm dev Access device alarm information, subscribe alarm information
Capture dev、cam capture
Video dev、cam recording
Ptz dev、cam cloud control
Upgrade dev upgrade
Format dev Format the disk
Pipe dev Using EZVIZ transparent channel function
Config dev、cam Configure device, like encrypt video, disarm, link NVR and IPC etc.

Comment: in this version, the sub-account does not have add/delete device permission; sub-account can send request of add/delete device to developer, developer add/delete device.

Example: "Permission": "Get,Update,DevCtrl"


Resource usually means the operation object, like device, channel, we use the following format to name the resource {resourceType}:{resourceId}

Format Description:

  • • resourceType: the type of resource, there are only two types, dev(device), cam(channel);
  • • resourceId: the ID of resource, resourceId of dev type is serial number, resourceId of cam is serial number: channel number.

Example:"Resource": ["dev:469631729","cam:544229080:1"].

Policy example

The following Policy includes two statements: first statement allows device 469631729 and 544229080:1 channels get resource information, Update, Real, Replay permissions. The second statement allows to get device 470686804 information and real view.

    "Statement": [
            "Permission": "Get,Update,Real,Replay",
            "Resource": [
            "Permission": "Get,Real",
            "Resource": [

results matching ""

    No results matching ""