Policy Structure Introduction
Policy structure includes authorization sentence list. Every authorization sentence includes permission and resource.
Policy structure:
Support JSON format description
For now, it only supports JSON format description. When you create or update policy, the cloud check if JSON format is correct or not. About JSON grammar, please see RFC 7159. Users can also use some online JSON format checker or editor to test the JSON text’s validity
Policy grammar
Grammar description symbol instruction :
1. the JSON symbol of Policy:
{ } [ ] " , :
2. special symbol of grammar:
= < > ( ) |
3. when an element has multiple values, use comma and ellipsis:
[<resource_string>, <resource_string>, ...]
4. the elements between double quotation marks is string:
<permission_block> = "Permission" : "<permission_string>, <permission_string>, ..."
grammar description :
policy = {
<statement_block>
}
<statement_block> = "Statement" : [ <statement>, <statement>, ... ]
<statement> = {
<permission_block>,
<resource_block>
}
<permission_block> = "Permission" : "<permission_string>, <permission_string>, ..."
<resource_block> = "Resource" : [<resource_string>, <resource_string>, ...]
Policy grammar description:
- A policy can has many statement。
- in one statement, permission is a string support multiple authorizations, resource is a list which support multiple objects。
Permission
permission supports multiple values, the values must be accepted at ezviz platform:
| Permission | Resource type | description |
|---|---|---|
| Update | dev、cam | Edit resource, for example, edit device’s name, channel name |
| Get | dev、cam | Search resource information, includes configuration |
| DevCtrl | dev、cam | Device control all, includes, Real、Replay、Alarm、Capture、Video、Ptz、Upgrade、Format、Pipe、Config and other defined device operation permissions and the device operation permissions which will be defined in the future. |
| Real | dev、cam | live view |
| Replay | dev、cam | Play back (includes local, and cloud) |
| Alarm | dev | Access device alarm information, subscribe alarm information |
| Capture | dev、cam | capture |
| Video | dev、cam | recording |
| Ptz | dev、cam | cloud control |
| Upgrade | dev | upgrade |
| Format | dev | Format the disk |
| Pipe | dev | Using EZVIZ transparent channel function |
| Config | dev、cam | Configure device, like encrypt video, disarm, link NVR and IPC etc. |
Comment: in this version, the sub-account does not have add/delete device permission; sub-account can send request of add/delete device to developer, developer add/delete device.
Example: "Permission": "Get,Update,DevCtrl"
Resource
Resource usually means the operation object, like device, channel, we use the following format to name the resource {resourceType}:{resourceId}
Format Description:
- • resourceType: the type of resource, there are only two types, dev(device), cam(channel);
- • resourceId: the ID of resource, resourceId of dev type is serial number, resourceId of cam is serial number: channel number.
Example:"Resource": ["dev:469631729","cam:544229080:1"].
Policy example
The following Policy includes two statements: first statement allows device 469631729 and 544229080:1 channels get resource information, Update, Real, Replay permissions. The second statement allows to get device 470686804 information and real view.
{
"Statement": [
{
"Permission": "Get,Update,Real,Replay",
"Resource": [
"dev:469631729",
"cam:544229080:1"
]
},
{
"Permission": "Get,Real",
"Resource": [
"dev:470686804"
]
}
]
}