首次使用 TCHouse-X 前,请确保已通过主账号创建必要的关联角色,以获取云资源访问授权。
说明:
前置条件
已在腾讯云国内站注册账号并完成实名认证。
已收到腾讯云数据仓库 TCHouse-X(以下简称 TCHouse-X)的测试邀请。
Step 1:访问 TCHouse-X 产品控制台
说明:
若未收到 TCHouse-X 测试邀请,控制台页面将无法正常使用。
Step 2:创建 TCHouse-X 产品服务角色
使用 TCHouse-X 过程中需要访问您的部分腾讯云资源,因此需通过创建产品服务角色的方式,授予 TCHouse-X 相关权限。
1. 单击创建角色。
2. 在二次确认弹窗中,单击前往授权。
3. 在跳转的腾讯云访问管理(CAM)页面中,单击同意授权,此步骤将授予 TCHouse-X 访问您的部分腾讯云资源的权限。
4. 授权完成后,自动跳转回 TCHouse-X 产品页面,单击已完成授权。完成授权后,即可开始使用 TCHouse-X。
权限说明
TCHouse-X 依赖以下服务相关角色获取跨服务访问权限,每个角色默认关联一条预设策略:
服务角色 | 预设策略 | 策略简述 |
TCHOUSEX_QCSLinkedRoleInTCHOUSEX | QcloudAccessForTCHOUSEXLinkedRoleInTCHOUSEX | 授予 TCHouse-X 访问对象存储(COS)和云 HDFS(CHDFS)资源的权限 |
TCHOUSEX_QCSLinkedRoleInTCLake | QcloudAccessForTCHOUSEXLinkedRoleInTCLake | 授予 TCHouse-X 访问 TCCatalog 资源的权限 |
Tccatalog_QCSLinkedRoleInMetadataManagement | QcloudAccessForTccatalogLinkedRoleInMetadataManagement | 授予 TCCatalog 访问其他云服务资源的权限 |
预设策略详情
QcloudAccessForTCHOUSEXLinkedRoleInTCHOUSEX 策略内容
{"version": "2.0","statement": [{"effect": "allow","action": ["cos:GetService","cos:GetBucket","cos:ListMultipartUploads","cos:GetObject*","cos:HeadObject","cos:GetBucketObjectVersions","cos:OptionsObject","cos:ListParts","cos:DeleteObject","cos:PostObject","cos:PostObjectRestore","cos:PutObject*","cos:InitiateMultipartUpload","cos:UploadPart","cos:UploadPartCopy","cos:CompleteMultipartUpload","cos:AbortMultipartUpload","cos:DeleteMultipleObjects","cos:AppendObject","cos:HeadBucket","cos:GetBucket*","cos:PutBucket*","cos:DeleteBucket*","cos:RenameObject","chdfs:DescribeMountPoint","chdfs:DescribeFileSystem","chdfs:DescribeAccessGroups","chdfs:DescribeAccessRules","chdfs:ModifyFileSystem","chdfs:ModifyAccessRules","chdfs:CreateAccessGroup","chdfs:CreateAccessRules","chdfs:AssociateAccessGroups","chdfs:DisassociateAccessGroups","chdfs:DeleteAccessGroup","chdfs:DeleteAccessRules"],"resource": "*"}]}
QcloudAccessForTCHOUSEXLinkedRoleInTCLake 策略内容
{"statement": [{"action": ["vpc:DescribeVpcEndPointService","vpc:DescribeVpcEndPoint","tccatalog:DropCatalog","tccatalog:DescribeCatalog","tccatalog:DescribeMetastoreInstances","tccatalog:CreateCatalog","tccatalog:CreateTCCatalogEndpoint","tccatalog:DescribeCatalogs","tccatalog:DescribeTccCatalog","tccatalog:CreateUsers","tccatalog:DescribeUsers","tccatalog:DescribeRoles","tccatalog:DescribeRolePermissionList","tccatalog:DescribeCatalogNames","tccatalog:DescribeTccCatalogs","tccatalog:CreateRole","tccatalog:DeleteRoles","tccatalog:GrantRolesToUser","tccatalog:GrantUsersToRole","tccatalog:RevokeRolesFromUser","tccatalog:RevokeUsersFromRole","tccatalog:GrantPermissionToRole","tccatalog:RevokePermissionToRole","tccatalog:DeleteUsers","tccatalog:ModifyUser","tccatalog:ModifyRole","tccatalog:CheckUserRoleGranted","cam:ListMaskedSubAccounts","tccatalog:DescribeStorageUsage","tccatalog:SetMetadataObjectOwner","tccatalog:DescribeMetastoreInstance","tccatalog:GrantPermissionToUser","tccatalog:RevokePermissionToUser","tccatalog:DescribeRolesPrivilegeList","tccatalog:CreateMetastoreInstance","tccatalog:DescribeMetadataObjectsOwner","tccatalog:DescribeMetadataObjectOwner","tccatalog:UpdatePermissionToResource","tccatalog:DescribePrivilegesPointList","tccatalog:DescribeTccVipInternal","tccatalog:CheckCatalogConnectivity","tccatalog:CheckServiceRoleGranted","tccatalog:CreateSchema","tccatalog:CreateVolume","tccatalog:DescribeRegionWhitelist","tccatalog:DescribeSchema","tccatalog:DescribeSchemaNames","tccatalog:DescribeSupportCatalogType","tccatalog:DescribeUsageStatistics","tccatalog:ModifyCatalog","tccatalog:DescribeFrontMenuWhitelist","tccatalog:DescribeStorageUsageTrends","tccatalog:AcceptTccVpcEndPointConnect","tccatalog:BindTccVpcEndPointServiceWhiteList","tccatalog:CheckUserExists","tccatalog:DescribeCatalogNamesPage","tccatalog:SyncAllCamUsers","tccatalog:ModifyCatalogProperties","tccatalog:AssociateTagsWithMetadataObject","tccatalog:DescribeCatalogsByNames","tccatalog:ModifyCatalogName","tccatalog:DescribeSchemas","tccatalog:DescribeTableNames","tccatalog:DropTable","tccatalog:DropSchema","tccatalog:*"],"effect": "allow","resource": "*"}],"version": "2.0"}
QcloudAccessForTccatalogLinkedRoleInMetadataManagement 策略内容
{"statement": [{"action": ["vpc:DescribeRouteTable","vpc:CreateRoute","vpc:AcceptVpcPeeringConnection","vpc:CreateVpcPeeringConnectionEx","vpc:CreateVpcPeeringConnection","vpc:DeleteVpcPeeringConnection","vpc:DeleteVpcPeeringConnectionEx","vpc:AcceptVpcPeeringConnectionEx","vpc:DescribeVpcPeeringConnections","vpc:DescribeAssistantCidr","vpc:DescribeVpcEx","vpc:DescribeVpcEndPoint","vpc:CreateVpcEndPoint","vpc:DeleteVpcEndPoint","dlc:GrantDLCCatalogAccess","cos:GetBucket","cos:GetService","cos:HeadBucket","cos:HeadObject","cos:PutObject","privatedns:DescribePrivateZoneList","privatedns:DescribePrivateZone","privatedns:DescribePrivateZoneRecordList","privatedns:CreatePrivateZone","privatedns:CreatePrivateZoneRecord","privatedns:DescribeRecord","cam:ListMaskedSubAccounts","cam:DescribeRoleList","cam:DescribeSubAccounts","chdfs:CreateAccessGroup","chdfs:DeleteAccessGroup","chdfs:DescribeAccessGroup","chdfs:DescribeAccessGroups","chdfs:ModifyAccessGroup","chdfs:CreateAccessRules","chdfs:DeleteAccessRules","chdfs:DescribeAccessRules","chdfs:ModifyAccessRules","vpc:DescribeSubnets","vpc:DescribeSubnetEx","cloudaudit:DescribeEvents","vpc:CreateVpcEndPointService","vpc:DescribeVpcEndPointService","vpc:DeleteVpcEndPointService","vpc:CreateVpcEndPointServiceWhiteList","vpc:DescribeVpcEndPointServiceWhiteList","vpc:DeleteVpcEndPointServiceWhiteList","cos:ListMultipartUploads","cos:GetObject*","cos:GetBucketObjectVersions","cos:OptionsObject","cos:ListParts","cos:DeleteObject*","cos:PostObject","cos:PostObjectRestore","cos:PutObject*","cos:InitiateMultipartUpload","cos:UploadPart","cos:UploadPartCopy","cos:CompleteMultipartUpload","cos:AbortMultipartUpload","cos:DeleteMultipleObjects","cos:AppendObject"],"effect": "allow","resource": "*"}],"version": "2.0"}
结语
至此,您已成功通过创建 TCHouse-X 产品服务角色完成授权,可以正式开始使用 TCHouse-X。
