服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 腾讯云可观测平台 | CM_QCSLinkedRoleInTMP | 服务相关角色 | cvm.qcloud.com tmp.monitor.cloud.tencent.com |
| 腾讯云可观测平台 | CM_QCSLinkedRoleInTcopAI | 服务相关角色 | tcopai.monitor.cloud.tencent.com |
| 腾讯云可观测平台 | CM_QCSLinkedRoleInQueryInstance | 服务相关角色 | queryInstance.cm.cloud.tencent.com |
CM_QCSLinkedRoleInTMP
使用场景: 当前角色为云监控(CM)服务相关角色,该角色用于授权云监控访问您的云产品资源。
权限策略
- 策略名称: QcloudAccessForCMLinkedRoleInTMP
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "monitor:DescribeBaseMetrics", "monitor:GetMonitorData", "cvm:DescribeInstances", "ckafka:DescribeInstances", "cdb:DescribeDBInstances", "clb:DescribeLoadBalancers", "mongodb:DescribeDBInstances", "redis:DescribeInstances", "redis:DescribeInstanceNodeInfo", "memcached:DescribeInstances", "cvm:DescribeAddresses", "cvm:DescribeCbsStorages", "dc:DescribeDirectConnectTunnels", "dc:DescribeDirectConnects", "vpc:DescribeNatGateways", "sqlserver:DescribeDBInstances", "mariadb:DescribeDBInstances", "es:DescribeInstances", "postgres:DescribeDBInstances", "lighthouse:DescribeInstances", "dcdb:DescribeDCDBInstances", "tdmq:DescribeRocketMQNamespaces", "tdmq:DescribeRocketMQTopics", "tdmq:DescribeRocketMQClusters", "vpc:DescribeVpnConnections", "vpc:DescribeVpnGw", "tse:DescribeSREInstances", "cynosdb:DescribeInstances", "cos:GetService", "cdn:DescribeDomains", "tse:DescribeNacosReplicas", "tse:DescribeZookeeperReplicas", "vpc:DescribeDirectConnectGateways", "tat:RunCommand", "dts:DescribeSyncJobs", "dts:DescribeMigrateJobs", "dts:DescribeSubscribes", "vpc:DescribeCcns", "vpc:DescribeCcnRegionBandwidthLimits", "gaap:DescribeProxyInstances", "gaap:DescribeProxies", "gaap:DescribeListenerRealServers", "tat:DescribeInvocations", "tat:DescribeInvocationTasks", "gaap:DescribeTCPListeners", "gaap:DescribeUDPListeners", "gaap:DescribeHTTPSListeners", "gaap:DescribeHTTPListeners", "gaap:DescribeNoneBgpIpList", "gaap:DescribeProxyGroupList", "cdwch:DescribeInstances", "cdwch:DescribeInstanceMonitorPort", "waf:DescribeDomains", "waf:DescribeInstances", "cfs:DescribeCfsSnapshots", "cfs:DescribeCfsFileSystems", "ckafka:DescribeInstancesDetail", "emr:DescribeInstancesList", "emr:DescribeClusterMonitorInfo", "vpc:DescribeBandwidthPackages", "ckafka:DescribeConsumerGroup", "ckafka:DescribeTopic", "trocket:DescribeInstanceList", "trocket:DescribeTopicList", "tdmq:DescribeRocketMQClusters", "tdmq:DescribeRocketMQTopics", "tdmq:DescribeRocketMQNamespaces", "tdmq:DescribeRocketMQGroups", "vod:DescribeSubAppIds", "vod:DescribeDomains", "vod:DescribeCdnBillingAreas", "scf:ListNamespaces", "scf:ListFunctions", "scf:ListVersionByFunction", "scf:ListAliases", "cdn:DescribeMonitorDomains", "emr:DescribeClusterNodes", "clb:DescribeExclusiveClusters", "apigw:DescribeServicesStatus", "apigw:DescribeServiceEnvironmentList", "apigw:DescribeApisStatus", "cls:DescribeTopics", "cdb:DescribeCdbProxyInfo", "vpc:DescribeNetDetects", "tcaplusdb:DescribeTables", "tcaplusdb:DescribeClusters", "clb:DescribeListeners", "clb:DescribeTargets", "tione:DescribeModelServices", "tione:DescribeBillingResourceGroups", "tione:DescribeNotebooks", "tione:DescribeTrainingTasks", "ctsdb:DescribeClusters", "ctsdb:DescribeAccessPool", "ctsdb:DescribeAccounts", "ctsdb:DescribeDatabases", "trocket:DescribeConsumerGroupList", "tione:DescribeTrainingTaskPods", "tione:DescribeModelServiceGroups", "lighthouse:DescribeInstances", "lighthouse:DescribeDisks", "vpc:DescribeIp6Addresses", "tse:DescribeCloudNativeAPIGateways", "tse:DescribeCloudNativeAPIGatewayNodes", "teo:DescribeZones", "teo:DescribeHostsSetting", "tag:GetResources", "tdmq:DescribeRabbitMQVipInstances", "keewidb:DescribeInstances", "keewidb:DescribeInstanceNodeInfo", "keewidb:DescribeTaskList", "cdwdoris:DescribeInstances", "cdwdoris:DescribeInstanceNodes", "tse:DescribePublicAddressConfig", "tdmq:DescribeRabbitMQNodeList", "tdmq:DescribePulsarProInstances", "tdmq:DescribeClusters", "tdmq:DescribeEnvironments", "tdmq:DescribeTopics", "tdmq:DescribeSubscriptions", "vpc:DescribeVpcs", "vpc:DescribeSubnets", "vpc:DescribeVpcEndPoint", "vpc:DescribeVpcEndPointService", "monitor:GetLastMonitorData", "tag:DescribeProjects", "tag:DescribeResourceTagsByResourceIds", "vdb:DescribeInstances", "vdb:DescribeInstanceNodes", "vdb:DescribeEmbedding", "tse:DescribeNacosServerInterfaces", "oceanus:DescribeJobs", "oceanus:DescribeJobRuntimeInfo", "tse:DescribeZookeeperServerInterfaces", "cdwch:DescribeInstanceNodes", "cdwch:DescribeInstancesNew", "emr:DescribeCloudInstanceService", "emr:DescribeServiceComponentInfos", "emr:DescribeServicePodNodeInfos", "emr:DescribeCloudInstancesList", "emr:DescribeCloudInstance", "vpc:DescribeTrafficQosPolicy", "mqtt:DescribeInstanceList", "mqtt:DescribeTopicList", "cfs:DescribeUserQuota", "cfs:DescribeCfsFileSystemClients", "ci:DescribeCIBuckets", "emr:DescribeSLClusterNodes", "emr:DescribeSLInstanceList", "monitor:DescribePrometheusIntegrationAuth", "vpc:DescribeCcnAttachedInstances", "trocket:DescribeFusionInstanceList", "goosefs:DescribeFileSystems", "dlc:ListLakeFsInfo", "dlc:ListDataEngines", "dlc:DescribeScheduleTasks", "dlc:DescribeSparkAppJobs", "es:DescribeViews", "region:DescribeZones", "monitor:DescribePrometheusClusterAgents", "monitor:DescribeExporterIntegrations", "monitor:DescribePrometheusIntegrations", "monitor:DescribePrometheusIntegrationDashboardsOverview", "monitor:GetUncollectedMetricsByPromQL", "monitor:ExportPrometheusReadOnlyDynamicAPI", "monitor:DescribePrometheusInstances", "monitor:DescribePrometheusIntegrationMetrics", "ga2:DescribeListeners", "ga2:DescribeAccelerateAreas", "ga2:DescribeGlobalAccelerators" ], "resource": "*" } ] }
CM_QCSLinkedRoleInTcopAI
使用场景: 当前角色为腾讯云可观测平台(monitor)服务相关角色,角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForCMLinkedRolelnTcopAI
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "rum:DescribeProjectApps", "rum:QueryQAPMCommon", "rum:QueryDimensionMetric", "rum:QuerySingleCaseDetailList", "rum:DescribeTawInstances", "monitor:DescribeAlarmHistories", "monitor:DescribeAlarmHistoryCountForOverView", "monitor:DescribeQceHistoryTopForOverView", "monitor:DescribeAlarmHistoryMetricsForOverView", "monitor:GetMonitorData", "monitor:DescribeStatisticData", "monitor:DescribeAlarmPolicies", "monitor:DescribeAlarmNotice", "monitor:DescribeInstancesExtInfo", "monitor:DescribePredefinedConfigs", "monitor:DescribeOnCallForms", "monitor:DescribeDashboardMetrics", "monitor:DescribeUnifyDashboards", "monitor:DescribeInstanceGroupList", "monitor:DescribePrometheusInstances", "monitor:DescribePrometheusClusterAgents", "monitor:DescribePrometheusConfig", "monitor:ExportPrometheusReadOnlyDynamicAPI", "monitor:DescribeAlarmNotifyHistories", "monitor:DescribePrometheusAlertGroups", "monitor:DescribeTMPAgentArchitectureStatuses", "monitor:DescribePrometheusScrapeStatistics", "monitor:DescribeExporterIntegrations", "monitor:DescribeRecordingRules", "monitor:DescribeDefaultRecordingRules", "monitor:DescribeTMPAgentScrapeState", "monitor:DescribePrometheusManagedPodLog", "monitor:DescribeSubnetsInManagedCluster", "monitor:DescribePrometheusInstanceInitStatus", "monitor:DescribeAssignedTargets", "apm:DescribeSpanTreeByID", "apm:DescribeInstanceBriefs", "apm:DescribeSpanTagList", "apm:DescribeApmServiceMetric", "apm:DescribeMetricRecords", "apm:DescribeTopologyNew", "apm:DescribeTagValues", "apm:DescribeApmInstances", "pts:DescribeProjects", "pts:DescribeScenarios", "pts:DescribeJobs", "pts:DescribeCronJobs", "pts:DescribeAvailableMetrics", "pts:DescribeMetricLabelWithValues", "pts:DescribeErrorSummary", "pts:DescribeSampleMatrixBatchQuery", "pts:DescribeSampleBatchQuery", "pts:DescribeCheckSummary", "pts:DescribeAccountInformation", "pts:DescribeNormalLogs", "pts:DescribeSampleLogs", "pts:DescribeScriptTemplates", "pts:GenerateTmpKey", "pts:DescribeFiles", "pts:DescribeResourcePackages", "cvm:DescribeInstances", "apm:DescribeMetricLineData", "apm:DescribeProfileDetail", "apm:DescribeHistoryFlameGraphList", "monitor:DescribePrometheusAlertmanagerConfig", "monitor:DescribePrometheusBasicMetrics", "monitor:DescribePrometheusDefaultTemp", "monitor:DescribePrometheusGlobalConfig", "monitor:DescribeSubnetsInManagedCluster", "monitor:DescribeComponentInitialResource", "monitor:DescribePrometheusIntegrationMetrics", "monitor:DescribeRemoteURLs", "monitor:DescribeTMPAgentConfigs", "monitor:DescribePrometheusTargetsTMP", "monitor:DescribePrometheusTargetResponse", "apm:DescribeApmComboInfo", "apm:DescribeTagCountValues", "apm:DescribeApmConsumption", "cls:SearchLog" ], "resource": "*" } ] }
CM_QCSLinkedRoleInQueryInstance
使用场景: 当前角色为云监控(CM)服务相关角色,该角色用于授权云监控访问您的云产品资源。
权限策略
- 策略名称: QcloudAccessForCMLinkedRoleInQueryInstance
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "cvm:DescribeInstances" ] } ] }
