服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 云原生数据库 TDSQL-C | CynosDB_QCSLinkedRoleInDBLog | 服务相关角色 | DBLog.cynosdb.cloud.tencent.com |
| 云原生数据库 TDSQL-C | CynosDBMysql_QCSLinkedRoleInKms | 服务相关角色 | kms.cynosdb.cloud.tencent.com |
| 云原生数据库 TDSQL-C | CynosDBMysql_QCSLinkedRoleInClslog | 服务相关角色 | clslog.cynosdb.cloud.tencent.com |
| 云原生数据库 TDSQL-C | CynosDB_QCSLinkedRoleInDBlogDeliver | 服务相关角色 | DBLogDeliver.cynosdb.cloud.tencent.com |
| 云原生数据库 TDSQL-C | CynosDB_QCSLinkedRoleInDBLogDeliverCOS | 服务相关角色 | DBLogDeliverCOS.cynosdb.cloud.tencent.com |
| 云原生数据库 TDSQL-C | CynosDBMysql_QCSLinkedRoleInDtsDataSync | 服务相关角色 | dtsDataSync.cynosdb.cloud.tencent.com |
CynosDB_QCSLinkedRoleInDBLog
使用场景: 当前角色为云原生数据库(TDSQL-C)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForCynosDBLinkedRoleInDBLog
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cls:ModifyKafkaRecharge", "cls:DescribeKafkaRecharges", "cls:DeleteKafkaRecharge", "cls:CreateKafkaRecharge", "cls:DeleteCloudProductLogTask", "cls:ModifyCloudProductLogTask" ], "resource": "*" } ] }
CynosDBMysql_QCSLinkedRoleInKms
使用场景: 当前角色为云原生数据库TDSQL-C(cynosdb)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForCynosDBLinkedRoleInKms
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "kms:GetServiceStatus", "kms:ListKeyDetail", "kms:CreateKey", "kms:GenerateDataKey", "kms:Decrypt", "kms:BindCloudResource", "kms:UnbindCloudResource" ], "resource": [ "*" ] } ] }
CynosDBMysql_QCSLinkedRoleInClslog
使用场景: 当前角色为云原生数据库 TDSQL-C (CYNOSDB )服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForCynosDBLinkedRoleInClslog
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cls:DescribeIndexs", "cls:DescribeTopics", "cls:DescribeIndex", "cls:CreateIndex", "cls:DeleteIndex", "cls:ModifyIndex", "cls:pushLog", "cls:CreateLogset", "cls:CreateTopic", "cls:DescribeLogsets", "cls:DeleteTopic", "cls:DeleteLogset" ], "resource": [ "*" ] } ] }
CynosDB_QCSLinkedRoleInDBlogDeliver
使用场景: 当前角色为云原生数据库(TDSQL-C)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForCynosDBLinkedRoleInDBLogDeliver
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "ckafka:DescribeTopic", "ckafka:CreateTopic", "ckafka:CreateRoute", "ckafka:DescribeTaskStatus", "ckafka:DescribeRoute" ], "resource": "*" } ] }
CynosDB_QCSLinkedRoleInDBLogDeliverCOS
使用场景: 当前角色为云原生数据库(TDSQL-C)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForCynosDBLinkedRoleInDBLogDeliverCOS
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cos:InitiateMultipartUpload", "cos:UploadPart", "cos:CompleteMultipartUpload", "cos:AbortMultipartUpload", "cos:ListMultipartUploads", "cos:ListParts", "cos:HeadObject", "cos:PutBucketLifecycle", "cos:GetBucketLifecycle", "cos:DeleteBucketLifecycle" ], "resource": "*" } ] }
CynosDBMysql_QCSLinkedRoleInDtsDataSync
使用场景: 当前角色为云原生数据库TDSQL-C(cynosdb)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForCynosDBLinkedRoleInDtsDataSync
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "dts:CreateSyncJob", "dts:ConfigureSyncJob", "dts:CreateCheckSyncJob", "dts:DescribeCheckSyncJobResult", "dts:SkipSyncCheckItem", "dts:StartSyncJob", "dts:DescribeSyncJobs", "dts:IsolateSyncJob", "dts:DestroySyncJob" ], "resource": [ "*" ] }, { "action": [ "finance:trade", "finance:CreateOrders" ], "effect": "allow", "resource": [ "qcs::dts:::*" ] } ] }
