服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
TDSQL MySQL 版 | DCDB_QCSLinkedRoleInKMS | 服务相关角色 | kms.dcdb.cloud.tencent.com |
TDSQL MySQL 版 | DCDB_QCSLinkedRoleInTSE | 服务相关角色 | tse.dcdb.cloud.tencent.com |
TDSQL MySQL 版 | DCDB_QCSLinkedRoleInDBLog | 服务相关角色 | DBLog.dcdb.cloud.tencent.com |
DCDB_QCSLinkedRoleInKMS
使用场景: 当前角色为 TDSQL MySQL 版(DCDB)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForDCDBLinkedRoleInKMS
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "kms:GetServiceStatus", "kms:CreateKey", "kms:GenerateDataKey", "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt", "kms:EnableKey", "kms:EnableKeyRotation", "kms:ListKeyDetail", "kms:DescribeKey", "kms:ListKey" ] } ] }
DCDB_QCSLinkedRoleInTSE
使用场景: 当前角色为分布式数据库 TDSQL MySQL版(DCDB)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForDCDBLinkedRoleInTSE
- 策略内容:
{ "statement": [ { "action": [ "tse:CreateGovernanceStrategy", "tse:DescribeGovernanceMainToken", "tse:DescribeGovernanceInstances", "tse:DescribeGovernanceServices", "tse:CreateGovernanceInstances", "tse:DeleteGovernanceInstances", "tse:ModifyGovernanceServices", "tse:DescribeGovernanceStrategies", "tse:DescribeSREInstances", "tse:ModifyGovernanceInstances", "tse:DescribeGovernanceNamespaces", "tse:DescribeGovernanceAuthStrategies" ], "effect": "allow", "resource": "*" } ], "version": "2.0" }
DCDB_QCSLinkedRoleInDBLog
使用场景: 当前角色为分布式数据库DCDB(dcdb)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForDCDBLinkedRoleInDBLog
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cls:ModifyKafkaRecharge", "cls:CreateKafkaRecharge", "cls:DescribeKafkaRecharges", "cls:DeleteKafkaRecharge", "cls:DeleteCloudProductLogTask" ], "resource": "*" } ] }