服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 数据湖计算 | DLC_QCSLinkedRoleInCheckDLCResource | 服务相关角色 | checkdlcresource.dlc.cloud.tencent.com |
DLC_QCSLinkedRoleInCheckDLCResource
使用场景: 当前角色为数据湖计算 Data Lake Compute(DLC)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForDLCLinkedRoleInCheckDLCResource
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cos:GetService", "cos:GetBucket", "cos:ListMultipartUploads", "cos:GetObject*", "cos:HeadObject", "cos:GetBucketObjectVersions", "cos:OptionsObject", "cos:ListParts", "cos:DeleteObject", "cos:PostObject", "cos:PostObjectRestore", "cos:PutObject*", "cos:InitiateMultipartUpload", "cos:UploadPart", "cos:UploadPartCopy", "cos:CompleteMultipartUpload", "cos:AbortMultipartUpload", "cos:DeleteMultipleObjects", "cos:AppendObject", "cos:HeadBucket", "vpc:DescribeRouteTable", "vpc:CreateRoute", "vpc:AcceptVpcPeeringConnection", "vpc:CreateVpcPeeringConnectionEx", "vpc:CreateVpcPeeringConnection", "vpc:DeleteVpcPeeringConnection", "vpc:DeleteVpcPeeringConnectionEx", "vpc:AcceptVpcPeeringConnectionEx", "vpc:DescribeVpcPeeringConnections", "cloudaudit:DescribeEvents", "cos:GetBucket*", "cos:PutBucket*", "cos:DeleteBucket*", "cos:RenameObject", "monitor:GetMonitorData", "chdfs:DescribeMountPoint", "chdfs:DescribeFileSystem", "chdfs:DescribeAccessGroups", "chdfs:DescribeAccessRules", "chdfs:ModifyFileSystem", "chdfs:ModifyAccessRules", "chdfs:CreateAccessGroup", "chdfs:CreateAccessRules", "chdfs:AssociateAccessGroups", "chdfs:DisassociateAccessGroups", "chdfs:DeleteAccessGroup", "chdfs:DeleteAccessRules", "vpc:DescribeAssistantCidr", "vpc:DescribeVpcEx", "chdfs:DescribeMountPoints", "oceanus:DescribeWorkSpaces", "oceanus:DescribeClusters", "oceanus:DescribeCHDFSAccessGroups", "oceanus:CreateCHDFSAccessGroup", "vpc:DescribeVpcEndPoint", "vpc:CreateVpcEndPoint", "vpc:DeleteVpcEndPoint", "tcr:CreateServiceAccount", "tcr:DeleteServiceAccount", "tcr:DescribeServiceAccounts", "tcr:CreateMultipleSecurityPolicy", "tcr:DescribeSecurityPolicies", "tcr:DescribeRepositories", "tcr:DescribeExternalEndpointStatus", "tcr:ManageExternalEndpoint", "tccatalog:DescribeTccCatalog", "tccatalog:DescribeTccCatalogs", "tccatalog:BindTccVpcEndPointServiceWhiteList", "tccatalog:AcceptTccVpcEndPointConnect", "tccatalog:DescribeTccVipInternal", "ssm:GetSecretValue", "tccatalog:DescribeMetastoreInstances", "tccatalog:CreateTCCatalogEndpoint", "tccatalog:CreateCatalog", "tccatalog:DescribeCatalogs", "tccatalog:DescribeCatalog", "tccatalog:ModifyCatalog", "tccatalog:DropCatalog", "tccatalog:CreateSchema", "tccatalog:DescribeSchema", "tccatalog:DescribeSchemaNamesPage", "tccatalog:DescribeSchemaNames", "tccatalog:DropSchema", "tccatalog:CreateTable", "tccatalog:DescribeTable", "tccatalog:DropTable", "tccatalog:ModifyTableComment", "tccatalog:DescribeTableNamesPage", "tccatalog:DescribeTableNames", "tccatalog:DescribeTables", "tccatalog:AddTableColumn", "tccatalog:DeleteTableColumn", "tccatalog:ModifyFunction", "tccatalog:CreateFunction", "tccatalog:DropFunction", "tccatalog:DescribeFunction", "tccatalog:DescribeFunctionNamesPage", "tccatalog:DescribeFunctions", "tccatalog:DropView", "tccatalog:DescribeView", "tccatalog:DescribeViewNamesPage", "tccatalog:DescribeViews", "tccatalog:AddPartitionField", "tccatalog:RemovePartitionField", "tccatalog:DescribeTableInfo", "tccatalog:DescribeOptimizerGroups", "tccatalog:ModifyTableProperties", "tccatalog:DescribeStrategyStatus", "tccatalog:DescribeTableDataOptimization", "tccatalog:CreateOptimizationStrategy", "tccatalog:DescribeCatalogDataOptimization", "tccatalog:DescribeTableOptimizationStrategy", "tccatalog:ModifyTableOptimizationStrategy", "tccatalog:RegisterTable", "tccatalog:DescribeModelNamesPage", "tccatalog:DescribeModelVersionNumbersPage", "tccatalog:DescribeModels", "tccatalog:CreateModel", "tccatalog:CreateModelVersion", "tccatalog:DescribeModel", "tccatalog:DescribeModelNames", "tccatalog:DescribeModelVersion", "tccatalog:DescribeModelVersionNumbers", "tccatalog:DescribeModelVersions", "tccatalog:ModifyModelComment", "tccatalog:ModifyModelName", "tccatalog:ModifyModelProperties", "tccatalog:ModifyModelVersionAliases", "tccatalog:ModifyModelVersionComment", "tccatalog:ModifyModelVersionProperties", "tccatalog:RegisterModel", "tccatalog:SearchModels", "tccatalog:DropModel", "tccatalog:DropModelVersion", "tccatalog:SearchModelVersions", "tccatalog:CreateUsers", "tccatalog:DeleteUsers", "tccatalog:DescribeUsers", "tccatalog:ModifyUser", "tccatalog:CreateRole", "tccatalog:DeleteRoles", "tccatalog:DescribeRoles", "tccatalog:ModifyRole", "tccatalog:GrantRolesToUser", "tccatalog:RevokeRolesFromUser", "tccatalog:GrantUsersToRole", "tccatalog:RevokeUsersFromRole", "tccatalog:GrantPermissionToRole", "tccatalog:RevokePermissionToRole", "tccatalog:GrantPermissionToUser", "tccatalog:RevokePermissionToUser", "tccatalog:UpdatePermissionToResource", "tccatalog:DescribeRolePermissionList", "tccatalog:DescribeRolesPrivilegeList", "tccatalog:CheckUserRoleGranted", "tccatalog:DescribeSchemas", "tccatalog:DescribeCatalogsByNames", "tccatalog:LockTable", "tccatalog:UnlockTable", "tccatalog:CheckTable", "tccatalog:AlterTable" ], "resource": "*" } ] }
