服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
安全托管服务 | MSS_QCSLinkedRoleInAuth | 服务相关角色 | auth.mss.cloud.tencent.com |
MSS_QCSLinkedRoleInAuth
使用场景: 当前角色为安全托管服务(MSS)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForMSSLinkedRoleInAuth
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cvm:DescribeAddresses", "cvm:DescribeInstances", "cvm:DescribeInstancesStatus", "vpc:DescribeVpcEx", "vpc:DescribeNatGateways", "vpc:DescribeVpnGw", "clb:DescribeLoadBalancers", "bm:DescribeDevices", "antiddos:DescribeResourceList", "waf:*", "cfw:*", "wss:CertGetList", "yunjing:*", "cvm:DescribeInstances", "cvm:DescribeInstancesStatus", "cvm:DescribeAddresses", "vpc:DescribeVpcEx", "vpc:DescribeNatGateways", "vpc:DescribeVpnGw", "clb:DescribeLoadBalancers", "dcdb:DescribeDCDBInstances", "cos:GetBucketPolicy", "cos:GetService", "cos:GetBucketACL", "es:DescribeInstances", "emr:DescribeInstances", "cvm:DescribeAutoSnapshotPolicies", "cvm:DescribeCbsStorages", "postgres:Describe*", "postgres:Inquiry*", "antiddos:Describe*", "cwp:Describe*", "cwp:Export*", "cwp:Check*", "cos:GetBucketReferer", "cos:GetBucketLogging", "cos:GetBucketEncryption", "cos:GetBucketReplication", "cos:GetBucketPolicy", "cdb:DescribeDBInstances", "mariadb:DescribeDBInstances", "redis:DescribeInstances", "postgres:DescribeDBInstances", "dcdb:DescribeDCDBInstances", "cynosdb:DescribeClusters", "cynosdb:DescribeClusterDetail", "emr:DescribeInstances", "emr:DescribeInstancesList", "tke:DescribeClusters", "tke:DescribeClusterAuthenticationOptions", "tke:DescribeEKSContainerInstances", "cvm:DescribeDiskAssociatedAutoSnapshotPolicy", "cvm:DescribeSecurityGroups", "cvm:DescribeDiskAssociatedAutoSnapshotPolicy", "vpc:DescribeAddressTemplates", "vpc:DescribeAddressTemplateGroups", "tse:DescribeSREInstances", "tse:DescribeSREInstanceAccessAddress", "monitor:GetMonitorData", "tcss:Describe*", "tcss:Export*" ], "resource": [ "*" ] } ] }