服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 高性能计算平台 | THPC_QCSLinkedRoleInWorkspace | 服务相关角色 | wks.thpc.cloud.tencent.com |
| 高性能计算平台 | THPC_QCSLinkedRoleInAcrossService | 服务相关角色 | acrossservice.thpc.cloud.tencent.com |
THPC_QCSLinkedRoleInWorkspace
使用场景: 当前角色为工作空间(Workspace)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForWKSLinkedRoleInAcrossService
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cvm:RunInstances", "cvm:DescribeInstances", "cvm:TerminateInstances", "cvm:DescribeUserAvailableInstanceTypes", "cvm:DescribeInstanceConfigInfos", "cvm:DescribeImages", "cvm:CreateLaunchTemplate", "cvm:DeleteLaunchTemplate", "cvm:DescribeLaunchTemplateVersions", "cvm:RenewInstances", "cvm:DescribeInstancesStatus", "cvm:ModifyInstancesRenewFlag", "cvm:InquiryPriceRunInstances", "cvm:InquiryStoragePrice", "cvm:SwitchParameterRunInstances", "cvm:SwitchParameterRenewInstances", "cvm:SwitchParameterTerminateInstances", "tag:GetTagValues", "tag:DescribeResourceTagsByResourceIds", "tag:DescribeTags", "tag:DescribeTagKeys", "tag:ModifyResourceTags", "tag:AttachResourcesTag", "tag:DetachResourcesTag", "vpc:DescribeVpcEx", "vpc:DescribeSubnetEx", "vpc:CheckBandwidthPackage", "cvm:DescribeZones" ], "resource": "*" }, { "action": [ "finance:trade" ], "effect": "allow", "resource": [ "qcs::cvm:::*", "qcs::thpc:::*" ] } ] }
THPC_QCSLinkedRoleInAcrossService
使用场景: 当前角色为高性能计算平台(THPC)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTHPCLinkedRoleInAcrossService
- 策略内容:
{ "version": "2.0", "statement": [ { "action": [ "tat:RunCommand", "tat:DescribeInvocationTasks", "tat:DescribeAutomationAgentStatus", "as:DescribeAutoScalingGroups", "as:ScaleOutInstances", "as:DescribeAutoScalingActivities", "as:ModifyDesiredCapacity", "as:RemoveInstances", "cvm:RunInstances", "cvm:DescribeInstances", "cvm:TerminateInstances", "cvm:DescribeImages", "tat:DescribeInvocations", "cfs:CreateCfsFileSystem", "cfs:DescribeCfsFileSystems", "cfs:DescribeMountTargets", "goosefs:DescribeFileSystems", "cvm:CreateLaunchTemplate", "cvm:DeleteLaunchTemplate", "cvm:DescribeLaunchTemplateVersions", "finance:trade", "kms:BindCloudResource", "cos:GetObject", "batch:AttachInstances", "batch:DetachInstances", "batch:CreateComputeEnv", "batch:DeleteComputeEnv", "batch:DescribeComputeEnvs", "batch:DescribeComputeEnv", "batch:SubmitJob", "batch:TerminateJob", "batch:DeleteJob", "batch:DescribeJobs", "batch:DescribeJob", "batch:DescribeJobSubmitInfo", "cvm:RenewInstances", "cvm:DescribeInstancesStatus", "cvm:ModifyInstancesRenewFlag", "cvm:InquiryPriceRunInstances", "cvm:InquiryStoragePrice", "cvm:SwitchParameterRunInstances", "cvm:SwitchParameterRenewInstances", "cvm:SwitchParameterTerminateInstances", "tag:GetTagValues", "tag:DescribeResourceTagsByResourceIds", "tag:DescribeTags", "tag:DescribeTagKeys", "tag:ModifyResourceTags", "tag:AttachResourcesTag", "tag:DetachResourcesTag", "vpc:DescribeVpcEx", "vpc:DescribeSubnetEx", "vpc:CheckBandwidthPackage", "cvm:*", "tcr:DescribeInstances", "tcr:CreateInstanceToken", "tcr:DescribeRepositories", "tcr:DescribeImages", "tcr:DescribeRegions", "cfs:DeleteCfsFileSystem", "tcr:PullRepository", "tcr:PullRepositoryPersonal", "batch:Describe*", "batch:TerminateComputeNode", "batch:ModifyComputeEnv", "batch:RetryJobs", "batch:TerminateTaskInstance", "batch:TerminateComputeNodes", "batch:CreateTaskTemplate", "batch:ModifyTaskTemplate", "batch:DeleteTaskTemplates", "batch:ValidateBatchAssumeRole", "batch:*" ], "resource": "*", "effect": "allow" } ] }
