服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
材料研究平台 | MRP_QCSLinkedRoleInSimulate | 服务相关角色 | simulate.mrp.cloud.tencent.com |
材料研究平台 | MRP_QCSLinkedRoleInCloudShell | 服务相关角色 | cloudshell.mrp.cloud.tencent.com |
MRP_QCSLinkedRoleInSimulate
使用场景: 当前角色为材料研究平台(MRP)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForMRPLinkedRoleInSimulate
- 策略内容:
{ "version": "2.0", "statement": [ { "action": [ "cos:PutBucket", "cos:GetBucket", "cos:HeadBucket", "cos:DeleteBucket", "cos:PutBucketACL", "cos:GetBucketACL", "cos:PutBucketCORS", "cos:GetBucketCORS", "cos:DeleteBucketCORS", "cos:PutObject", "cos:PutObjectCopy", "cos:PostObject", "cos:GetObject", "cos:HeadObject", "cos:DeleteObject", "cos:DeleteMultipleObjects", "cos:OptionsObject", "cos:PostObjectRestore", "cos:PutObjectACL", "cos:GetObjectACL", "cos:InitiateMultipartUpload", "cos:UploadPart", "cos:UploadPartCopy", "cos:CompleteMultipartUpload", "cos:AbortMultipartUpload", "cos:ListParts", "cos:ListMultipartUploads", "cvm:DescribeInstances", "cvm:DescribeInstanceVncUrl", "cvm:InquiryPriceRunInstances", "cvm:InquiryPriceRenewInstances", "cvm:InquiryPriceResetInstance", "cvm:InquiryPriceResetInstancesType", "cvm:InquiryPriceResizeInstanceDisks", "cvm:RunInstances", "cvm:StartInstances", "cvm:RebootInstances", "cvm:StopInstances", "cvm:RenewInstances", "cvm:ResetInstance", "cvm:TerminateInstances", "cvm:ResetInstancesType", "cvm:ResizeInstanceDisks", "cvm:ResetInstancesPassword", "cvm:ModifyInstancesAttribute", "cvm:ModifyInstancesProject", "cvm:ModifyInstancesRenewFlag", "cvm:DescribeInstancesStatus", "cvm:DescribeImages", "cvm:DescribeImageSharePermission", "cvm:CreateImage", "cvm:ModifyImageSharePermission", "cvm:SyncImages", "cvm:ModifyImageAttribute", "cvm:DeleteImages", "batch:TerminateComputeNodes", "batch:TerminateComputeNode", "batch:ModifyComputeEnv", "batch:DetachInstances", "batch:DescribeComputeEnvs", "batch:DescribeComputeEnvCreateInfos", "batch:DescribeComputeEnvCreateInfo", "batch:DescribeComputeEnvActivities", "batch:DescribeComputeEnv", "batch:DeleteComputeEnv", "batch:CreateCpmComputeEnv", "batch:CreateComputeEnv", "batch:AttachInstances", "tke:ModifyClusterEndpointSP", "tke:ModifyClusterAttribute", "tke:DescribeClusterSecurity", "tke:DescribeClusters", "tke:DescribeClusterEndpointVipStatus", "tke:DescribeClusterEndpointStatus", "tke:DeleteClusterEndpointVip", "tke:DeleteClusterEndpoint", "tke:DeleteCluster", "tke:CreateClusterEndpointVip", "tke:CreateClusterEndpoint", "tke:CreateCluster", "tke:AcquireClusterAdminRole", "vpc:DescribeSubnetEx", "finance:trade", "batch:DescribeJob", "batch:DeleteJob", "batch:DescribeJobSubmitInfo", "batch:DescribeJobs", "batch:RetryJobs", "batch:SubmitJob", "batch:TerminateJob", "cam:PassRole" ], "resource": "*", "effect": "allow" } ] }
MRP_QCSLinkedRoleInCloudShell
使用场景: 当前角色为材料研究平台(MRP)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForMRPLinkedRoleInCloudShell
- 策略内容:
{ "version": "2.0", "statement": [ { "action": [ "cos:PutBucket", "cos:GetBucket", "cos:HeadBucket", "cos:DeleteBucket", "cos:PutBucketACL", "cos:GetBucketACL", "cos:PutBucketCORS", "cos:GetBucketCORS", "cos:DeleteBucketCORS", "cos:PutObject", "cos:PutObjectCopy", "cos:PostObject", "cos:GetObject", "cos:HeadObject", "cos:DeleteObject", "cos:DeleteMultipleObjects", "cos:OptionsObject", "cos:PostObjectRestore", "cos:PutObjectACL", "cos:GetObjectACL", "cos:InitiateMultipartUpload", "cos:UploadPart", "cos:UploadPartCopy", "cos:CompleteMultipartUpload", "cos:AbortMultipartUpload", "cos:ListParts", "cos:ListMultipartUploads", "cos:GetObjectTagging", "vpc:DescribeVpcEx", "vpc:DescribeVpcLimits", "vpc:DescribeSubnet", "vpc:DescribeSubnetEx", "vpc:CreateVpc", "vpc:CreateSubnet", "cvm:DescribeSecurityGroups", "cvm:DescribeSecurityGroupLimits", "cvm:CreateSecurityGroup", "cvm:CreateSecurityGroupPolicy", "cvm:ModifySecurityGroupPolicys", "cvm:DescribeImages", "cvm:RunInstances", "cvm:DescribeInstances", "cvm:DescribeInstancesStatus", "cvm:InquiryPriceRunInstances", "cvm:InquiryPriceRenewInstances", "cvm:InquiryPriceResetInstance", "cvm:InquiryPriceResizeInstanceDisks", "cvm:TerminateInstances", "cvm:ResetInstance", "cvm:StartInstances", "cvm:RenewInstances", "cvm:ResetInstancesType", "cvm:ResizeInstanceDisks" ], "resource": "*", "effect": "allow" }, { "effect": "allow", "action": "finance:trade", "resource": [ "qcs::cos:::*", "qcs::cvm:::*" ] } ] }