tencent cloud

Detect AI Fraud with Tencent eKYC！Intercept 99%+ Deepfake Attacks!

Stream Compute Service

Releases Notes and Announcements

Product Introduction

Purchase Guide

Configuration Adjustments

Getting Started

Preparations

Creating a Private Cluster

Creating a SQL Job

Creating a JAR Job

Creating an ETL Job

Creating a Python Job

Operation Guide

Managing Jobs

Developing Jobs

Developing Jobs in Batches

Advanced Job Parameters

Setting the Maximum Parallelism of a Job

Configuring Job Resources

Managing Versions

Monitoring Jobs

Viewing Monitoring Information

Configuring Monitoring Alarms (Numerical Metrics)

Configuring Event Alarms (Events)

Monitoring Metric List

Connecting to Prometheus

Viewing the Flink UI of a Job

Job Logs

Configuring Running Log Collection for a Job

Events and Diagnosis

Diagnosis with Logs

Viewing Critical Events

Events

Checkpointing Failure

Job Failure

Abnormal TaskManager Pod Exit

Abnormal JobManager Pod Exit

TaskManager Full GC Too Long

Too-High TaskManager CPU Load

High/Severe TaskManager Backpressure

JobManager CPU Load Too High

JobManager Full GC Too Long

Managing Metadata

Tuning Jobs

Managing Dependencies

Managing Clusters

Viewing the Information of a Cluster

Scaling Out a Cluster

Terminating a Cluster

Scaling In a Cluster

Migrating a Cluster

Customizing DNS Service

Testing Network Connectivity

Managing Permissions

Overview

Configuring Basic Permissions

Space Role Permissions

SQL Developer Guide

Overview

Glossary and Data Types

DDL Statements

DML Statements

Merging MySQL CDC Sources

Connectors

SET Statement

Flink Configuration Items

Operators and Built-in Functions

Overview

Comparison with Flink Built-in Functions

Type Conversion Functions

Date and Time Functions

Aggregate Functions

Time Window Functions

Other Functions

Identifiers and Reserved Words

Naming Rules

Reserved Words

Python Developer Guide

ETL Developer Guide

Connectors

DocumentationStream Compute ServiceOperation GuideManaging PermissionsConfiguring Basic Permissions

Configuring Basic Permissions

Download PDF

Last updated: 2023-11-08 10:18:35

Configuring Basic Permissions

Last updated: 2023-11-08 10:18:35

Download PDF

This document describes how a root account grants a Stream Compute Service sub-user the required permissions. If you are a sub-user, contact your root account to grant you the permissions. The specific authorization steps are as follows.
CAM policy
Stream Compute Service uses the unified Tencent Cloud CAM service to help organizations manage users' access to their resources. For details, see Cloud Access Management.
Granting a sub-user access to Stream Compute Service
By default, a root account has access to all Stream Compute Service resources, but a sub-account has no access to these resources. If you try to access Stream Compute Service with a sub-account, a CAM authentication error will occur.
In this case, the root account needs to associate the sub-account with the predefined policy QcloudOceanusFullAccess in the CAM console as instructed in Authorization Management. After the sub-account is associated with the policy QcloudOceanusFullAccess, it will have access to Stream Compute Service. For details, see CAM.
Access to other services
The underlying system services of Stream Compute Service must be authorized to access various cloud service resources such as CKafka, COS, and CLS via your VPC. This is the most basic authorization required for the proper running of the Stream Compute Service system.
When this authorization is required during the use of Stream Compute Service, the authorization page will automatically appear. However, only a root account, a sub-user with QcloudCamRoleFullAccess, and a sub-user with QcloudCamSubaccountsAuthorizeRoleFullAccess can perform this operation for themselves.
In the other case, a sub-account is granted an additional PassRole.
Granting a sub-account a PassRole
When a user logs in with a sub-account, although the above authorizations have been completed and the Oceanus_QCSRole role created successfully, the underlying system services of Stream Compute Service still cannot play the Oceanus_QCSRole role.
In this case, the root account or a sub-account with the admin permission needs to grant the sub-account the PassRole permissions, so that PassRole can pass the Stream Compute Service role to the underlying system services. After the settings, the underlying system services can access various cloud service resources such as CKafka, COS, and CLS via your VPC.
Steps: The root account or a sub-account with the admin permission creates a policy and grants the sub-account the cam:PassRole permission.
Policy content
{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": "cam:PassRole",
            "resource": "qcs::cam::uin/${OwnerUin}:roleName/Oceanus_QCSRole"
        }
    ]
}
Note
 OwnerUin in the policy refers to the account ID ‍of the root account.
For how to create a policy, see Creating Custom Policy.
For authorization, see Authorization Management.
Directions
1. On the Create by Policy Syntax page, select Blank Template,
2. enter the above policy content (replace the UIN of the root account with your UIN) on the Edit Policy page,
3. go back to the User List page, click Authorize of
4. the target user, select the policy created, and click OK.
﻿
Note
Till now, the sub-account can properly access Stream Compute Service and various cloud resources such as CKafka, COS, and CLS via VPC in the Stream Compute Service console. To control access to jobs and resources at a finer granularity, see Space Role Permissions.
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

No

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

Hong Kong, China

+852 800 906 020 (Toll Free)

United States

+1 844 606 0804 (Toll Free)

United Kingdom

+44 808 196 4551 (Toll Free)

Canada

+1 888 605 7930 (Toll Free)

Australia

+61 1300 986 386 (Toll Free)

EdgeOne hotline

+852 300 80699

More local hotlines coming soon

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

Financial Services

Financial Services Solution

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Real Estate

Tencent Cloud LinkBase(Weiling)

E-commerce

E-commerce retail solutions

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha