tencent cloud

All product documents
Cloud Access Management
DocumentationCloud Access ManagementCAM-Enabled RoleEssential Storage ServiceCloud Object Storage
Cloud Object Storage
Download PDF
Last updated: 2025-03-26 10:08:01
Cloud Object Storage
Last updated: 2025-03-26 10:08:01
Download PDF

Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

Product Role Name Role Types Role Entity
COS COS_QCSLinkedRoleInCOSAcc Service-Related Roles COSAcc.COS.cloud.tencent.com
COS COS_QCSLinkedRoleInCLSAccess Service-Related Roles cosoclsr.cos.cloud.tencent.com
COS COS_QCSLinkedRoleInLighthouseMounting Service-Related Roles lhmounting.cos.cloud.tencent.com

COS_QCSLinkedRoleInCOSAcc

Use Cases: The current role is the COS service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForCOSLinkedRoleInCOSAcc
  • Policy Information:
{
    "statement": [
        {
            "action": [
                "cos:*"
            ],
            "effect": "allow",
            "resource": "*"
        }
    ],
    "version": "2.0"
}

COS_QCSLinkedRoleInCLSAccess

Use Cases: Object Storage Service (COS) operation permissions include but are not limited to the following permissions: Add, delete, and modify log service (CLS) log sets, log topics, logs, add, delete, and modify machine groups, add, delete, and modify indexes, and delivery logs, etc.
Authorization Polices

  • Policy Name: QcloudAccessForCOSLinkedRoleInCosoclsr
  • Policy Information:
{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "cls:CreateIndex",
                "cls:ModifyIndex",
                "cls:DescribeIndex",
                "cls:CreateTopic",
                "cls:ModifyTopic",
                "cls:DeleteTopic",
                "cls:DescribeTopics",
                "cls:ModifyLogset",
                "cls:DeleteLogset",
                "cls:CreateLogset",
                "cls:DescribeLogsets",
                "tag:DescribeResourceTagsByResourceIds",
                "tag:DescribeTagKeys",
                "tag:DescribeTagValues",
                "tag:DescribeResourceTags",
                "tag:TagResources",
                "tag:DescribeTags"
            ],
            "resource": "*"
        }
    ]
}

COS_QCSLinkedRoleInLighthouseMounting

Use Cases: The current role is the COS service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForCOSLinkedRoleInLighthouseMounting
  • Policy Information:
{
    "statement": [
        {
            "action": [
                "tat:DescribeCommands",
                "tat:RunCommand",
                "tat:InvokeCommand",
                "tat:DescribeInvocations",
                "tat:DescribeInvocationTasks",
                "tat:DescribeAutomationAgentStatus",
                "tat:CancelInvocation",
                "tat:DescribeInstancesFeatureStatus"
            ],
            "effect": "allow",
            "resource": "*"
        }
    ],
    "version": "2.0"
}
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support