Cloud Access Management
- Product Introduction
- Getting Started
- User Guide
- Users
- Sub-Users
- Sub-User Security Credentials
- Collaborators
- Collaborator Security Credentials
- Message Recipients
- User Settings
- User Groups
- Role
- Identity Provider
- User-Based SSO
- Role-Based SSO
- Policies
- Definition
- Authorization Guide
- Syntax Logic
- Element Reference
- CAM-Enabled Role
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Compute
- Edge Computing
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- Database SaaS Tool
- CDN and Acceleration
- Network Security
- Endpoint Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- Practical Tutorial
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- API Documentation
- User APIs
- Role APIs
- Making API Requests
- Identity Provider APIs
- Policy APIs
Tencent Cloud Elastic Microservice
Last updated: 2025-03-26 10:08:47
Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.
| Product | Role Name | Role Types | Role Entity |
|---|---|---|---|
| Tencent Cloud Elastic Microservice | TEM_QCSLinkedRoleInTEMAPI | Service-Related Roles | temapi.tem.cloud.tencent.com |
| Tencent Cloud Elastic Microservice | TEM_QCSLinkedRoleInTEMLog | Service-Related Roles | cvm.qcloud.com temlog.tem.cloud.tencent.com |
| Tencent Cloud Elastic Microservice | TEM_QCSLinkedRoleInAccessCluster | Service-Related Roles | accesscluster.tem.cloud.tencent.com |
| Tencent Cloud Elastic Microservice | TEM_QCSLinkedRoleInAccessResourceService | Service-Related Roles | accessresourceservice.tem.cloud.tencent.com |
TEM_QCSLinkedRoleInTEMAPI
Use Cases: The current role is the TEM service role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEMLinkedRoleInTEMApi
- Policy Information:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"apm:CreatePAASInstance",
"apm:DescribeApmAgent",
"apm:DescribeTopology",
"apm:DeletePAASInstance",
"apm:DescribePAASTopology",
"tcb:CreateCloudBaseRunServerVersionWithMicroService"
]
}
]
}
TEM_QCSLinkedRoleInTEMLog
Use Cases: The current role is the TEM service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEMLinkedRoleInTEMLog
- Policy Information:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"cls:listTopic",
"cls:getTopic",
"cls:createTopic",
"cls:modifyTopic",
"cls:listMachineGroup",
"cls:getMachineGroup",
"cls:createMachineGroup",
"cls:modifyMachineGroup",
"cls:deleteMachineGroup",
"cls:getMachineStatus",
"cls:pushLog",
"cls:agentHeartBeat",
"cls:getConfig"
]
}
]
}
TEM_QCSLinkedRoleInAccessCluster
Use Cases: The current role is the TEM service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEMLinkedRoleInAccessCluster
- Policy Information:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"tse:DescribeSREInstances",
"tse:DescribeSREInstanceAccessAddress",
"tse:DescribeSREGlobalConfigs",
"tke:DescribeClusters",
"tcr:CreateNamespacePersonal",
"tcr:DeleteNamespacePersonal",
"tcr:DescribeRepositoryOwnerPersonal",
"tcr:DeleteRepositoryPersonal",
"tcr:DeleteImagePersonal",
"tcr:CreateRepositoryPersonal",
"tcr:BatchDeleteRepositoryPersonal",
"tcr:BatchDeleteImagePersonal",
"tcr:CreateInstanceToken",
"tcr:DescribeInstanceToken",
"tcr:DeleteInstanceToken",
"tcr:DescribeRepositories",
"tcr:PullRepository",
"tcr:PullRepositoryPersonal",
"cls:searchLog",
"cls:getTopic",
"cls:getIndex",
"cls:CreateIndex",
"cls:modifyIndex",
"cls:DeleteIndex",
"cfs:DescribeCfsFileSystems",
"cfs:DescribeMountTargets",
"vpc:DescribeSubnetEx",
"vpc:DescribeSubnet",
"apm:CreateApmInstance",
"apm:ModifyApmInstance",
"apm:TerminateApmInstance",
"apm:CreatePAASInstance",
"apm:DeletePAASInstance",
"apm:DescribeApmAgent",
"apm:DescribeTopologyMetricLineData",
"apm:DescribeMetricLineData",
"apm:DescribeServiceOverview",
"apm:DescribeMetricRecords",
"cam:GetRole",
"tcr:DescribeInternalEndpoints",
"tcr:DescribeInternalEndpointDnsStatus",
"tcr:CreateInternalEndpointDns",
"tcr:DuplicateImagePersonal",
"tcr:DescribeInstances",
"tcr:CreateInstance",
"tcr:DescribeNamespaces",
"tcr:CreateNamespace",
"tcr:CreateRepository",
"tcr:DescribeRepositories",
"tcr:ManageInternalEndpoint",
"tcr:PushRepository",
"tcr:PushRepositoryPersonal",
"monitor:DescribePrometheusInstances",
"monitor:UpgradeGrafanaDashboard",
"vpc:CreateVpc",
"vpc:CreateSubnet",
"vpc:DescribeVpcEx",
"vpc:DeleteNatGateway",
"vpc:CreateNatGateway",
"vpc:CreateRoute",
"vpc:EnableRoutes",
"vpc:DeleteRoute",
"vpc:DescribeNatGateways",
"vpc:DescribeRouteTable",
"cvm:ReleaseAddresses",
"monitor:TerminatePrometheusInstances",
"monitor:CreatePrometheusMultiTenantInstancePostPayMode"
],
"resource": [
"*"
]
}
]
}
TEM_QCSLinkedRoleInAccessResourceService
Use Cases: The current role is the TEM service role,which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEMLinkedRoleInAccessResourceService
- Policy Information:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"tcb:DescribeCloudBaseGWAPI",
"tcb:DescribeCloudBaseRunServer",
"tcb:DescribeCloudBaseRunServers",
"tcb:DescribeCloudBaseRunServerVersion",
"tcb:DescribeEnvLimit",
"tcb:DescribeCloudBaseRunPodList",
"tcb:DescribeICPResources",
"tcb:DescribePostPackage",
"tcb:DescribeCloudBaseGWService",
"tcb:DescribeCurveData",
"tcb:SearchClsLog",
"tcb:DescribeCloudBaseRunImages",
"tcb:DescribeCloudBaseRunServerFlowConf",
"tcb:CreateCloudBaseRunServerVersion",
"tcb:CreateCloudBaseGWAPI",
"tcb:ModifyCloudBaseGWAPIPublicAccess",
"tcb:ModifyCloudBaseGWAPIAccessType",
"tcb:ModifyCloudBaseRunServerVersion",
"tcb:CreatePostpayPackage",
"tcb:DeleteCloudBaseRunImageRepo",
"tcb:DeleteCloudBaseRunServer",
"tcb:DeleteCloudBaseRunServerVersion",
"tcb:EstablishCloudBaseRunServer",
"tcb:ModifyCloudBaseRunServerFlowConf",
"tcb:RollUpdateCloudBaseRunServerVersion",
"tcb:DescribeEnvs",
"tcb:DestroyEnv",
"tcb:CheckTcbService",
"tcb:ModifyEnv",
"tcb:DescribeCloudBaseRunVersionException"
],
"resource": [
"*"
]
}
]
}
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No