tencent cloud

피드백

Tencent Smart Advisor

마지막 업데이트 시간:2024-11-26 10:00:09

    Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

    Product Role Name Role Types Role Entity
    Tencent Cloud Advisor Advisor_QCSLinkedRoleInBusinessContinuity Service-Related Roles businesscontinuity.advisor.cloud.tencent.com

    Advisor_QCSLinkedRoleInBusinessContinuity

    Use Cases: The current role is the Advisor service role, this role is used to Advisor to access CVM, VPC, COS and other service resources, without the need for user escrow keys, and the operation is more efficient and safe.
    Authorization Polices

    • Policy Name: QcloudAccessForAdvisorLinkedRoleInBusinessContinuity
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "action": [
                    "cvm:Describe*",
                    "cvm:Inquiry*",
                    "vpc:Describe*",
                    "vpc:Inquiry*",
                    "vpc:Get*",
                    "monitor:Describe*",
                    "monitor:Get*",
                    "cam:ListUsersForGroup",
                    "cam:ListGroups",
                    "cam:GetGroup",
                    "clb:Describe*",
                    "cos:List*",
                    "cos:Get*",
                    "cos:Head*",
                    "cos:OptionsObject",
                    "cdb:Describe*",
                    "mongodb:Describe*",
                    "redis:Describe*",
                    "redis:Get*",
                    "redis:Inquiry*",
                    "es:Describe*",
                    "emr:Describe*",
                    "emr:Inquiry*",
                    "emr:Check*",
                    "emr:List*",
                    "emr:Describle*",
                    "cloudaudit:LookUpEvents",
                    "cdn:Describe*",
                    "cdn:Get*",
                    "cdn:List*",
                    "ssl:Describe*",
                    "tag:Get*",
                    "ckafka:Get*",
                    "ckafka:List*",
                    "ckafka:Describe*",
                    "tdmq:Describe*",
                    "scf:Get*",
                    "scf:List*",
                    "cam:GetRole",
                    "cam:ListAttachedRolePolicies",
                    "cls:getLogset",
                    "cls:getTopic",
                    "cls:listTopic",
                    "apigw:Describe*",
                    "cmqtopic:GetTopicAttributes",
                    "cmqtopic:GetSubscriptionAttributes",
                    "tsf:Describe*",
                    "tsf:Get*",
                    "tsf:List*",
                    "tsf:Search*",
                    "tsf:Find*",
                    "tsf:ImageUserIsExists",
                    "tsf:ImageGetRepositoryList",
                    "tsf:DscribeTasks",
                    "tbase:Describe*",
                    "tdach:Describe*",
                    "tdapg:Describe*",
                    "dcdb:Describe*",
                    "tke:Describe*",
                    "live:Describe*",
                    "im:Describe*",
                    "im:CheckIfIMNewUser",
                    "cfw:Describe*",
                    "waf:WafGet*",
                    "waf:WAFGetUserInfo",
                    "waf:WafDownloadAlerts",
                    "waf:WafPackagePrice",
                    "waf:WafAreaBanGetAreas",
                    "waf:WafFreqGetRuleList",
                    "waf:WafAntiFakeGetUrl",
                    "waf:WafInterface",
                    "waf:WafClsOverview",
                    "waf:QueryFlows",
                    "waf:WafDownloadRecords",
                    "waf:WafDownloadlogs",
                    "waf:WafSearchLogs",
                    "waf:WafDNSdetectGet*",
                    "waf:BotGet*",
                    "waf:Get*",
                    "waf:Search*",
                    "waf:BotV2Get*",
                    "wss:CertGetList",
                    "waf:Describe*",
                    "tag:DescribeResourceTagsByResourceIds",
                    "mariadb:Describe*",
                    "antiddos:Describe*",
                    "cam:DescribeSafeAuthFlagColl",
                    "cam:ListUsers",
                    "cam:DescribeSubAccounts",
                    "ccs:DescribeCluster",
                    "sms:SmsPackagesStatistics",
                    "domain:*",
                    "sms:CallbackStatusStatistics",
                    "sms:SendStatusStatistics",
                    "dc:DescribeDirectConnects",
                    "dc:DescribeDirectConnectTunnels",
                    "trtc:Describe*",
                    "trtc:Get*",
                    "trtc:ShowRoomList",
                    "trtc:ShowUserList",
                    "trtc:RemindBalance",
                    "trtc:HardDescribeMixConf",
                    "memcached:DescribeInstances",
                    "cynosdb:DescribeClusterDetail",
                    "cynosdb:DescribeRollbackTimeValidity",
                    "cynosdb:DescribeRollbackTimeRange",
                    "cynosdb:DescribeInstanceSpecs",
                    "cynosdb:DescribeInstances",
                    "cynosdb:DescribeInstanceDetail",
                    "cynosdb:DescribeDBSecurityGroups",
                    "cynosdb:DescribeClusters",
                    "cynosdb:DescribeClusterInstanceGrps",
                    "cynosdb:DescribeBackupList",
                    "cynosdb:DescribeBackupConfig",
                    "cynosdb:DescribeAccounts",
                    "dnspod:DescribeDomain",
                    "dnspod:DescribeDomainList",
                    "dnspod:DescribeDomainLogList",
                    "dnspod:DescribeDomainPurview",
                    "dnspod:DescribeDomainShareInfo",
                    "dnspod:DescribeRecord",
                    "dnspod:DescribeRecordLineList",
                    "dnspod:DescribeRecordList",
                    "dnspod:DescribeRecordType",
                    "dnspod:DescribeUserDetail",
                    "vod:DescribeCDNStatDetails",
                    "vod:DescribeSubAppIds",
                    "vod:DescribeDefaultDistributionConfig",
                    "vod:DescribeVodDomains",
                    "cwp:DescribeVulList",
                    "cfs:DescribeCfsFileSystems",
                    "cfs:DescribeAutoSnapshotPolicies",
                    "cfs:DescribeCfsSnapshots",
                    "sms:DescribeAppList",
                    "sms:DescribeVerificationCodeStatistic",
                    "sms:DescribeAntiBrushThreshold",
                    "tke:CreateInstantInspectJob",
                    "tke:DescribeInstantInspectTask",
                    "cloudaudit:DescribeEvents",
                    "clb:DescribeQuota",
                    "cdb:QueryCDBProxy",
                    "clb:DescribeClusterResources",
                    "ssl:DescribeCertificateBindResources",
                    "monitor:GetIntegrationProductList",
                    "monitor:DescribeOneClickAlarmConfigs",
                    "monitor:DescribeAlarmPolicies",
                    "antiddos:DescribeListProtocolBlockConfig",
                    "cloudhsm:DescribeVsms",
                    "kms:GetServiceStatus",
                    "as:DescribeAutoScalingInstances",
                    "billing:DescribeCostSummaryByProduct",
                    "finance:DescribeBillSummaryByProduct",
                    "tke:ListClusterInspectionResultsItems",
                    "tke:ListClusterInspectionResults",
                    "dnspod:DescribeSnapshotConfig",
                    "dnspod:DescribeDomainFilterList",
                    "dc:DoDcHealthInspection",
                    "teo:DescribeDefaultCertificates",
                    "teo:DescribeHostsSetting",
                    "teo:DescribeRules",
                    "teo:DescribeZones",
                    "csip:DescribeRiskCenterAssetViewVULRiskList",
                    "csip:DescribeRiskCenterAssetViewPortRiskList",
                    "csip:DescribePublicIpAssets",
                    "csip:DescribeDomainAssets",
                    "csip:DescribeCVMAssets",
                    "csip:DescribeClusterPodAssets",
                    "csip:DescribeDbAssets",
                    "lighthouse:DescribeInstances",
                    "dbbrain:DescribeDBDiagEvent",
                    "dbbrain:DescribeDBDiagEvents",
                    "live:CheckLiveHostBackupOriginSite",
                    "tse:DescribeCloudNativeAPIGateways",
                    "tse:DescribeSREInstances",
                    "dbbrain:DescribeSqlFilters",
                    "postgres:DescribeDBInstanceAttribute",
                    "postgres:DescribeDBInstances",
                    "postgres:DescribeZones",
                    "tdmq:DescribeRocketMQCluster",
                    "ckafka:DescribeInstanceAttributes",
                    "teo:DescribeSecurityPolicy",
                    "teo:DescribeDDoSPolicy",
                    "gaap:DescribeProxies",
                    "teo:DescribeZoneDDoSPolicy",
                    "tdmq:DescribeRabbitMQVipInstances",
                    "tcb:DescribeBillingInfo",
                    "tcb:DescribeQuotaData",
                    "tcb:DescribeBaasPackageList",
                    "vod:DescribeTranscodeTemplates",
                    "cam:MonitorGetProject",
                    "monitor:GetProjectsList",
                    "redis:DescribeInstances",
                    "ckafka:DescribeTopicDetail",
                    "ckafka:DescribeInstancesDetail",
                    "tcb:DescribeEnvs",
                    "tsf:DescribeGroupAttribute",
                    "tsf:DescribeContainerGroups",
                    "tsf:DescribeGroups",
                    "tsf:DescribeApplications",
                    "vpc:DescribeCcns",
                    "vpc:DescribeCcnAttachedInstances",
                    "vpc:GetCcnRegionBandwidthLimits",
                    "mariadb:DescribeDBInstanceDetail",
                    "dcdb:DescribeDCDBInstanceDetail",
                    "sqlserver:DescribeDBInstances",
                    "cdb:DescribeRoGroups",
                    "tdmq:DescribeRocketMQClusters",
                    "tdmq:DescribeRocketMQNamespaces",
                    "tdmq:DescribeRocketMQTopics",
                    "tdmq:DescribeRocketMQGroups",
                    "trocket:DescribeInstanceList",
                    "trocket:DescribeTopicList",
                    "trocket:DescribeConsumerGroupList",
                    "cos:HeadBucket",
                    "es:SmartAdvisorManage",
                    "finance:DescribeDosageCosDetailByDate",
                    "cynosdb:Describe*",
                    "teo:Describe*",
                    "cetcd:Describe*",
                    "as:DescribeAutoScalingGroups",
                    "organization:DescribeOrganization",
                    "organization:DescribeOrganizationMembers",
                    "apm:DescribeApmInstances",
                    "apm:DescribeTagValues",
                    "apm:DescribeMetricRecords",
                    "apm:DescribeServiceNodes",
                    "apm:DescribeServiceOverview",
                    "keewidb:Describe*"
                ],
                "resource": "*",
                "effect": "allow"
            },
            {
                "action": [
                    "tke:AcquireClusterKubeConfigForProduct"
                ],
                "effect": "allow",
                "resource": [
                    "qcs::tke::*:cluster\/*",
                    "qcs::tke::*:k8s\/*\/pods\/*\/get",
                    "qcs::tke::*:k8s\/*\/pods\/*\/list",
                    "qcs::tke::*:k8s\/*\/namespaces\/*\/get",
                    "qcs::tke::*:k8s\/*\/namespaces\/*\/list",
                    "qcs::tke::*:k8s\/*\/ingresses\/*\/get",
                    "qcs::tke::*:k8s\/*\/ingresses\/*\/list",
                    "qcs::tke::*:k8s\/*\/services\/*\/get",
                    "qcs::tke::*:k8s\/*\/services\/*\/list",
                    "qcs::tke::*:k8s\/*\/deployments\/*\/get",
                    "qcs::tke::*:k8s\/*\/deployments\/*\/list",
                    "qcs::tke::*:k8s\/*\/daemonsets\/*\/get",
                    "qcs::tke::*:k8s\/*\/daemonsets\/*\/list",
                    "qcs::tke::*:k8s\/*\/statefulsets\/*\/get",
                    "qcs::tke::*:k8s\/*\/statefulsets\/*\/list"
                ]
            }
        ]
    }
    
    문의하기

    고객의 업무에 전용 서비스를 제공해드립니다.

    기술 지원

    더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

    연중무휴 24시간 전화 지원