tencent cloud

Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

Orgnization_QCSLinkedRoleInCIC

Use Cases： The current role is the Organization service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

• Policy Name： QcloudAccessForOrganizationLinkedRoleInCIC
• Policy Information：

{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "cam:AttachRolesPolicy",
                "cam:GetRole",
                "cam:CreateRole",
                "cam:DeleteRole",
                "cam:CreatePolicy",
                "cam:DeletePolicy",
                "cam:UpdatePolicy",
                "cam:GetPolicy",
                "cam:ListPolicies",
                "cam:CreateSAMLProvider",
                "cam:DeleteSAMLProvider",
                "cam:UpdateSAMLProvider",
                "cam:AddUser",
                "cam:DeleteUser",
                "cam:UpdateUser",
                "cam:CreateSubAccounts",
                "cam:DeleteUser",
                "organization:DescribeOrganization",
                "organization:CreateOrgMemberProductServiceRole",
                "cam:AttachRolePolicies",
                "cam:DetachRolePolicies",
                "cam:DescribeCICUserSAMLConfig",
                "cam:AddSubAccount",
                "cam:GetUser",
                "cam:UpdateSubAccountType",
                "cam:CheckSubAccountName",
                "cam:GetSAMLProvider",
                "cam:CreateCICUserSAMLConfig",
                "cam:ListAttachedRolePolicies",
                "organization:DescribeOrganizationMembers",
                "cam:DeleteApiKey"
            ],
            "resource": "*"
        }
    ]
}

Organization_QCSLinkedRoleInDefaultMng

Use Cases： The current role is the Organization service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

• Policy Name： QcloudAccessForOrganizationLinkedRoleInDefaultMng
• Policy Information：

{
    "version": "2.0",
    "statement": [
        {
            "action": [
                "finance:DescribeBillSummaryByProduct",
                "cam:GetAccountSummary",
                "intlpartnersmgt:DescribeBillSummaryByProduct"
            ],
            "resource": "*",
            "effect": "allow"
        }
    ]
}

Orgnization_QCSLinkedRoleInServiceControl

Use Cases： The current role is the Orgnization service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

• Policy Name： QcloudAccessForOrganizationLinkedRoleInServiceControl
• Policy Information：

{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "resource": [
                "*"
            ],
            "action": [
                "cam:CreateServiceLinkedRole",
                "cam:DeleteServiceLinkedRole",
                "cam:GetRole",
                "cam:CreateRole",
                "cam:AttachRolePolicy",
                "cam:DeleteRole"
            ]
        }
    ]
}