- 产品简介
- 购买指南
- 快速入门
- 用户指南
- 支持角色的业务
- 支持CAM的业务接口
- 实践教程
- 商用案例
- API 文档
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- 常见问题
- 词汇表
- 产品简介
- 购买指南
- 快速入门
- 用户指南
- 支持角色的业务
- 支持CAM的业务接口
- 实践教程
- 商用案例
- API 文档
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- 常见问题
- 词汇表
服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| Elasticsearch Service | ES_QCSLinkedRoleInAccessCos | 服务相关角色 | acesscos.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInDataImport | 服务相关角色 | dataimport.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInLogSyncCls | 服务相关角色 | logsynccls.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInVpcOperate | 服务相关角色 | vpcoperate.es.cloud.tencent.com |
| Elasticsearch Service | ES_QCSLinkedRoleInBeatsCollector | 服务相关角色 | beatscollector.es.cloud.tencent.com |
ES_QCSLinkedRoleInAccessCos
使用场景: 当前角色为检索服务(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForEsLinkedRoleInCosAcess
- 策略内容:
{
"statement": [
{
"action": [
"cos:GetBucket",
"cos:HeadBucket",
"cos:GetObject",
"cos:HeadObject",
"cos:PutObject",
"cos:PostObject",
"cos:InitiateMultipartUpload",
"cos:ListMultipartUploads",
"cos:ListParts",
"cos:UploadPart",
"cos:CompleteMultipartUpload",
"cos:DeleteObject",
"cos:DeleteMultipleObjects"
],
"effect": "allow",
"resource": "*"
}
],
"version": "2.0"
}
ES_QCSLinkedRoleInDataImport
使用场景: 当前角色为 Elasticsearch Service(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForESLinkedRoleInDataImport
- 策略内容:
{
"version": "2.0",
"statement": [
{
"action": [
"ckafka:DescribeInstancesDetail",
"ckafka:DescribeInstances",
"ckafka:CreateTopic",
"ckafka:DescribeTopicDetail",
"ckafka:DescribeTopic",
"ckafka:DescribeRoute",
"ckafka:CreateDatahubTopic",
"ckafka:DescribeDatahubTopic",
"ckafka:CreateConnectResource",
"ckafka:DescribeConnectResource",
"ckafka:CreateDatahubTask",
"ckafka:DescribeDatahubTask",
"tat:RunCommand",
"tat:DescribeInvocations",
"tat:DescribeAutomationAgentStatus",
"tke:DescribeClusters",
"tke:DescribeClusterReleases",
"tke:CreateClusterRelease",
"tke:UpgradeClusterRelease",
"tke:UninstallClusterRelease",
"tke:CancelClusterRelease",
"ckafka:DeleteDatahubTopic",
"ckafka:DeleteConnectResource",
"ckafka:DeleteDatahubTask",
"ckafka:DeleteDatahubGroup",
"ckafka:ModifyGroupOffsets",
"ckafka:ModifyDatahubResource",
"cvm:DescribeInstances",
"emr:DescribeClusterLogInfo",
"emr:NotifyEmr"
],
"resource": "*",
"effect": "allow"
}
]
}
ES_QCSLinkedRoleInLogSyncCls
使用场景: 当前角色为Elasticsearch Serivce(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForESLinkedRoleInLogSyncCls
- 策略内容:
{
"statement": [
{
"action": [
"cls:ModifyTopic",
"emr:AddClusterLogsToCls",
"emr:RemoveClusterLogsToCls",
"emr:DescribeInstances",
"cls:RealtimeProducer"
],
"effect": "allow",
"resource": "*"
}
],
"version": "2.0"
}
ES_QCSLinkedRoleInVpcOperate
使用场景: 当前角色为Elasticsearch Service (ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForESLinkedRoleInVpcOperate
- 策略内容:
{
"version": "1.0",
"statement": [
{
"action": [
"vpc:DescribeVpcEx",
"vpc:DescribeSubnetEx",
"vpc:CreateCcn",
"vpc:AttachCcnInstances",
"vpc:DeleteCcn",
"vpc:DetachCcnInstances",
"vpc:DescribeNetworkInterfaces",
"vpc:CreateNetworkInterface",
"vpc:DeleteNetworkInterface",
"vpc:DescribeVpcTaskResult",
"vpc:CreateVpcEndPoint",
"vpc:DescribeVpcEndPoint",
"vpc:ModifyVpcEndPointAttribute",
"vpc:DeleteVpcEndPoint",
"vpc:DisassociateVpcEndPointSecurityGroups",
"cvm:DescribeSecurityGroups"
],
"resource": "*",
"effect": "allow"
}
]
}
ES_QCSLinkedRoleInBeatsCollector
使用场景: 当前角色为 Elasticsearch Service(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForESLinkedRoleInBeatsCollector
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"tat:RunCommand",
"tat:DescribeInvocations",
"tat:DescribeAutomationAgentStatus",
"tke:DescribeClusters",
"tke:DescribeClusterReleases",
"tke:CreateClusterRelease",
"tke:UpgradeClusterRelease",
"tke:UninstallClusterRelease",
"tke:CancelClusterRelease",
"cvm:DescribeInstances",
"emr:DescribeClusterLogInfo",
"emr:NotifyEmr"
],
"resource": [
"*"
]
}
]
}
是
否
本页内容是否解决了您的问题?