CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
集团账号管理 | Orgnization_QCSLinkedRoleInCIC | 服务相关角色 | cic.organization.cloud.tencent.com |
集团账号管理 | Organization_QCSLinkedRoleInDefaultMng | 服务相关角色 | defaultmng.organization.cloud.tencent.com |
集团账号管理 | Orgnization_QCSLinkedRoleInServiceControl | 服务相关角色 | servicecontrol.orgnization.cloud.tencent.com |
使用场景: 当前角色为集团账号(Organization)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cam:AttachRolesPolicy",
"cam:GetRole",
"cam:CreateRole",
"cam:DeleteRole",
"cam:CreatePolicy",
"cam:DeletePolicy",
"cam:UpdatePolicy",
"cam:GetPolicy",
"cam:ListPolicies",
"cam:CreateSAMLProvider",
"cam:DeleteSAMLProvider",
"cam:UpdateSAMLProvider",
"cam:AddUser",
"cam:DeleteUser",
"cam:UpdateUser",
"cam:CreateSubAccounts",
"cam:DeleteUser",
"organization:DescribeOrganization",
"organization:CreateOrgMemberProductServiceRole",
"cam:AttachRolePolicies",
"cam:DetachRolePolicies",
"cam:DescribeCICUserSAMLConfig",
"cam:AddSubAccount",
"cam:GetUser",
"cam:UpdateSubAccountType",
"cam:CheckSubAccountName",
"cam:GetSAMLProvider",
"cam:CreateCICUserSAMLConfig",
"cam:ListAttachedRolePolicies",
"organization:DescribeOrganizationMembers",
"cam:DeleteApiKey"
],
"resource": "*"
}
]
}
使用场景: 当前角色为集团账号管理(Organization)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
{
"version": "2.0",
"statement": [
{
"action": [
"finance:DescribeBillSummaryByProduct",
"cam:GetAccountSummary",
"intlpartnersmgt:DescribeBillSummaryByProduct"
],
"resource": "*",
"effect": "allow"
}
]
}
使用场景: 当前角色为集团账号管理(Orgnization)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"cam:CreateServiceLinkedRole",
"cam:DeleteServiceLinkedRole",
"cam:GetRole",
"cam:CreateRole",
"cam:AttachRolePolicy",
"cam:DeleteRole"
]
}
]
}
本页内容是否解决了您的问题?