- 产品简介
- 购买指南
- 快速入门
- 用户指南
- 支持角色的业务
- 支持CAM的业务接口
- 实践教程
- 商用案例
- API 文档
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- 常见问题
- 词汇表
- 产品简介
- 购买指南
- 快速入门
- 用户指南
- 支持角色的业务
- 支持CAM的业务接口
- 实践教程
- 商用案例
- API 文档
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- 常见问题
- 词汇表
服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| SSL证书 | SSL_QCSLinkedRoleInCertificateWaf | 服务相关角色 | certificatewaf.ssl.cloud.tencent.com |
| SSL证书 | SSL_QCSLinkedRoleInCertificateDependence | 服务相关角色 | certificatedependence.ssl.cloud.tencent.com |
| SSL证书 | SSL_QCSLinkedRoleInReplaceLoadCertificate | 服务相关角色 | replaceloadcertificate.ssl.cloud.tencent.com |
| SSL证书 | SSL_QCSLinkedRoleInCertificateCloudMonitor | 服务相关角色 | certificatecloudmonitor.ssl.cloud.tencent.com |
| SSL证书 | SSL_QCSLinkedRoleInDescribeDeployedResources | 服务相关角色 | describedeployedresources.ssl.cloud.tencent.com |
SSL_QCSLinkedRoleInCertificateWaf
使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInCertificateWaf
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"waf:DescribeSpartaProtectionList",
"waf:DescribeSpartaProtectionInfo",
"waf:DescribeUserInstances",
"waf:DescribeUserQPS",
"waf:DescribePeakPoints",
"waf:AddSpartaProtection",
"waf:DeleteSpartaProtection",
"waf:ModifySpartaProtection",
"waf:ModifyProtectionStatus",
"waf:DescribeDomains"
],
"resource": [
"*"
]
}
]
}
SSL_QCSLinkedRoleInCertificateDependence
使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInCertificateDependence
- 策略内容:
{
"statement": [
{
"action": [
"dnspod:CreateRecord",
"dnspod:DescribeDomain",
"dnspod:CreateDomain",
"dnspod:DescribeRecordList",
"dnspod:DeleteRecord",
"dnspod:DescribeDomain",
"dnspod:ModifyRecordStatus"
],
"effect": "allow",
"resource": "*"
}
],
"version": "2.0"
}
SSL_QCSLinkedRoleInReplaceLoadCertificate
使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInReplaceLoadCertificate
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"clb:ReplaceCertForLoadBalancers",
"waf:DescribeCertificatedDomain",
"waf:ModifyCertificatedDomain",
"live:DescribeLiveDomainsByCerts",
"live:ModifyLiveDomainCertBindings",
"antiddos:DescribeL7RulesBySSLCertId",
"antiddos:CreateL7RuleCerts",
"clb:DescribeLoadBalancerListByCertId",
"clb:DescribeLoadBalancers",
"clb:DescribeListeners",
"clb:ModifyListener",
"clb:ModifyDomainAttributes",
"clb:DescribeTaskStatus",
"cos:GetBucketDomain",
"cos:GetBucketDomainCertificate",
"cos:GetService",
"cos:PutBucketDomainCertificate",
"tke:DescribeClusters",
"tke:AcquireClusterAdminRole",
"tke:AcquireEKSClusterAdminRole",
"lighthouse:DescribeSupportHttpsInstances",
"lighthouse:InstallCertificate",
"lighthouse:DescribeInstallCertificateTasks",
"vod:DescribeVodDomainsByCertIds",
"vod:ModifyVodDomainCertBindings",
"vod:UpdateCertForVodDomains",
"clb:DescribeLoadBalancerCount",
"teo:ModifyHostsCertificateByHosts",
"teo:DescribeHostsByCertID",
"tcb:DescribeEnvs",
"tcb:DescribeCloudBaseGWService",
"tcb:DescribeHostingDomain",
"tcb:BindCloudBaseAccessDomain",
"tcb:CreateHostingDomain",
"tcb:ModifyCloudBaseAccessDomain",
"tcb:ModifyHostingDomain",
"tse:ModifyCloudNativeAPIGatewayCertificate",
"tse:DescribeCloudNativeAPIGatewayCertificates",
"tse:DescribeCloudNativeAPIGateways",
"cdn:DescribeCdnDomainsByCerts",
"cdn:UpdateDomainHttps",
"tcm:DescribeMeshList",
"tcm:DescribeIstioGatewayList",
"tcm:ModifyGatewayCert"
],
"resource": [
"*"
]
}
]
}
SSL_QCSLinkedRoleInCertificateCloudMonitor
使用场景: 当前角色为SSL 证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInCertificateCloudMonitor
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"monitor:CreateAlarmPolicy",
"monitor:DeleteAlarmPolicy",
"monitor:DescribeAlarmPolicies",
"monitor:ModifyAlarmPolicyStatus",
"monitor:BindingPolicyObject",
"monitor:UnBindingPolicyObject",
"monitor:ModifyAlarmPolicyNotice",
"monitor:CreateAlarmNotice",
"monitor:DeleteAlarmNotices",
"monitor:ModifyAlarmNotice",
"monitor:DescribeAlarmNotices",
"monitor:UnBindingAllPolicyObject"
]
}
]
}
SSL_QCSLinkedRoleInDescribeDeployedResources
使用场景: 当前角色为 SSL 证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInDescribeDeployedResources
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"clb:ReplaceCertForLoadBalancers",
"waf:DescribeCertificatedDomain",
"waf:ModifyCertificatedDomain",
"live:DescribeLiveDomainsByCerts",
"live:ModifyLiveDomainCertBindings",
"antiddos:DescribeL7RulesBySSLCertId",
"antiddos:CreateL7RuleCerts",
"clb:DescribeLoadBalancerListByCertId",
"cdn:UpdateDomainsCertificate",
"teo:DescribeHostsByCertID",
"teo:ModifyHostsCertificateByHosts"
],
"resource": [
"*"
]
}
]
}
是
否
本页内容是否解决了您的问题?