- 产品简介
- 购买指南
- 快速入门
- 用户指南
- 支持角色的业务
- 支持CAM的业务接口
- 实践教程
- 商用案例
- API 文档
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- 常见问题
- 词汇表
- 产品简介
- 购买指南
- 快速入门
- 用户指南
- 支持角色的业务
- 支持CAM的业务接口
- 实践教程
- 商用案例
- API 文档
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- 常见问题
- 词汇表
服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 弹性微服务 | TEM_QCSLinkedRoleInTEMAPI | 服务相关角色 | temapi.tem.cloud.tencent.com |
| 弹性微服务 | TEM_QCSLinkedRoleInTEMLog | 服务相关角色 | cvm.qcloud.com temlog.tem.cloud.tencent.com |
| 弹性微服务 | TEM_QCSLinkedRoleInAccessCluster | 服务相关角色 | accesscluster.tem.cloud.tencent.com |
| 弹性微服务 | TEM_QCSLinkedRoleInAccessResourceService | 服务相关角色 | accessresourceservice.tem.cloud.tencent.com |
TEM_QCSLinkedRoleInTEMAPI
使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTEMLinkedRoleInTEMApi
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"apm:CreatePAASInstance",
"apm:DescribeApmAgent",
"apm:DescribeTopology",
"apm:DeletePAASInstance",
"apm:DescribePAASTopology",
"tcb:CreateCloudBaseRunServerVersionWithMicroService"
]
}
]
}
TEM_QCSLinkedRoleInTEMLog
使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTEMLinkedRoleInTEMLog
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"cls:listTopic",
"cls:getTopic",
"cls:createTopic",
"cls:modifyTopic",
"cls:listMachineGroup",
"cls:getMachineGroup",
"cls:createMachineGroup",
"cls:modifyMachineGroup",
"cls:deleteMachineGroup",
"cls:getMachineStatus",
"cls:pushLog",
"cls:agentHeartBeat",
"cls:getConfig"
]
}
]
}
TEM_QCSLinkedRoleInAccessCluster
使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTEMLinkedRoleInAccessCluster
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"tse:DescribeSREInstances",
"tse:DescribeSREInstanceAccessAddress",
"tse:DescribeSREGlobalConfigs",
"tke:DescribeClusters",
"tcr:CreateNamespacePersonal",
"tcr:DeleteNamespacePersonal",
"tcr:DescribeRepositoryOwnerPersonal",
"tcr:DeleteRepositoryPersonal",
"tcr:DeleteImagePersonal",
"tcr:CreateRepositoryPersonal",
"tcr:BatchDeleteRepositoryPersonal",
"tcr:BatchDeleteImagePersonal",
"tcr:CreateInstanceToken",
"tcr:DescribeInstanceToken",
"tcr:DeleteInstanceToken",
"tcr:DescribeRepositories",
"tcr:PullRepository",
"tcr:PullRepositoryPersonal",
"cls:searchLog",
"cls:getTopic",
"cls:getIndex",
"cls:CreateIndex",
"cls:modifyIndex",
"cls:DeleteIndex",
"cfs:DescribeCfsFileSystems",
"cfs:DescribeMountTargets",
"vpc:DescribeSubnetEx",
"vpc:DescribeSubnet",
"apm:CreateApmInstance",
"apm:ModifyApmInstance",
"apm:TerminateApmInstance",
"apm:CreatePAASInstance",
"apm:DeletePAASInstance",
"apm:DescribeApmAgent",
"apm:DescribeTopologyMetricLineData",
"apm:DescribeMetricLineData",
"apm:DescribeServiceOverview",
"apm:DescribeMetricRecords",
"cam:GetRole",
"tcr:DescribeInternalEndpoints",
"tcr:DescribeInternalEndpointDnsStatus",
"tcr:CreateInternalEndpointDns",
"tcr:DuplicateImagePersonal",
"tcr:DescribeInstances",
"tcr:CreateInstance",
"tcr:DescribeNamespaces",
"tcr:CreateNamespace",
"tcr:CreateRepository",
"tcr:DescribeRepositories",
"tcr:ManageInternalEndpoint",
"tcr:PushRepository",
"tcr:PushRepositoryPersonal",
"monitor:DescribePrometheusInstances",
"monitor:UpgradeGrafanaDashboard",
"vpc:CreateVpc",
"vpc:CreateSubnet",
"vpc:DescribeVpcEx",
"vpc:DeleteNatGateway",
"vpc:CreateNatGateway",
"vpc:CreateRoute",
"vpc:EnableRoutes",
"vpc:DeleteRoute",
"vpc:DescribeNatGateways",
"vpc:DescribeRouteTable",
"cvm:ReleaseAddresses",
"monitor:TerminatePrometheusInstances",
"monitor:CreatePrometheusMultiTenantInstancePostPayMode"
],
"resource": [
"*"
]
}
]
}
TEM_QCSLinkedRoleInAccessResourceService
使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTEMLinkedRoleInAccessResourceService
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"tcb:DescribeCloudBaseGWAPI",
"tcb:DescribeCloudBaseRunServer",
"tcb:DescribeCloudBaseRunServers",
"tcb:DescribeCloudBaseRunServerVersion",
"tcb:DescribeEnvLimit",
"tcb:DescribeCloudBaseRunPodList",
"tcb:DescribeICPResources",
"tcb:DescribePostPackage",
"tcb:DescribeCloudBaseGWService",
"tcb:DescribeCurveData",
"tcb:SearchClsLog",
"tcb:DescribeCloudBaseRunImages",
"tcb:DescribeCloudBaseRunServerFlowConf",
"tcb:CreateCloudBaseRunServerVersion",
"tcb:CreateCloudBaseGWAPI",
"tcb:ModifyCloudBaseGWAPIPublicAccess",
"tcb:ModifyCloudBaseGWAPIAccessType",
"tcb:ModifyCloudBaseRunServerVersion",
"tcb:CreatePostpayPackage",
"tcb:DeleteCloudBaseRunImageRepo",
"tcb:DeleteCloudBaseRunServer",
"tcb:DeleteCloudBaseRunServerVersion",
"tcb:EstablishCloudBaseRunServer",
"tcb:ModifyCloudBaseRunServerFlowConf",
"tcb:RollUpdateCloudBaseRunServerVersion",
"tcb:DescribeEnvs",
"tcb:DestroyEnv",
"tcb:CheckTcbService",
"tcb:ModifyEnv",
"tcb:DescribeCloudBaseRunVersionException"
],
"resource": [
"*"
]
}
]
}
是
否
本页内容是否解决了您的问题?