| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 数据湖计算 | DLC_QCSLinkedRoleInRayOnDLC | 服务相关角色 | rayondlc.dlc.cloud.tencent.com |
| 数据湖计算 | DLC_QCSLinkedRoleInCheckDLCResource | 服务相关角色 | checkdlcresource.dlc.cloud.tencent.com |
使用场景: 用于数据湖计算(DLC)在 Ray on DLC 场景下访问和管理相关资源的服务关联角色。用于授权DLC访问COS、VPC、CFS等腾讯云资源。
权限策略
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cos:GetService",
"cos:GetBucketACL",
"cos:PutBucketACL",
"vpc:CreateVpcPeeringConnection",
"vpc:AcceptVpcPeeringConnection",
"vpc:DeleteVpcPeeringConnection",
"vpc:DescribeVpcPeeringConnections",
"vpc:DescribeVpcs",
"vpc:DescribeRouteTable",
"vpc:CreateRoute",
"cfs:DescribeCfsFileSystems",
"cfs:DescribeMountTargets"
],
"resource": [
"*"
]
}
]
}
使用场景: 当前角色为数据湖计算 Data Lake Compute(DLC)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cos:GetService",
"cos:GetBucket",
"cos:ListMultipartUploads",
"cos:GetObject*",
"cos:HeadObject",
"cos:GetBucketObjectVersions",
"cos:OptionsObject",
"cos:ListParts",
"cos:DeleteObject",
"cos:PostObject",
"cos:PostObjectRestore",
"cos:PutObject*",
"cos:InitiateMultipartUpload",
"cos:UploadPart",
"cos:UploadPartCopy",
"cos:CompleteMultipartUpload",
"cos:AbortMultipartUpload",
"cos:DeleteMultipleObjects",
"cos:AppendObject",
"cos:HeadBucket",
"vpc:DescribeRouteTable",
"vpc:CreateRoute",
"vpc:AcceptVpcPeeringConnection",
"vpc:CreateVpcPeeringConnectionEx",
"vpc:CreateVpcPeeringConnection",
"vpc:DeleteVpcPeeringConnection",
"vpc:DeleteVpcPeeringConnectionEx",
"vpc:AcceptVpcPeeringConnectionEx",
"vpc:DescribeVpcPeeringConnections",
"cloudaudit:DescribeEvents",
"cos:GetBucket*",
"cos:PutBucket*",
"cos:DeleteBucket*",
"cos:RenameObject",
"monitor:GetMonitorData",
"chdfs:DescribeMountPoint",
"chdfs:DescribeFileSystem",
"chdfs:DescribeAccessGroups",
"chdfs:DescribeAccessRules",
"chdfs:ModifyFileSystem",
"chdfs:ModifyAccessRules",
"chdfs:CreateAccessGroup",
"chdfs:CreateAccessRules",
"chdfs:AssociateAccessGroups",
"chdfs:DisassociateAccessGroups",
"chdfs:DeleteAccessGroup",
"chdfs:DeleteAccessRules",
"vpc:DescribeAssistantCidr",
"vpc:DescribeVpcEx",
"chdfs:DescribeMountPoints",
"oceanus:DescribeWorkSpaces",
"oceanus:DescribeClusters",
"oceanus:DescribeCHDFSAccessGroups",
"oceanus:CreateCHDFSAccessGroup",
"vpc:DescribeVpcEndPoint",
"vpc:CreateVpcEndPoint",
"vpc:DeleteVpcEndPoint",
"tcr:CreateServiceAccount",
"tcr:DeleteServiceAccount",
"tcr:DescribeServiceAccounts",
"tcr:CreateMultipleSecurityPolicy",
"tcr:DescribeSecurityPolicies",
"tcr:DescribeRepositories",
"tcr:DescribeExternalEndpointStatus",
"tcr:ManageExternalEndpoint",
"tccatalog:DescribeTccCatalog",
"tccatalog:DescribeTccCatalogs",
"tccatalog:BindTccVpcEndPointServiceWhiteList",
"tccatalog:AcceptTccVpcEndPointConnect",
"tccatalog:DescribeTccVipInternal",
"ssm:GetSecretValue",
"tccatalog:DescribeMetastoreInstances",
"tccatalog:CreateTCCatalogEndpoint",
"tccatalog:CreateCatalog",
"tccatalog:DescribeCatalogs",
"tccatalog:DescribeCatalog",
"tccatalog:ModifyCatalog",
"tccatalog:DropCatalog",
"tccatalog:CreateSchema",
"tccatalog:DescribeSchema",
"tccatalog:DescribeSchemaNamesPage",
"tccatalog:DescribeSchemaNames",
"tccatalog:DropSchema",
"tccatalog:CreateTable",
"tccatalog:DescribeTable",
"tccatalog:DropTable",
"tccatalog:ModifyTableComment",
"tccatalog:DescribeTableNamesPage",
"tccatalog:DescribeTableNames",
"tccatalog:DescribeTables",
"tccatalog:AddTableColumn",
"tccatalog:DeleteTableColumn",
"tccatalog:ModifyFunction",
"tccatalog:CreateFunction",
"tccatalog:DropFunction",
"tccatalog:DescribeFunction",
"tccatalog:DescribeFunctionNamesPage",
"tccatalog:DescribeFunctions",
"tccatalog:DropView",
"tccatalog:DescribeView",
"tccatalog:DescribeViewNamesPage",
"tccatalog:DescribeViews",
"tccatalog:AddPartitionField",
"tccatalog:RemovePartitionField",
"tccatalog:DescribeTableInfo",
"tccatalog:DescribeOptimizerGroups",
"tccatalog:ModifyTableProperties",
"tccatalog:DescribeStrategyStatus",
"tccatalog:DescribeTableDataOptimization",
"tccatalog:CreateOptimizationStrategy",
"tccatalog:DescribeCatalogDataOptimization",
"tccatalog:DescribeTableOptimizationStrategy",
"tccatalog:ModifyTableOptimizationStrategy",
"tccatalog:RegisterTable",
"tccatalog:DescribeModelNamesPage",
"tccatalog:DescribeModelVersionNumbersPage",
"tccatalog:DescribeModels",
"tccatalog:CreateModel",
"tccatalog:CreateModelVersion",
"tccatalog:DescribeModel",
"tccatalog:DescribeModelNames",
"tccatalog:DescribeModelVersion",
"tccatalog:DescribeModelVersionNumbers",
"tccatalog:DescribeModelVersions",
"tccatalog:ModifyModelComment",
"tccatalog:ModifyModelName",
"tccatalog:ModifyModelProperties",
"tccatalog:ModifyModelVersionAliases",
"tccatalog:ModifyModelVersionComment",
"tccatalog:ModifyModelVersionProperties",
"tccatalog:RegisterModel",
"tccatalog:SearchModels",
"tccatalog:DropModel",
"tccatalog:DropModelVersion",
"tccatalog:SearchModelVersions",
"tccatalog:CreateUsers",
"tccatalog:DeleteUsers",
"tccatalog:DescribeUsers",
"tccatalog:ModifyUser",
"tccatalog:CreateRole",
"tccatalog:DeleteRoles",
"tccatalog:DescribeRoles",
"tccatalog:ModifyRole",
"tccatalog:GrantRolesToUser",
"tccatalog:RevokeRolesFromUser",
"tccatalog:GrantUsersToRole",
"tccatalog:RevokeUsersFromRole",
"tccatalog:GrantPermissionToRole",
"tccatalog:RevokePermissionToRole",
"tccatalog:GrantPermissionToUser",
"tccatalog:RevokePermissionToUser",
"tccatalog:UpdatePermissionToResource",
"tccatalog:DescribeRolePermissionList",
"tccatalog:DescribeRolesPrivilegeList",
"tccatalog:CheckUserRoleGranted",
"tccatalog:DescribeSchemas",
"tccatalog:DescribeCatalogsByNames",
"tccatalog:LockTable",
"tccatalog:UnlockTable",
"tccatalog:CheckTable",
"tccatalog:AlterTable",
"ssm:ListSecrets",
"ssm:ListSecretVersionIds",
"tccatalog:DescribeRegisterTableResult",
"tccatalog:CreateMetastoreInstance",
"tccatalog:DescribeMetastoreInstances",
"tccatalog:DescribeMetastoreInstance",
"tccatalog:DescribeUsageStatistics"
],
"resource": "*"
}
]
}
文档反馈