tencent cloud

Cloud Object Storage
Download PDF
Last updated: 2025-12-04 09:16:24
Cloud Object Storage
Last updated: 2025-12-04 09:16:24
Download PDF

Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

Product Role Name Role Types Role Entity
COS COS_QCSLinkedRoleInCOSAcc Service-Related Roles COSAcc.COS.cloud.tencent.com
COS COS_QCSLinkedRoleInCLSAccess Service-Related Roles cosoclsr.cos.cloud.tencent.com
COS COS_QCSLinkedRoleInLighthouseMounting Service-Related Roles lhmounting.cos.cloud.tencent.com

COS_QCSLinkedRoleInCOSAcc

Use Cases: The current role is the COS service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForCOSLinkedRoleInCOSAcc
  • Policy Information:
    {
  "statement": [
      {
          "action": [
              "cos:*"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}

COS_QCSLinkedRoleInCLSAccess

Use Cases: Object Storage Service (COS) operation permissions include but are not limited to the following permissions: Add, delete, and modify log service (CLS) log sets, log topics, logs, add, delete, and modify machine groups, add, delete, and modify indexes, and delivery logs, etc.
Authorization Polices

  • Policy Name: QcloudAccessForCOSLinkedRoleInCosoclsr
  • Policy Information:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "cls:CreateIndex",
              "cls:ModifyIndex",
              "cls:DescribeIndex",
              "cls:CreateTopic",
              "cls:ModifyTopic",
              "cls:DeleteTopic",
              "cls:DescribeTopics",
              "cls:ModifyLogset",
              "cls:DeleteLogset",
              "cls:CreateLogset",
              "cls:DescribeLogsets",
              "tag:DescribeResourceTagsByResourceIds",
              "tag:DescribeTagKeys",
              "tag:DescribeTagValues",
              "tag:DescribeResourceTags",
              "tag:TagResources",
              "tag:DescribeTags"
          ],
          "resource": "*"
      }
  ]
}

COS_QCSLinkedRoleInLighthouseMounting

Use Cases: The current role is the COS service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForCOSLinkedRoleInLighthouseMounting
  • Policy Information:
    {
  "statement": [
      {
          "action": [
              "tat:DescribeCommands",
              "tat:RunCommand",
              "tat:InvokeCommand",
              "tat:DescribeInvocations",
              "tat:DescribeInvocationTasks",
              "tat:DescribeAutomationAgentStatus",
              "tat:CancelInvocation",
              "tat:DescribeInstancesFeatureStatus"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback