tencent cloud

TDSQL for MySQL
Download PDF
Last updated: 2025-12-04 09:16:28
TDSQL for MySQL
Last updated: 2025-12-04 09:16:28
Download PDF

Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

Product Role Name Role Types Role Entity
TDSQL for MySQL DCDB_QCSLinkedRoleInKMS Service-Related Roles kms.dcdb.cloud.tencent.com
TDSQL for MySQL DCDB_QCSLinkedRoleInTSE Service-Related Roles tse.dcdb.cloud.tencent.com
TDSQL for MySQL DCDB_QCSLinkedRoleInDBLog Service-Related Roles DBLog.dcdb.cloud.tencent.com

DCDB_QCSLinkedRoleInKMS

Use Cases: The current role is the DCDB service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForDCDBLinkedRoleInKMS
  • Policy Information:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "resource": [
              "*"
          ],
          "action": [
              "kms:GetServiceStatus",
              "kms:CreateKey",
              "kms:GenerateDataKey",
              "kms:Decrypt",
              "kms:Encrypt",
              "kms:ReEncrypt",
              "kms:EnableKey",
              "kms:EnableKeyRotation",
              "kms:ListKeyDetail",
              "kms:DescribeKey",
              "kms:ListKey"
          ]
      }
  ]
}

DCDB_QCSLinkedRoleInTSE

Use Cases: The current role is the DCDB service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForDCDBLinkedRoleInTSE
  • Policy Information:
    {
  "statement": [
      {
          "action": [
              "tse:CreateGovernanceStrategy",
              "tse:DescribeGovernanceMainToken",
              "tse:DescribeGovernanceInstances",
              "tse:DescribeGovernanceServices",
              "tse:CreateGovernanceInstances",
              "tse:DeleteGovernanceInstances",
              "tse:ModifyGovernanceServices",
              "tse:DescribeGovernanceStrategies",
              "tse:DescribeSREInstances",
              "tse:ModifyGovernanceInstances",
              "tse:DescribeGovernanceNamespaces",
              "tse:DescribeGovernanceAuthStrategies"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}

DCDB_QCSLinkedRoleInDBLog

Use Cases: The current role is the DCDB service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForDCDBLinkedRoleInDBLog
  • Policy Information:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "cls:ModifyKafkaRecharge",
              "cls:DescribeKafkaRecharges",
              "cls:DeleteKafkaRecharge",
              "cls:CreateKafkaRecharge",
              "cls:DeleteCloudProductLogTask",
              "cls:ModifyCloudProductLogTask"
          ],
          "resource": "*"
      }
  ]
}
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback