tencent cloud

对象存储
下载PDF
最后更新时间:2025-12-20 09:32:16
对象存储
最后更新时间: 2025-12-20 09:32:16
下载PDF

服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。

CAM中产品名 角色名称 角色类型 角色载体
对象存储 COS_QCSLinkedRoleInCOSAcc 服务相关角色 COSAcc.COS.cloud.tencent.com
对象存储 COS_QCSLinkedRoleInCLSAccess 服务相关角色 cosoclsr.cos.cloud.tencent.com
对象存储 COS_QCSLinkedRoleVectorBucket 服务相关角色 vector.cos.cloud.tencent.com
对象存储 COS_QCSLinkedRoleInLighthouseMounting 服务相关角色 lhmounting.cos.cloud.tencent.com

COS_QCSLinkedRoleInCOSAcc

使用场景: 当前角色为对象存储(COS)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略

  • 策略名称: QcloudAccessForCOSLinkedRoleInCOSAcc
  • 策略内容:
    {
  "statement": [
      {
          "action": [
              "cos:*"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}

COS_QCSLinkedRoleInCLSAccess

使用场景: 对象存储服务(COS)操作权限包括但不限于以下权限:增删查改日志服务(CLS)日志集、日志主题、日志,增删查改机器组,增删查改索引以及投递日志等
权限策略

  • 策略名称: QcloudAccessForCOSLinkedRoleInCosoclsr
  • 策略内容:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "cls:CreateIndex",
              "cls:ModifyIndex",
              "cls:DescribeIndex",
              "cls:CreateTopic",
              "cls:ModifyTopic",
              "cls:DeleteTopic",
              "cls:DescribeTopics",
              "cls:ModifyLogset",
              "cls:DeleteLogset",
              "cls:CreateLogset",
              "cls:DescribeLogsets",
              "tag:DescribeResourceTagsByResourceIds",
              "tag:DescribeTagKeys",
              "tag:DescribeTagValues",
              "tag:DescribeResourceTags",
              "tag:TagResources",
              "tag:DescribeTags"
          ],
          "resource": "*"
      }
  ]
}

COS_QCSLinkedRoleVectorBucket

使用场景: 当前角色为COS的向量存储桶服务角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略

  • 策略名称: QcloudCOSAccessForVectorBucket
  • 策略内容:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "cos:PutBucketEncryption",
              "cos:GetBucketEncryption",
              "cos:DeleteBucketEncryption",
              "cos:PutObject",
              "cos:PutObjectCopy",
              "cos:PostObject",
              "cos:GetObject",
              "cos:HeadObject",
              "cos:DeleteObject",
              "cos:DeleteMultipleObjects",
              "cos:PutObjectTagging",
              "cos:GetObjectTagging",
              "cos:DeleteObjectTagging",
              "cos:InitiateMultipartUpload",
              "cos:UploadPart",
              "cos:UploadPartCopy",
              "cos:CompleteMultipartUpload",
              "cos:AbortMultipartUpload",
              "cos:ListMultipartUploads",
              "cos:ListParts",
              "cos:PutBucket",
              "cos:GetBucket",
              "cos:HeadBucket",
              "cos:DeleteBucket"
          ],
          "resource": "*"
      }
  ]
}

COS_QCSLinkedRoleInLighthouseMounting

使用场景: 当前角色为对象存储 (COS)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略

  • 策略名称: QcloudAccessForCOSLinkedRoleInLighthouseMounting
  • 策略内容:
    {
  "statement": [
      {
          "action": [
              "tat:DescribeCommands",
              "tat:RunCommand",
              "tat:InvokeCommand",
              "tat:DescribeInvocations",
              "tat:DescribeInvocationTasks",
              "tat:DescribeAutomationAgentStatus",
              "tat:CancelInvocation",
              "tat:DescribeInstancesFeatureStatus"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}
本页内容是否解决了您的问题?
您也可以 联系销售 提交工单 以寻求帮助。

文档反馈