云监控服务 CES-添加数据转储到其他账号:被委托方需要的权限

时间：2025-02-12 15:15:08

云监控服务 CES 数据转储

被委托方需要的权限

被委托方如果是主账号，无需配置权限，被委托方子账号需要拥有数据转储相关的权限。

项目级权限如下：

{  "Version": "1.1",  "Statement": [    {      "Effect": "Allow",      "Action": [        "ces:quotas:get",        "ces:dataShareJob:get",        "ces:dataShareTask:delete",        "ces:dataShareJob:action",        "ces:dataShareTask:list",        "ces:namespaces:list",        "ces:sysEventsNames:list",        "ces:dataShareTask:get",        "ces:dataShareTask:action",        "ces:dataShareJob:list",        "ces:dataShareTask:put",        "ces:dataShareTask:create",        "ces:dataShareJob:action",        "ces:dataShareJob:delete",        "ces:dataShareJob:create",        "dms:instance:list",        "dms:instance:get",        "ces:dataShareJob:listDmsInstancesByAgency",        "ces:dataShareJob:listAgencyProjects",        "ces:dataShareJob:listDmsTopicsByAgency",        "ces:agency:get",        "ces:agency:post",        "ces:namespacesDimensions:list",        "mqs:instance:list",        "mqs:instance:get",        "ces:i18n:list"      ]    }  ]}

此外，还需要拥有查询操作 IAM 委托权限（全局级权限），来保障转储任务能正常创建和运行，权限如下：

{  "Version": "1.1",  "Statement": [    {      "Effect": "Allow",      "Action": [        "iam:agencies:assume",        "iam:agencies:createAgency",        "iam:agencies:listAgencies",        "iam:permissions:grantRoleToAgency",        "iam:permissions:grantRoleToAgencyOnProject",        "iam:permissions:listRolesForAgency",        "iam:permissions:listRolesForAgencyOnDomain",        "iam:permissions:listRolesForAgencyOnProject",        "iam:permissions:revokeRoleFromAgency",        "iam:roles:createRole",        "iam:roles:listRoles",        "iam:roles:updateRole"      ]    }  ]}

项目级权限和全局级权限创建请参考创建自定义权限策略。

上一篇：云监控服务 CES-添加数据转储到其他账号:创建CES账号委托

下一篇：云监控服务 CES-添加数据转储到其他账号:创建CES账号委托