云服务委托权限指导

为了提升账号安全性，近期区块链服务对云服务委托权限进行了调整。如果您已创建并正在使用Fabric增强版区块链实例，请您尽快手动清理多余的云服务委托权限。

具体的操作步骤如下：

1. 登录统一身份认证服务 IAM，选择“委托”并搜索委托名称“bcs_admin_trust”。
2. 单击“修改”进入“bcs_admin_trust”委托的修改页面。
3. 进入“授权记录”，确认以下权限已被正确配置：
   • BCS agency policy for global，确认策略内容如下：

     {
         "Version": "1.1",
         "Statement": [
             {
                 "Effect": "Allow",
                 "Action": [
                     "obs:object:DeleteObject",
                     "obs:bucket:HeadBucket",
                     "obs:object:PutObject",
                     "obs:bucket:CreateBucket"
                 ]
             }
         ]
     }

   • BCS agency policy for project，确认权限列表如下：

     {
         "Version": "1.1",
         "Statement": [
             {
                 "Action": [
                     "cce:cluster:get",
                     "cce:node:list",
                     "ecs:cloudServers:listServerInterfaces",
                     "ecs:cloudServers:list",
                     "ecs:serverInterfaces:get",
                     "vpc:publicIps:list",
                     "vpc:publicIps:update",
                     "vpc:ports:get",
                     "cbr:vaults:delete",
                     "cbr:vaults:get",
                     "cbr:vaults:removeResources",
                     "cbr:vaults:addResources",
                     "cbr:vaults:create",
                     "cbr:vaults:update",
                     "cbr:vaults:backup",
                     "cbr:backups:delete",
                     "cbr:backups:list",
                     "evs:volumes:list",
                     "sfsturbo:shares:getShare"
                 ],
                 "Effect": "Allow"
             }
         ]
     }

4. 完成确认后，请手动删除以下多余的权限：
   • SFS Administrator
   • ECS FullAccess
   • VPC Administrator
   • EPS FullAccess
   • CCE Administrator
   • AOM FullAccess
   • APM FullAccess
   • OBS Administrator
   • CBR FullAccess
   • BCS Administrator