授权委托服务
当商家或用户在以下场景使用委托服务时,如表1,云商店会向您发送授权请求。一旦您同意,即表示您授权云商店以委托对象角色为您提供相应的服务。若委托策略有任何更新,云商店将会在您使用该服务时重新请求授权。具体的委托策略参见委托策略权限详情。
请勿对云商店的委托及委托策略内容进行修改,也请勿在其他委托上复用云商店的委托策略,否则会影响服务的正常运行。
授权角色 |
场景 |
服务类型 |
委托 |
委托对象 |
委托策略 |
---|---|---|---|---|---|
用户 |
购买商品 |
api商品自动复购 |
mkp_agency_trust |
云商店系统账号 |
|
使用商品 |
镜像类商品快捷开通 |
mkp_agency_trust |
云商店系统账号 |
||
mkp_rfs_agency_trust |
资源编排服务RFS |
||||
镜像类商品模版部署 |
mkp_agency_trust |
云商店系统账号 |
|||
License商品自动化部署 |
mkp_agency_trust |
云商店系统账号 |
|||
商家 |
接入商品 |
对自动化部署模板进行可用性测试 |
mkp_agency_trust |
云商店系统账号 |
云商店已不再使用委托mkp_ims_trust、mkp_admin_trust、mkp_rf_admin_trust、mkp_obs_trust,如您授权过以上委托,可参见取消委托授权删除。
委托策略权限详情
- api_product_repurchase_policy
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "bss:enterpriseProjectGroup:view", "bss:coupon:view", "bss:discount:view", "bss:order:pay", "bss:order:update" ] } ] }
- mkp_deployment_policy
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:cmk:create", "kms:cmk:get", "kms:dek:create" ] }, { "Effect": "Allow", "Action": [ "rf:stack:listStacks", "rf:stack:listStackResources", "rf:stack:listStackOutputs", "rf:stack:createStack", "rf:stack:getStackMetadata", "rf:stack:updateStack" ] } ] }
- mkp_rfs_deployment_policy
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:cmk:get", "kms:dek:decrypt" ] }, { "Effect": "Allow", "Action": [ "ecs:diskConfigs:use", "ecs:servers:create", "ecs:cloudServers:showServer", "ecs:cloudServers:get", "ecs:serverInterfaces:get", "ecs:serverKeypairs:get", "ecs:flavors:get", "ecs:serverVolumes:use", "ecs:cloudServers:createServers", "ecs:cloudServers:create", "ecs:cloudServers:deleteServers", "ecs:cloudServers:delete", "ecs:servers:get", "ecs:serverInterfaces:use", "ecs:securityGroups:use" ] }, { "Effect": "Allow", "Action": [ "evs:volumes:list", "evs:volumes:create", "evs:volumes:manage", "evs:backups:get", "evs:volumes:attach", "evs:volumes:get", "evs:snapshots:get" ] }, { "Effect": "Allow", "Action": [ "ims:images:get", "ims:images:list" ] }, { "Effect": "Allow", "Action": [ "vpc:securityGroups:create", "vpc:subnets:update", "vpc:routers:update", "vpc:networks:get", "vpc:ports:get", "vpc:ports:update", "vpc:ports:create", "vpc:securityGroupRules:get", "vpc:subnets:create", "vpc:subnets:get", "vpc:securityGroups:update", "vpc:routers:get", "vpc:securityGroups:get", "vpc:networks:create", "vpc:networks:update" ] } ] }