文档首页/ 云商店/ 用户指南/ 授权委托服务
更新时间:2024-11-21 GMT+08:00
查看PDF
分享

授权委托服务

当商家或用户在以下场景使用委托服务时,如表1,云商店会向您发送授权请求。一旦您同意,即表示您授权云商店以委托对象角色为您提供相应的服务。若委托策略有任何更新,云商店将会在您使用该服务时重新请求授权。具体的委托策略参见委托策略权限详情

请勿对云商店的委托及委托策略内容进行修改,也请勿在其他委托上复用云商店的委托策略,否则会影响服务的正常运行。

表1 委托服务表

授权角色

场景

服务类型

委托

委托对象

委托策略

用户

购买商品

api商品自动复购

mkp_agency_trust

云商店op账号

api_product_repurchase_p...

使用商品

镜像类商品快捷开通

mkp_agency_trust

云商店op账号

mkp_deployment_policy

mkp_rfs_agency_trust

云服务RFS

mkp_rfs_deployment_polic...

镜像类商品模版部署

mkp_agency_trust

云商店op账号

mkp_deployment_policy

License商品自动化部署

mkp_agency_trust

云商店op账号

mkp_deployment_policy

商家

接入商品

对自动化部署模板进行可用性测试

mkp_agency_trust

云商店op账号

mkp_deployment_policy

云商店已不再使用委托mkp_ims_trust、mkp_admin_trust、mkp_rf_admin_trust、mkp_obs_trust,如您授权过以上委托,可参见取消授权删除。

委托策略权限详情

  • api_product_repurchase_policy 
    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "bss:enterpriseProjectGroup:view",
                "bss:coupon:view",
                "bss:discount:view",
                "bss:order:pay",
                "bss:order:update"
            ]
        }
    ]
}
  • mkp_deployment_policy 
    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kms:cmk:create",
                "kms:cmk:get",
                "kms:dek:create"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "rf:stack:listStacks",
                "rf:stack:listStackResources",
                "rf:stack:listStackOutputs",
                "rf:stack:createStack",
                "rf:stack:getStackMetadata",
                "rf:stack:updateStack"
            ]
        }
    ]
}
  • mkp_rfs_deployment_policy 
    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kms:cmk:get",
                "kms:dek:decrypt"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecs:diskConfigs:use",
                "ecs:servers:create",
                "ecs:cloudServers:showServer",
                "ecs:cloudServers:get",
                "ecs:serverInterfaces:get",
                "ecs:serverKeypairs:get",
                "ecs:flavors:get",
                "ecs:serverVolumes:use",
                "ecs:cloudServers:createServers",
                "ecs:cloudServers:create",
                "ecs:servers:get",
                "ecs:serverInterfaces:use",
                "ecs:securityGroups:use"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "evs:volumes:list",
                "evs:volumes:create",
                "evs:volumes:manage",
                "evs:backups:get",
                "evs:volumes:attach",
                "evs:volumes:get",
                "evs:snapshots:get"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ims:images:get",
                "ims:images:list"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "vpc:securityGroups:create",
                "vpc:subnets:update",
                "vpc:routers:update",
                "vpc:networks:get",
                "vpc:ports:get",
                "vpc:ports:update",
                "vpc:ports:create",
                "vpc:securityGroupRules:get",
                "vpc:subnets:create",
                "vpc:subnets:get",
                "vpc:securityGroups:update",
                "vpc:routers:get",
                "vpc:securityGroups:get",
                "vpc:networks:create",
                "vpc:networks:update"
            ]
        }
    ]
}

取消授权

商家或用户可在“统一身份认证中IAM”中删除已授权的委托,一旦删除,相应的服务将立即失效,请谨慎操作。

相关文档