更新时间:2026-03-23 GMT+08:00
授权委托服务声明
什么是委托服务声明
由于华为云各服务之间存在业务交互关系,一些云服务需要与其他云服务协同工作,需要您创建云服务委托,将操作权限委托给该服务,让该服务以您的身份使用其他云服务,代替您进行一些资源运维工作。
当您在以下业务场景中使用委托服务时(见表1 委托服务表),系统将向您发起授权请求。您确认同意后,即视为授权云商店以委托方角色提供对应服务。
如策略发生变更,系统将在您下次使用相关服务时重新获取授权。具体权限范围请参阅委托策略权限详情。
请勿对云商店的委托及委托策略内容进行修改,也请勿在其他委托上复用云商店的委托策略,否则会影响服务的正常运行。
| 授权角色 | 场景 | 服务类型 | 委托 | 委托对象 | 委托策略 |
|---|---|---|---|---|---|
| 用户 | 购买商品 | API商品自动复购 | mkp_agency_trust | 云商店系统账号 | |
| 镜像类商品快捷开通 | mkp_agency_trust | 云商店系统账号 | |||
| mkp_rfs_agency_trust | 资源编排服务RFS | ||||
| 镜像类商品模板部署 | mkp_agency_trust | 云商店系统账号 | |||
| 联营域名商品自动续期 | mkp_agency_trust | 云商店系统账号 | domain_product_repurchase_policy | ||
| 商品交付 | License商品自动化部署 | mkp_agency_trust | 云商店系统账号 | ||
| License商品委托部署 | mkp_agency_trust | ||||
| 商家 | 接入商品 | 对自动化部署模板进行可用性测试 | mkp_agency_trust | 云商店系统账号 |
委托服务策略详情
- api_product_repurchase_policy
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "bss:enterpriseProjectGroup:view", "bss:coupon:view", "bss:discount:view", "bss:order:pay", "bss:order:update" ] } ] }
- mkp_deployment_policy
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:cmk:create", "kms:cmk:get", "kms:dek:create" ] }, { "Effect": "Allow", "Action": [ "rf:stack:listStacks", "rf:stack:listStackResources", "rf:stack:listStackOutputs", "rf:stack:createStack", "rf:stack:getStackMetadata", "rf:stack:updateStack" ] } ] }
- mkp_rfs_deployment_policy
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:cmk:get", "kms:dek:decrypt" ] }, { "Effect": "Allow", "Action": [ "ecs:diskConfigs:use", "ecs:servers:create", "ecs:cloudServers:showServer", "ecs:cloudServers:get", "ecs:serverInterfaces:get", "ecs:serverKeypairs:get", "ecs:flavors:get", "ecs:serverVolumes:use", "ecs:cloudServers:createServers", "ecs:cloudServers:create", "ecs:cloudServers:deleteServers", "ecs:cloudServers:delete", "ecs:servers:get", "ecs:serverInterfaces:use", "ecs:securityGroups:use" ] }, { "Effect": "Allow", "Action": [ "evs:volumes:list", "evs:volumes:create", "evs:volumes:manage", "evs:backups:get", "evs:volumes:attach", "evs:volumes:get", "evs:snapshots:get" ] }, { "Effect": "Allow", "Action": [ "ims:images:get", "ims:images:list" ] }, { "Effect": "Allow", "Action": [ "vpc:securityGroups:create", "vpc:subnets:update", "vpc:routers:update", "vpc:networks:get", "vpc:ports:get", "vpc:ports:update", "vpc:ports:create", "vpc:securityGroupRules:get", "vpc:subnets:create", "vpc:subnets:get", "vpc:securityGroups:update", "vpc:routers:get", "vpc:securityGroups:get", "vpc:networks:create", "vpc:networks:update" ] } ] } - mkp_auto_deploy_region_policy
"policy": { "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:cmk:create", "kms:cmk:get", "kms:dek:create" ] }, { "Effect": "Allow", "Action": [ "rf:stack:createExecutionPlan", "rf:template:parseTemplateVariables", "rf:stack:listStackResources", "rf:stack:listStackOutputs", "rf:stack:getStackMetadata", "rf:stack:createStack", "rf:stack:updateStack", "rf:stack:listStackEvents" ] }, { "Effect": "Allow", "Action": [ "cce:cluster:get", "cce:cluster:list" ] }, { "Effect": "Allow", "Action": [ "ecs:cloudServers:list", "ecs:cloudServers:listServerBlockDevices", "ecs:cloudServers:list", "ecs:cloudServerFlavors:get" ] }, { "Effect": "Allow", "Action": [ "vpc:ports:get", "vpc:vpcTags:get", "vpc:vpcs:list", "vpc:subnets:get" ] }, { "Effect": "Allow", "Action": [ "evs:volumes:get" ] }, { "Effect": "Allow", "Action": [ "rds:instance:list", "rds:database:create", "rds:database:list", "rds:database:drop" ] } ] } - mkp_auto_deploy_global_policy
"policy": { "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "coc:instance:listResources", "coc:document:create", "coc:instance:executeDocument", "coc:instance:syncResources", "coc:document:get", "coc:job:get" ] } ] } - domain_product_repurchase_policy
"policy": { "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "bss:enterpriseProjectGroup:view", "bss:coupon:view", "bss:discount:view", "bss:order:pay", "bss:order:update" ] } ] }
取消委托服务授权
如果不再需要使用委托,您可以在“统一身份认证服务(IAM)>委托”中,单击委托右侧的“删除”,删除委托。
删除委托后,将撤销被委托方账号的权限,被委托方将无法管理您的委托资源,对您的其他业务合作伙伴没有影响。
父主题: 使用商品
