プロダクトの概要

CAMの概要

製品機能

適用シーン

基本概念

使用制限

ユーザータイプ

購入ガイド

クイックスタート

管理者ユーザーを作成する

サブアカウントの作成と権限付与

サブアカウントのコンソールログイン

ユーザーガイド

概要

ユーザー

アクセスキー

ユーザーグループ

ロール

アイデンティティプロバイダー

ポリシー

権限境界

トラブルシューティング

セキュリティ分析レポートのダウンロード

CAM-Enabled Role

Overview

Compute

Container

Microservice

Essential Storage Service

Data Process and Analysis

Data Migration

Relational Database

Enterprise Distributed DBMS

NoSQL Database

Database SaaS Tool

Database SaaS Service

Networking

CDN and Acceleration

Network Security

Data Security

Application Security

Domains & Websites

Big Data

Middleware

Interactive Video Services

Real-Time Interaction

Media On-Demand

Media Process Services

Media Process

Cloud Real-time Rendering

Game Services

Cloud Resource Management

Management and Audit Tools

Developer Tools

Monitor and Operation

CAM-Enabled API

Overview

Compute

Edge Computing

Container

Distributed cloud

Microservice

Serverless

Essential Storage Service

Data Process and Analysis

Data Migration

Relational Database

Enterprise Distributed DBMS

NoSQL Database

Database SaaS Tool

Networking

CDN and Acceleration

Network Security

Endpoint Security

Data Security

Business Security

Application Security

Domains & Websites

Office Collaboration

Big Data

Voice Technology

Image Creation

Tencent Big Model

AI Platform Service

Natural Language Processing

Optical Character Recognition

Middleware

Communication

Interactive Video Services

Real-Time Interaction

Stream Services

Media On-Demand

Media Process Services

Media Process

Cloud Real-time Rendering

Game Services

Education Sevices

Medical Services

Cloud Resource Management

Management and Audit Tools

Developer Tools

Monitor and Operation

実践のチュートリアル

セキュリティの実践チュートリアル

複数アイデンティティ権限管理

Tag下の一部操作権限を付与する

従業員間のリソース分離アクセスのサポート

企業マルチアカウント権限管理

従業員のTencent Cloud操作ログを閲覧する

ABACによる従業員のリソースアクセス権限管理

タグ認証時にタグキーのみマッチをサポート

商用事例

MySQL関連ケース

CLB 関連ケース

CMQ関連ケース

COS 関連ケース

CVM関連ケース

VPC 関連ケース

VOD関連ケース

その他のケース

よくあるご質問

ロール関連問題

キー関連の問題

その他の問題

CAMユーザーと権限の問題

用語一覧

Elasticsearch Service

フォーカスモード

フォントサイズ

最終更新日: 2026-04-05 09:36:02

Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

Product	Role Name	Role Types	Role Entity
Elasticsearch Service	ES_QCSLinkedRoleInAuthCos	Service-Related Roles	authcos.es.cloud.tencent.com
Elasticsearch Service	ES_QCSLinkedRoleInAccessCos	Service-Related Roles	acesscos.es.cloud.tencent.com
Elasticsearch Service	ES_QCSLinkedRoleInDataImport	Service-Related Roles	dataimport.es.cloud.tencent.com
Elasticsearch Service	ES_QCSLinkedRoleInLogSyncCls	Service-Related Roles	logsynccls.es.cloud.tencent.com
Elasticsearch Service	ES_QCSLinkedRoleInVpcOperate	Service-Related Roles	vpcoperate.es.cloud.tencent.com
Elasticsearch Service	ES_QCSLinkedRoleInBeatsCollector	Service-Related Roles	beatscollector.es.cloud.tencent.com

ES_QCSLinkedRoleInAuthCos

Use Cases： Get the role that accesses the user's cos data
Authorization Polices

Policy Name： QcloudAccessForESLinkedRoleInAuthCos

Policy Information：

{
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "cos:List*",
              "cos:Get*",
              "cos:Head*",
              "cos:OptionsObject"
          ],
          "resource": "*"
      }
  ]
}

ES_QCSLinkedRoleInAccessCos

Use Cases： The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

Policy Name： QcloudAccessForEsLinkedRoleInCosAcess

Policy Information：

{
  "statement": [
      {
          "action": [
              "cos:GetBucket",
              "cos:HeadBucket",
              "cos:GetObject",
              "cos:HeadObject",
              "cos:PutObject",
              "cos:PostObject",
              "cos:InitiateMultipartUpload",
              "cos:ListMultipartUploads",
              "cos:ListParts",
              "cos:UploadPart",
              "cos:CompleteMultipartUpload",
              "cos:DeleteObject",
              "cos:DeleteMultipleObjects"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}

ES_QCSLinkedRoleInDataImport

Use Cases： The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy
Authorization Polices

Policy Name： QcloudAccessForESLinkedRoleInDataImport

Policy Information：

{
  "version": "2.0",
  "statement": [
      {
          "action": [
              "ckafka:DescribeInstancesDetail",
              "ckafka:DescribeInstances",
              "ckafka:CreateTopic",
              "ckafka:DescribeTopicDetail",
              "ckafka:DescribeTopic",
              "ckafka:DescribeRoute",
              "ckafka:CreateDatahubTopic",
              "ckafka:DescribeDatahubTopic",
              "ckafka:CreateConnectResource",
              "ckafka:DescribeConnectResource",
              "ckafka:CreateDatahubTask",
              "ckafka:DescribeDatahubTask",
              "tat:RunCommand",
              "tat:DescribeInvocations",
              "tat:DescribeAutomationAgentStatus",
              "tke:DescribeClusters",
              "tke:DescribeClusterReleases",
              "tke:CreateClusterRelease",
              "tke:UpgradeClusterRelease",
              "tke:UninstallClusterRelease",
              "tke:CancelClusterRelease",
              "ckafka:DeleteDatahubTopic",
              "ckafka:DeleteConnectResource",
              "ckafka:DeleteDatahubTask",
              "ckafka:DeleteDatahubGroup",
              "ckafka:ModifyGroupOffsets",
              "ckafka:ModifyDatahubResource",
              "cvm:DescribeInstances",
              "emr:DescribeClusterLogInfo",
              "emr:NotifyEmr"
          ],
          "resource": "*",
          "effect": "allow"
      }
  ]
}

ES_QCSLinkedRoleInLogSyncCls

Use Cases： The current role is the Elasticsearch Serivce（ES） service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

Policy Name： QcloudAccessForESLinkedRoleInLogSyncCls

Policy Information：

{
  "statement": [
      {
          "action": [
              "cls:ModifyTopic",
              "emr:AddClusterLogsToCls",
              "emr:RemoveClusterLogsToCls",
              "emr:DescribeInstances",
              "cls:RealtimeProducer"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}

ES_QCSLinkedRoleInVpcOperate

Use Cases： The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

Policy Name： QcloudAccessForESLinkedRoleInVpcOperate

Policy Information：

{
  "version": "1.0",
  "statement": [
      {
          "action": [
              "vpc:DescribeVpcEx",
              "vpc:DescribeSubnetEx",
              "vpc:CreateCcn",
              "vpc:AttachCcnInstances",
              "vpc:DeleteCcn",
              "vpc:DetachCcnInstances",
              "vpc:DescribeNetworkInterfaces",
              "vpc:CreateNetworkInterface",
              "vpc:DeleteNetworkInterface",
              "vpc:DescribeVpcTaskResult",
              "vpc:CreateVpcEndPoint",
              "vpc:DescribeVpcEndPoint",
              "vpc:ModifyVpcEndPointAttribute",
              "vpc:DeleteVpcEndPoint",
              "vpc:DisassociateVpcEndPointSecurityGroups",
              "cvm:DescribeSecurityGroups"
          ],
          "resource": "*",
          "effect": "allow"
      }
  ]
}

ES_QCSLinkedRoleInBeatsCollector

Use Cases： The current role is the ES service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

Policy Name： QcloudAccessForESLinkedRoleInBeatsCollector

Policy Information：

{
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "tat:RunCommand",
              "tat:DescribeInvocations",
              "tat:DescribeAutomationAgentStatus",
              "tke:DescribeClusters",
              "tke:DescribeClusterReleases",
              "tke:CreateClusterRelease",
              "tke:UpgradeClusterRelease",
              "tke:UninstallClusterRelease",
              "tke:CancelClusterRelease",
              "cvm:DescribeInstances",
              "emr:DescribeClusterLogInfo",
              "emr:NotifyEmr"
          ],
          "resource": [
              "*"
          ]
      }
  ]
}

ヘルプとサポート

この記事はお役に立ちましたか？

営業担当者にお問い合わせいただくかチケットを提出してサポートを求めることができます。

フィードバック

tencent cloud

Cloud Access Management

Elasticsearch Service

ES_QCSLinkedRoleInAuthCos

ES_QCSLinkedRoleInAccessCos

ES_QCSLinkedRoleInDataImport

ES_QCSLinkedRoleInLogSyncCls

ES_QCSLinkedRoleInVpcOperate

ES_QCSLinkedRoleInBeatsCollector

ヘルプとサポート