- Updates and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Purchasing Instances
- Creating an Enterprise Edition Instance
- Access Configuration
- Manage Image Repository
- Image Distribution
- Image Security
- Synchronization and Replication
- Configuring Image Tag Retention
- Image Cleanup
- DevOps
- OCI Artifacts Management
- Terminating/Returning Instances
- Operation Guide for TCR Individual
- Best Practices
- Migration from TCR Personal Edition to TCR Enterprise Edition
- Synchronizing Images to TCR Enterprise Edition from External Harbor
- TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
- EKS Elastic Clusters Pull TCR Container Images
- Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
- Nearby Access Through Image Synchronization Between Multiple Global Regions
- API Documentation
- FAQs
- Service Agreement
- Contact Us
- Glossary
- Updates and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Purchasing Instances
- Creating an Enterprise Edition Instance
- Access Configuration
- Manage Image Repository
- Image Distribution
- Image Security
- Synchronization and Replication
- Configuring Image Tag Retention
- Image Cleanup
- DevOps
- OCI Artifacts Management
- Terminating/Returning Instances
- Operation Guide for TCR Individual
- Best Practices
- Migration from TCR Personal Edition to TCR Enterprise Edition
- Synchronizing Images to TCR Enterprise Edition from External Harbor
- TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
- EKS Elastic Clusters Pull TCR Container Images
- Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
- Nearby Access Through Image Synchronization Between Multiple Global Regions
- API Documentation
- FAQs
- Service Agreement
- Contact Us
- Glossary
Example of Authorization Solution of TCR Individual
Last updated: 2022-05-09 12:41:24
Policy Configuration in Typical Scenarios
Note:The following scenario policies are only used for TCR Individual use cases.
Grant a sub-account the full read/write permissions for all resources in TCR Individual.
{ "version": "2.0", "statement": [{ "action": [ "tcr:*" ], "resource": [ "qcs::tcr:::repo/*" ], "effect": "allow" }] }Grant a sub-account the read-only permission for all resources in TCR Individual (former Image Repositories in TKE).
{ "version": "2.0", "statement": [{ "action": [ "tcr:Describe*", "tcr:PullRepository*" ], "resource": [ "qcs::tcr:::repo/*" ], "effect": "allow" }] }Grant a sub-account permissions to manage the specific namespace in the specific region. For example, the namespace
team-01in the default region.{ "version": "2.0", "statement": [{ "action": [ "tcr:*" ], "resource": [ "qcs::tcr:::repo/team-01", "qcs::tcr:::repo/team-01/*" ], "effect": "allow" } ] }Grant a sub-account the read-only permission for an image repository, which means that the sub-account can only pull the images in the image repository instead of deleting the repository, modifying repository attributes, or pushing images. For example, the image repository
repo-demoin the namespaceteam-01in the default region.{ "version": "2.0", "statement": [{ "action": [ "tcr:Describe*", "tcr:PullRepositoryPersonal" ], "resource": [ "qcs::tcr:::repo/team-01", "qcs::tcr:::repo/team-01/repo-demo", "qcs::tcr:::repo/team-01/repo-demo/*" ], "effect": "allow" } ] }
Yes
No
Was this page helpful?