tencent cloud

Feedback

Configuring a Sub-account's Full Read/write or Read-only Permission to TKE

Last updated: 2022-04-18 15:27:18

    Operation Scenario

    You can grant a user the permissions to view and use specific resources in the TKE console by using a CAM policy. The examples in this document guide you through the process of configuring certain permissions in the console.

    Steps

    Configuring Full Read/write Permission

    1. Log in to the CAM console.In the left navigation pane, click Policies to go to the policy management page.
    2. On the "Policy management" page, click Associate a user/group in the row of QcloudTKEFullAccess policy. See the figure below:
    3. In the Associate a user/user window that pops up, select the account that needs full read/write permission for the TKE service, and click OK to grant full read/write permission for the TKE service to the sub-accounts.
    4. On the "Policy management" page, click Associate a user/group in the row of QcloudTKEFullAccess policy. See the figure below:
      QcloudCCRFullAccess policy
    5. In the Associate a user/group window that pops up, select the account that needs full read/write permission for Image Registry, and click OK to grant full read/write permission for Image Registry to the sub-accounts.
      Note:

      If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).

    Configuring Read-only Permission

    1. Log in to the CAM console.In the left navigation pane, click Policies to go to the policy management page.
    2. On the "Policy management" page, click Associate a user/group in the row of QcloudCCSReadOnlyAccess policy. See the figure below:
      QcloudCCSReadOnlyAccess policy
    3. In the Associate a user/user window that pops up, select the account that needs read-only permission for the TKE service, and click OK to grant read-only permission for the TKE service to the sub-accounts.
    4. On the "Policy management" page, click Associate a user/group in the row of QcloudCCRReadOnlyAccess policy. See the figure below:
      QcloudCCRReadOnlyAccess policy
    5. In the Associate a user/group window that pops up, select the account that needs read-only permission for Image Registry, and click OK to grant read-only permission for Image Registry to the sub-accounts.
      Note:

      If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support