Help & DocumentationTencent Kubernetes EngineAccess ManagementUsage ExamplesConfiguring a Sub-account's Full Read/write or Read-only Permission to TKE

Configuring a Sub-account's Full Read/write or Read-only Permission to TKE

Last updated: 2019-07-19 17:53:53

PDF

Operation Scenario

You can grant a user the permissions to view and use specific resources in the TKE console by using a CAM policy. The examples in this document guide you through the process of configuring certain permissions in the console.

Steps

Configuring Full Read/write Permission

  1. Log in to the CAM console.
  2. In the left navigation pane, click Policies to go to the policy management page.
  3. On the "Policy management" page, click Associate a user/group in the row of QcloudCCSFullAccess policy. See the figure below:
    QcloudCCSFullAccess policy
  4. In the Associate a user/user window that pops up, select the account that needs full read/write permission for the TKE service, and click OK to grant full read/write permission for the TKE service to the sub-accounts.
  5. On the "Policy management" page, click Associate a user/group in the row of QcloudCCRFullAccess policy. See the figure below:
    QcloudCCRFullAccess policy
  6. In the Associate a user/group window that pops up, select the account that needs full read/write permission for Image Registry, and click OK to grant full read/write permission for Image Registry to the sub-accounts.

    If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).

Configuring Read-only Permission

  1. Log in to the CAM console.
  2. In the left navigation pane, click Policies to go to the policy management page.
  3. On the "Policy management" page, click Associate a user/group in the row of QcloudCCSReadOnlyAccess policy. See the figure below:
    QcloudCCSReadOnlyAccess policy
  4. In the Associate a user/user window that pops up, select the account that needs read-only permission for the TKE service, and click OK to grant read-only permission for the TKE service to the sub-accounts.
  5. On the "Policy management" page, click Associate a user/group in the row of QcloudCCRReadOnlyAccess policy. See the figure below:
    QcloudCCRReadOnlyAccess policy
  6. In the Associate a user/group window that pops up, select the account that needs read-only permission for Image Registry, and click OK to grant read-only permission for Image Registry to the sub-accounts.

    If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).