Configuring a Sub-account's Full Read/write or Read-only Permission to TKE

Last updated: 2020-09-21 10:43:50

    Operation Scenario

    You can grant a user the permissions to view and use specific resources in the TKE console by using a CAM policy. The examples in this document guide you through the process of configuring certain permissions in the console.

    Steps

    Configuring Full Read/write Permission

    1. Log in to the CAM console.
    2. In the left navigation pane, click Policies to go to the policy management page.
    3. On the "Policy management" page, click Associate a user/group in the row of QcloudTKEFullAccess policy. See the figure below:
    4. In the Associate a user/user window that pops up, select the account that needs full read/write permission for the TKE service, and click OK to grant full read/write permission for the TKE service to the sub-accounts.
    5. On the "Policy management" page, click Associate a user/group in the row of QcloudTKEFullAccess policy. See the figure below:
      QcloudCCRFullAccess policy
    6. In the Associate a user/group window that pops up, select the account that needs full read/write permission for Image Registry, and click OK to grant full read/write permission for Image Registry to the sub-accounts.

      If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).

    Configuring Read-only Permission

    1. Log in to the CAM console.
    2. In the left navigation pane, click Policies to go to the policy management page.
    3. On the "Policy management" page, click Associate a user/group in the row of QcloudCCSReadOnlyAccess policy. See the figure below:
      QcloudCCSReadOnlyAccess policy
    4. In the Associate a user/user window that pops up, select the account that needs read-only permission for the TKE service, and click OK to grant read-only permission for the TKE service to the sub-accounts.
    5. On the "Policy management" page, click Associate a user/group in the row of QcloudCCRReadOnlyAccess policy. See the figure below:
      QcloudCCRReadOnlyAccess policy
    6. In the Associate a user/group window that pops up, select the account that needs read-only permission for Image Registry, and click OK to grant read-only permission for Image Registry to the sub-accounts.

      If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help