- Product Updates
- Product Introduction
- Purchase Guide
- Quick Start
- User Guide
- Notes on the New Console
- High-risk Operations of Container Service
- Deploying Containerized Applications in the Cloud
- Open Source Components
- Cluster Management
- Cluster Overview
- Cluster Hosting Modes Introduction
- Image explanation of TKE-Optimized series
- Cluster Lifecycle
- Creating a Cluster
- Cluster Scaling
- Connecting to a Cluster
- Upgrading a Cluster
- Enabling IPVS for a Cluster
- Enabling GPU Scheduling for a Cluster
- CVM Container Cluster Network
- Registered Container Cluster in Cloud Networking
- Configuring Intra-Region and Cross-region Peering
- Setting Communication Between Cluster Container and IDC
- Enabling VPC-CNI for a Cluster
- Node Management
- Kubernetes Object Management
- Overview
- Namespace
- Workload
- Deployment Management
- StatefulSet Management
- DaemonSet Management
- Job Management
- CronJob Management
- Setting the Resource Limit of Workload
- Setting the Scheduling Rule for a Workload
- Setting the Health Check for a Workload
- Setting the Run Command and Parameter for a Workload
- Managing StatefulSets with Static Pod IP Addresses
- Auto Scaling
- Service
- Configuration
- Storage Management
- Helm Application
- Image Registries
- OPS Center
- Monitoring and Alarms
- Remote Terminals
- Elastic Cluster Guide
- Edge Cluster Guide
- Best Practices
- Cluster Auto Scaling Practices
- Application High Availability Deployment
- Using Network Policy for Network Access Control
- Building a Simple Web Application
- docker run Parameter Adaptation
- Multiple Containers in One Pod
- Using NodeLocal DNS Cache in a TKE Cluster
- Removing and Re-adding Nodes from and to Cluster
- Construction and Deployment of Jenkins Public Network Framework Appications based on TKE
- Solve the inconsistent time zone problem in the container
- Access Management
- Fault Handling
- API documentation
- Introduction
- API Category
- Making API Requests
- Other APIs
- Scaling group related interfaces
- Node-related APIs
- Cluster-related APIs
- CreateClusterEndpoint
- CreateClusterEndpointVip
- DeleteCluster
- DeleteClusterEndpoint
- DeleteClusterEndpointVip
- CreateCluster
- DescribeClusterEndpointStatus
- DescribeClusterEndpointVipStatus
- DescribeClusterInstances
- DescribeClusterSecurity
- ModifyClusterAttribute
- DescribeClusters
- ModifyClusterEndpointSP
- DeleteClusterInstances
- AddExistedInstances
- API Mapping Guide
- Data Types
- Error Codes
- FAQs
- Notice
- Service Level Agreement
- Glossary
- User Guide(Old)
- Product Updates
- Product Introduction
- Purchase Guide
- Quick Start
- User Guide
- Notes on the New Console
- High-risk Operations of Container Service
- Deploying Containerized Applications in the Cloud
- Open Source Components
- Cluster Management
- Cluster Overview
- Cluster Hosting Modes Introduction
- Image explanation of TKE-Optimized series
- Cluster Lifecycle
- Creating a Cluster
- Cluster Scaling
- Connecting to a Cluster
- Upgrading a Cluster
- Enabling IPVS for a Cluster
- Enabling GPU Scheduling for a Cluster
- CVM Container Cluster Network
- Registered Container Cluster in Cloud Networking
- Configuring Intra-Region and Cross-region Peering
- Setting Communication Between Cluster Container and IDC
- Enabling VPC-CNI for a Cluster
- Node Management
- Kubernetes Object Management
- Overview
- Namespace
- Workload
- Deployment Management
- StatefulSet Management
- DaemonSet Management
- Job Management
- CronJob Management
- Setting the Resource Limit of Workload
- Setting the Scheduling Rule for a Workload
- Setting the Health Check for a Workload
- Setting the Run Command and Parameter for a Workload
- Managing StatefulSets with Static Pod IP Addresses
- Auto Scaling
- Service
- Configuration
- Storage Management
- Helm Application
- Image Registries
- OPS Center
- Monitoring and Alarms
- Remote Terminals
- Elastic Cluster Guide
- Edge Cluster Guide
- Best Practices
- Cluster Auto Scaling Practices
- Application High Availability Deployment
- Using Network Policy for Network Access Control
- Building a Simple Web Application
- docker run Parameter Adaptation
- Multiple Containers in One Pod
- Using NodeLocal DNS Cache in a TKE Cluster
- Removing and Re-adding Nodes from and to Cluster
- Construction and Deployment of Jenkins Public Network Framework Appications based on TKE
- Solve the inconsistent time zone problem in the container
- Access Management
- Fault Handling
- API documentation
- Introduction
- API Category
- Making API Requests
- Other APIs
- Scaling group related interfaces
- Node-related APIs
- Cluster-related APIs
- CreateClusterEndpoint
- CreateClusterEndpointVip
- DeleteCluster
- DeleteClusterEndpoint
- DeleteClusterEndpointVip
- CreateCluster
- DescribeClusterEndpointStatus
- DescribeClusterEndpointVipStatus
- DescribeClusterInstances
- DescribeClusterSecurity
- ModifyClusterAttribute
- DescribeClusters
- ModifyClusterEndpointSP
- DeleteClusterInstances
- AddExistedInstances
- API Mapping Guide
- Data Types
- Error Codes
- FAQs
- Notice
- Service Level Agreement
- Glossary
- User Guide(Old)
Configuring a Sub-account's Full Read/write or Read-only Permission to TKE
Last updated: 2020-02-24 16:43:58
Operation Scenario
You can grant a user the permissions to view and use specific resources in the TKE console by using a CAM policy. The examples in this document guide you through the process of configuring certain permissions in the console.
Steps
Configuring Full Read/write Permission
- Log in to the CAM console.
- In the left navigation pane, click Policies to go to the policy management page.
- On the "Policy management" page, click Associate a user/group in the row of QcloudCCSFullAccess policy. See the figure below:
- In the Associate a user/user window that pops up, select the account that needs full read/write permission for the TKE service, and click OK to grant full read/write permission for the TKE service to the sub-accounts.
- On the "Policy management" page, click Associate a user/group in the row of QcloudCCRFullAccess policy. See the figure below:
- In the Associate a user/group window that pops up, select the account that needs full read/write permission for Image Registry, and click OK to grant full read/write permission for Image Registry to the sub-accounts.
If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).
Configuring Read-only Permission
- Log in to the CAM console.
- In the left navigation pane, click Policies to go to the policy management page.
- On the "Policy management" page, click Associate a user/group in the row of QcloudCCSReadOnlyAccess policy. See the figure below:
- In the Associate a user/user window that pops up, select the account that needs read-only permission for the TKE service, and click OK to grant read-only permission for the TKE service to the sub-accounts.
- On the "Policy management" page, click Associate a user/group in the row of QcloudCCRReadOnlyAccess policy. See the figure below:
- In the Associate a user/group window that pops up, select the account that needs read-only permission for Image Registry, and click OK to grant read-only permission for Image Registry to the sub-accounts.
If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).
Was this page helpful?