Operation Scenario
You can grant a user the permissions to view and use specific resources in the TKE console by using a CAM policy. The examples in this document guide you through the process of configuring certain permissions in the console.
Steps
Configuring Full Read/write Permission
- Log in to the CAM console.
- In the left navigation pane, click Policies to go to the policy management page.
- On the "Policy management" page, click Associate a user/group in the row of QcloudTKEFullAccess policy. See the figure below:

- In the Associate a user/user window that pops up, select the account that needs full read/write permission for the TKE service, and click OK to grant full read/write permission for the TKE service to the sub-accounts.
- On the "Policy management" page, click Associate a user/group in the row of QcloudTKEFullAccess policy. See the figure below:

- In the Associate a user/group window that pops up, select the account that needs full read/write permission for Image Registry, and click OK to grant full read/write permission for Image Registry to the sub-accounts.
If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).
Configuring Read-only Permission
- Log in to the CAM console.
- In the left navigation pane, click Policies to go to the policy management page.
- On the "Policy management" page, click Associate a user/group in the row of QcloudCCSReadOnlyAccess policy. See the figure below:

- In the Associate a user/user window that pops up, select the account that needs read-only permission for the TKE service, and click OK to grant read-only permission for the TKE service to the sub-accounts.
- On the "Policy management" page, click Associate a user/group in the row of QcloudCCRReadOnlyAccess policy. See the figure below:

- In the Associate a user/group window that pops up, select the account that needs read-only permission for Image Registry, and click OK to grant read-only permission for Image Registry to the sub-accounts.
If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).
Was this page helpful?