- Product Updates
- Product Introduction
- Purchase Guide
- Quick Start
- User Guide
- Notes on the New Console
- High-risk Operations of Container Service
- Deploying Containerized Applications in the Cloud
- Kubernetes API Operation Guide
- Open Source Components
- Cluster Management
- Cluster Overview
- Cluster Hosting Modes Introduction
- Image explanation of TKE-Optimized series
- Cluster Lifecycle
- Creating a Cluster
- Deleting a Cluster
- Cluster Scaling
- Connecting to a Cluster
- Upgrading a Cluster
- Enabling IPVS for a Cluster
- GlobalRouter VPC-CNI Mode Description
- Enabling GPU Scheduling for a Cluster
- CVM Container Cluster Network
- Registered Container Cluster in Cloud Networking
- Configuring Intra-Region and Cross-region Peering
- Setting Communication Between Cluster Container and IDC
- Custom Kubernetes Component Launch Parameters
- Node Management
- Node Pool Management
- Kubernetes Object Management
- Overview
- Namespace
- Workload
- Deployment Management
- StatefulSet Management
- DaemonSet Management
- Job Management
- CronJob Management
- Setting the Resource Limit of Workload
- Setting the Scheduling Rule for a Workload
- Setting the Health Check for a Workload
- Setting the Run Command and Parameter for a Workload
- Using a Container Image in a TCR Enterprise Instance to Create a Workload
- Managing StatefulSets with Static Pod IP Addresses
- Auto Scaling
- Configuration
- Service Management
- Ingress Management
- Storage Management
- Helm Application
- Image Registries
- Application Market
- OPS Center
- Remote Terminals
- Elastic Cluster Guide
- Edge Cluster Guide
- Best Practices
- Permission Management
- Overview
- Description of Role Permissions Related to Service Authorization
- TKE Image Registry Resource-level Permission Settings
- Controlling TKE cluster-level permissions
- TKE Kubernetes Object-level Permission Control
- Fault Handling
- API documentation
- History
- Introduction
- API Category
- Making API Requests
- Other APIs
- Node-related APIs
- Cluster APIs
- AcquireClusterAdminRole
- CreateClusterEndpoint
- CreateClusterEndpointVip
- DeleteCluster
- DeleteClusterEndpoint
- DeleteClusterEndpointVip
- CreateCluster
- DescribeClusterEndpointStatus
- DescribeClusterKubeconfig
- DescribeClusterEndpointVipStatus
- DescribeClusterInstances
- DescribeClusterSecurity
- ModifyClusterAttribute
- DescribeClusters
- ModifyClusterEndpointSP
- DeleteClusterInstances
- AddExistedInstances
- API Mapping Guide
- Scaling group APIs
- Data Types
- Error Codes
- FAQs
- Notice
- Service Level Agreement
- Glossary
- User Guide(Old)
- Product Updates
- Product Introduction
- Purchase Guide
- Quick Start
- User Guide
- Notes on the New Console
- High-risk Operations of Container Service
- Deploying Containerized Applications in the Cloud
- Kubernetes API Operation Guide
- Open Source Components
- Cluster Management
- Cluster Overview
- Cluster Hosting Modes Introduction
- Image explanation of TKE-Optimized series
- Cluster Lifecycle
- Creating a Cluster
- Deleting a Cluster
- Cluster Scaling
- Connecting to a Cluster
- Upgrading a Cluster
- Enabling IPVS for a Cluster
- GlobalRouter VPC-CNI Mode Description
- Enabling GPU Scheduling for a Cluster
- CVM Container Cluster Network
- Registered Container Cluster in Cloud Networking
- Configuring Intra-Region and Cross-region Peering
- Setting Communication Between Cluster Container and IDC
- Custom Kubernetes Component Launch Parameters
- Node Management
- Node Pool Management
- Kubernetes Object Management
- Overview
- Namespace
- Workload
- Deployment Management
- StatefulSet Management
- DaemonSet Management
- Job Management
- CronJob Management
- Setting the Resource Limit of Workload
- Setting the Scheduling Rule for a Workload
- Setting the Health Check for a Workload
- Setting the Run Command and Parameter for a Workload
- Using a Container Image in a TCR Enterprise Instance to Create a Workload
- Managing StatefulSets with Static Pod IP Addresses
- Auto Scaling
- Configuration
- Service Management
- Ingress Management
- Storage Management
- Helm Application
- Image Registries
- Application Market
- OPS Center
- Remote Terminals
- Elastic Cluster Guide
- Edge Cluster Guide
- Best Practices
- Permission Management
- Overview
- Description of Role Permissions Related to Service Authorization
- TKE Image Registry Resource-level Permission Settings
- Controlling TKE cluster-level permissions
- TKE Kubernetes Object-level Permission Control
- Fault Handling
- API documentation
- History
- Introduction
- API Category
- Making API Requests
- Other APIs
- Node-related APIs
- Cluster APIs
- AcquireClusterAdminRole
- CreateClusterEndpoint
- CreateClusterEndpointVip
- DeleteCluster
- DeleteClusterEndpoint
- DeleteClusterEndpointVip
- CreateCluster
- DescribeClusterEndpointStatus
- DescribeClusterKubeconfig
- DescribeClusterEndpointVipStatus
- DescribeClusterInstances
- DescribeClusterSecurity
- ModifyClusterAttribute
- DescribeClusters
- ModifyClusterEndpointSP
- DeleteClusterInstances
- AddExistedInstances
- API Mapping Guide
- Scaling group APIs
- Data Types
- Error Codes
- FAQs
- Notice
- Service Level Agreement
- Glossary
- User Guide(Old)
Using Labels to Configure Sub-accounts with Full Read/Write Permissions for Batch Clusters
Last updated: 2020-09-18 10:43:41
Overview
You can grant permission for a user to view and use specific resources on the TKE console by using a Cloud Access Management (CAM) policy. This document describes how to grant cluster permissions to a sub-account by using a specified tag on the console.
Directions
- Log in to the CAM console, and select 【Policies】on the left sidebar.
- On the Polices page, click Create Custom Policy.
- On the Select a method to create policy page, select Authorize by tag.
- On the Authorize by tag page, configure the items based on the following figure.
- Authorize User: select the target sub-account.
- User Group: select the user group where the target sub-account resides.
- Tag Key and Tag Value: select the options that best fit your needs. The authorized sub-account will have full read/write permission for the resources with the specified tag key and tag value.
- Click Next to proceed.
- Verify that the policy name and content are correct. Then, click Done.
Note:
If you do not modify the policy content automatically generated by the system, the sub-account will be granted full read/write permission for the resources with the specified tag.
Was this page helpful?