You can grant permission for a user to view and use specific resources on the TKE console by using a Cloud Access Management (CAM) policy. This document describes how to grant cluster permissions to a sub-account by using a specified tag on the console.
- Log in to the CAM console, and select 【Policies】on the left sidebar.
- On the Polices page, click Create Custom Policy.
- On the Select a method to create policy page, select Authorize by tag.
- On the Authorize by tag page, configure the items based on the following figure.
- Authorize User: select the target sub-account.
- User Group: select the user group where the target sub-account resides.
- Tag Key and Tag Value: select the options that best fit your needs. The authorized sub-account will have full read/write permission for the resources with the specified tag key and tag value.
- Click Next to proceed.
- Verify that the policy name and content are correct. Then, click Done.
If you do not modify the policy content automatically generated by the system, the sub-account will be granted full read/write permission for the resources with the specified tag.