Using Labels to Configure Sub-accounts with Full Read/Write Permissions for Batch Clusters

Last updated: 2020-09-18 10:43:41

    Overview

    You can grant permission for a user to view and use specific resources on the TKE console by using a Cloud Access Management (CAM) policy. This document describes how to grant cluster permissions to a sub-account by using a specified tag on the console.

    Directions

    1. Log in to the CAM console, and select 【Policies】on the left sidebar.
    2. On the Polices page, click Create Custom Policy.
    3. On the Select a method to create policy page, select Authorize by tag.
    4. On the Authorize by tag page, configure the items based on the following figure.
      • Authorize User: select the target sub-account.
      • User Group: select the user group where the target sub-account resides.
      • Tag Key and Tag Value: select the options that best fit your needs. The authorized sub-account will have full read/write permission for the resources with the specified tag key and tag value.
    5. Click Next to proceed.
    6. Verify that the policy name and content are correct. Then, click Done.

      Note:

      If you do not modify the policy content automatically generated by the system, the sub-account will be granted full read/write permission for the resources with the specified tag.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help