You can grant a user the permissions to view and use specific resources in the TKE console by using a CAM policy. This document describes how to configure certain permission policies in the console.
Instructions
Configuring Full Read/write Permission
1. Log in to the Access Management console and select Policies from the left navigation bar.
2. On the "Policies" management page, select Associate User/Group/Role for the QcloudTKEFullAccess policy row, as shown below:
3. In the "Associate User/User Group/Role" pop-up window, select the account that requires full read/write permissions for TKE service, and click Confirm to complete the configuration of full read/write permissions for the sub-account on TKE service.
4. On the Policy Management page, click Associate Users/User Groups/Roles in the QcloudCCRFullAccess policy row.
5. In the "Associate Users/User Groups/Roles" pop-up window, select the accounts that require full read/write permissions for the image repository, and click OK to complete the configuration of full read/write permissions for the sub-account.
Note
If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).
Configuring Read-only Permission
1. Log in to the Access Management console and select Policies from the left navigation bar.
2. On the "Policies" management page, select Associate Users/User Groups/Roles for the QcloudTKEReadOnlyAccess policy row.
3. In the "Associate User/User Group/Role" pop-up window, select the account that requires read-only access to TKE services and click Confirm to complete the configuration of read-only permissions for the sub-account on TKE services.
4. On the Policy Management page, click Associate Users/User Groups/Roles in the QcloudCCRReadOnlyAccess policy row.
5. In the "Associate Users/User Groups/Roles" pop-up window, select the accounts that require read-only access to the image repository and click OK to complete the configuration of read-only permissions for the sub-account.
Note
If you want to use the trigger and automatic building features of Image Registry, you also need to configure additional permissions for TKE - continuous integration (CCB).
