tencent cloud


Using Labels to Configure Sub-accounts with Full Read/Write Permissions for Batch Clusters

Last updated: 2020-09-18 10:43:41


    You can grant permission for a user to view and use specific resources on the TKE console by using a Cloud Access Management (CAM) policy. This document describes how to grant cluster permissions to a sub-account by using a specified tag on the console.


    1. Log in to the CAM console, and select 【Policies】on the left sidebar.
    2. On the Polices page, click Create Custom Policy.
    3. On the Select a method to create policy page, select Authorize by tag.
    4. On the Authorize by tag page, configure the items based on the following figure.
      • Authorize User: select the target sub-account.
      • User Group: select the user group where the target sub-account resides.
      • Tag Key and Tag Value: select the options that best fit your needs. The authorized sub-account will have full read/write permission for the resources with the specified tag key and tag value.
    5. Click Next to proceed.
    6. Verify that the policy name and content are correct. Then, click Done.


      If you do not modify the policy content automatically generated by the system, the sub-account will be granted full read/write permission for the resources with the specified tag.

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support