If a RAM user or a RAM role needs to manage custom Alibaba Cloud Service Mesh (ASM) resources, you can assign required role-based Access Control (RBAC) roles to the RAM user or the RAM role. This topic describes how to assign RBAC roles to a RAM user.

Configuration description

You can use an Alibaba Cloud account or a RAM user to assign RBAC roles to RAM users.

Procedure

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Authorization.
  3. On the Authorization page, find the RAM user that you want to authorize and click Authorize in the Actions column.
    Note To assign RBAC roles to a RAM role, click the RAM Role tab on the Authorization page, select the RAM role that you want to authorize, and then click Authorize.
  4. Assign a preset RBAC role to the RAM user for each ASM instance and click Submit.
    The following table describes the preset RBAC roles.
    Role RBAC permissions on cluster resources
    Administrator Has read and write permissions on all custom ASM resources in all namespaces.
    Restricted user Has read-only permissions on custom ASM resources visible in the ASM console in all namespaces or specified namespaces.
    Unauthorized user Has no read or write permissions on all custom ASM resources in all namespaces.