If a RAM user or a RAM role needs to manage custom Service Mesh (ASM) resources, you can assign required role-based Access Control (RBAC) roles to the RAM user or the RAM role. This topic describes how to assign RBAC roles to a RAM user.
Configuration description
You can use an Alibaba Cloud account or a RAM user to assign RBAC roles to RAM users.
Procedure
Log on to the ASM console.
In the left-side navigation pane, choose .
On the Authorization page, find the RAM user that you want to authorize and click Authorize in the Actions column.
NoteTo assign RBAC roles to a RAM role, click the RAM Role tab on the Authorization page, select the RAM role that you want to authorize, and then click Authorize.
Assign a preset RBAC role to the RAM user for each ASM instance and click Submit.
The following table describes the preset RBAC roles.
Role
RBAC permissions on cluster resources
Administrator
Has read and write permissions on all custom ASM resources in all namespaces.
Istio resource administrator
Has read and write permissions on all resources except for the ASM gateways (IstioGateway) in all namespaces.
Restricted user
Has read-only permissions on custom ASM resources visible in the ASM console in all namespaces or specified namespaces.
No permission
Has no read or write permissions on all custom ASM resources in all namespaces.