If a RAM user or a RAM role needs to manage custom Alibaba Cloud Service Mesh (ASM)
resources, you can assign required role-based Access Control (RBAC) roles to the RAM
user or the RAM role. This topic describes how to assign RBAC roles to a RAM user.
Configuration description
You can use an Alibaba Cloud account or a RAM user to assign RBAC roles to RAM users.
Procedure
- Log on to the ASM console.
- In the left-side navigation pane, choose .
- On the Authorization page, find the RAM user that you want to authorize and click Authorize in the Actions column.
Note To assign RBAC roles to a RAM role, click the RAM Role tab on the Authorization page, select the RAM role that you want to authorize, and then click Authorize.
- Assign a preset RBAC role to the RAM user for each ASM instance and click Submit.
The following table describes the preset RBAC roles.
Role |
RBAC permissions on cluster resources |
Administrator |
Has read and write permissions on all custom ASM resources in all namespaces. |
Restricted user |
Has read-only permissions on custom ASM resources visible in the ASM console in all
namespaces or specified namespaces.
|
Unauthorized user |
Has no read or write permissions on all custom ASM resources in all namespaces. |