Overview
This document describes how to configure a permission policy in the TEM console and use CAM to grant the policy to a sub-account.
Directions
1. Log in to the TEM console and click Permission management on the left sidebar. 2. On the Permission management page, click Create permission policy and enter a policy name and description.
3. (Optional) Authorize environment resources:
Select Environment and select the operation and resource scopes in the options expanded below.
Select the scope of environment operations to be authorized:
View environment details: This option includes read operations and deployment operations (deploying applications and associate gateways to the environment) of the selected environment.
Manage environment: This option includes the read, deployment, and write operations of the selected environment.
Select the scope of environment resources to be authorized:
Specified environments: You can select resources in the resource selector below.
All environments: This option refers to all existing environments and includes those added subsequently.
4. (Optional) Authorize application resources:
Select Application and select the operation and resource scopes in the options expanded below.
Select the scope of application operations to be authorized:
View application details: This option includes read operations of the selected application.
Manage application: This option includes the read and write operations of the selected application.
Select the scope of application resources to be authorized:
Specified applications: You can select resources in the resource selector below.
All applications: This option refers to all existing applications and includes those added subsequently.
5. (Optional) Authorize CLB gateway resources:
Select CLB gateway and select the operation and resource scopes in the options expanded below.
Select the scope of CLB gateway operations to be authorized:
View CLB gateway details: This option includes the read operations of the selected CLB gateway.
Manage CLB gateway: This option includes the read and write operations of the selected CLB gateway.
Select the scope of CLB gateway resources to be authorized:
Specified CLB gateway: You can select resources in the resource selector below.
All CLB gateways: This option refers to all existing CLB gateways and includes those added subsequently.
6. Preview the configured permission policy content, confirm that everything is correct, and click Confirm and go to CAM for authorization. You will be redirected to the CAM Policy Generation page.
7. Generate the corresponding permission policy in CAM and click Complete.
Note:
Do not modify the generated policy content; otherwise, the policy may not take effect.
8. Associate the generated policy to the target users/user groups to complete authorization.
Was this page helpful?