If a RAM user or a RAM role needs to manage custom Service Mesh (ASM) resources, you can assign required role-based Access Control (RBAC) roles to the RAM user or the RAM role. This topic describes how to assign RBAC roles to a RAM user.
Configuration description
You can use an Alibaba Cloud account or a RAM user to assign RBAC roles to RAM users.
Procedure
Log on to the ASM console. In the left-side navigation pane, choose .
Grant permissions on the Authorization page.
Grant permissions to a RAM user: Click the RAM User tab, select the RAM role that you want to authorize, and then click Manage Permissions on the right side.
Grant permissions to a RAM role: Click the RAM Role tab, and enter a role name in the RAM Role Name field. Find the role to which you want grant permissions, and click Manage Permissions.
Click +Add Permissions on the Permission Management page, and select an ASM Instance Name/ID and a Namespace for the RAM role or RAM user. Select a role in the Permission Management column, and click Submit Permissions.
The following table describes the preset RBAC roles.
Role
RBAC permissions on cluster resources
Administrator
Has read and write permissions on all custom ASM resources in all namespaces.
Istio resource administrator
Has read and write permissions on all resources except for the ASM gateways (IstioGateway) in a specified namespace or all namespaces.
Restricted user
Has read-only permissions on custom ASM resources visible in the ASM console in a specified namespace or all namespaces.
No permission
Has no read or write permissions on all custom ASM resources in all namespaces.