If you need to set different access permissions for employees in your enterprise for the Cloud Container Engine (CCE) resources taken over on the cloud, in order to achieve permission isolation among different employees, you can use the unified identity authentication service for fine-grained permission management. This service provides functions such as user identity authentication, permission assignment, and access control, which can help you securely control the access to resources.
You can register users on the service interface and use policies to control their access scope to CCE cluster resources. For example, among your employees, there are those responsible for software development. You hope that they have the permission to use CCE clusters, but you don’t want them to have the permission to perform high-risk operations such as deleting CCE clusters. Then you can grant them permission policies to control their usage scope of CCE cluster resources.
