Can I Configure Only Namespace Permissions Without Cluster Management Permissions?

Namespace permissions and cluster management permissions are independent and complementary to each other.

• Namespace permissions: apply to clusters and are used to manage operations on cluster resources (such as creating workloads).
• Cluster management (IAM) permissions: apply to cloud services and used to manage CCE Autopilot clusters and peripheral resources (such as VPC, ELB, and ECS).

Administrators of the IAM Admin user group can grant cluster management permissions (such as CCE Administrator and CCE FullAccess) to IAM sub-users or grant namespace permissions for a cluster on the CCE console. However, the permissions you have on the CCE console are determined by the IAM system policy. If the cluster management permissions are not configured, you do not have the permissions to access the CCE console.

If you only run kubectl commands to operate cluster resources, you only need to obtain the kubeconfig file with the namespace permission. For details, see Can I Use APIs If the Cluster Management Permissions Are Not Configured?. Note that information leakage may occur when you use the kubeconfig file.