With the latest feature release from IBM Cloud Identity and Access Management (IAM), you can customize how access is assigned to individual services by creating custom roles in your account.

Until now, access was managed by using the available platform and service roles that have specific actions that are mapped by individual services. In many cases, to get the desired access for your users, you had to evaluate all of the roles and their associated actions and sometimes assign more than one role. However, now you can simplify the access assignment process by customizing which actions you want users to have and combining them into a single role.

What is a custom role?

A custom role is a collection of actions that are chosen by an administrator and scoped to a single service for giving users access. This means that you must select a single service and choose the actions that you want to add from that service. You can’t combine actions from different services into a custom role. 

You can add any number of the available actions for the service that you select, give the custom role a unique name, and add it to the account. After the custom role is created, any user who can assign access to that particular service can select it or specify it the next time that they assign access in the console or by using the CLI or API.

Who can manage custom roles?

There is a new account management service that is called Role management that can be used to give users access to manage custom roles. Account owners can create, update, and delete custom roles by default, but if you want another user in your account to be able to do the same, you must assign them access to the new account management service:

  • The Editor role on the Role management service enables users to edit and update a role name, description, and the actions that are mapped to it.
  • The Administrator role on the Role management service enables users to create, edit, update, and delete custom roles in the account.

Creating custom roles

When you’re ready to create your first custom role to simplify how access is assigned to IBM Cloud services in your account, you can get started in the IAM section of the console.

  1. Go to Manage > Access (IAM) and then click Roles
  2. Click Create +.
  3. Enter a unique name for your role that is displayed in the console when users assign access to the service. 
  4. Enter an ID for the role that is used to create the CRN for the role, which is used when assigning access by using the API. 
  5. Optional: A role description can also be included. A description can be helpful for users assigning access because it displays with the role name in the console and can help provide information about the role to the users. 
  6. Select a service to start reviewing what actions you want to add to your role.
  7. Click Add next to each action that you want for your custom role. You must select at least one action that is defined by the service, so check the Type column for all actions labeled Service, and make sure you add at least one.
  8. When you’re done, review the role summary. Then, click Create.

When you’re ready to start trying it out, log in to your account and go to the Roles page.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters