Effectively immediately, our IBM Log Analysis and IBM Cloud Activity Tracker services are enabled to perform IAM-based access control of the services.

This feature makes it easier for teams to more effectively manage who has access to data offered through the services. The new IAM-level control offers you the ability to configure role-based access control to individual operators with granularity at the log-line level.

This new feature helps solve several common scenarios:

  1. Business desire to access sections of log and event data for specific insights by larger audiences and audiences outside your normal team.
  2. Security and privacy desire to isolate data access to individuals with a need to know.
  3. Solutions architecture desire to set up application logs and cloud activity tracking events to meet DevOps organizational needs.

A greater ability to control who has access to specific log and event data allows you to more accurately define who has access to specific insights and extend the value of your log and cloud activity event data.

Details on this new feature are documented and available in the services’ respective doc area:

Defining access – an example

In this scenario, the admin has an IBM Log Analysis account named “LA 2” with logs from many applications. Each application may contain sensitive data and there is business desire to keep user access isolated for need to know. Developer A is assigned to an application called tiny-app. The logs of tiny-app are also mingled with all the other logs, which Developer A should not see. 

The Admin wants to restrict Developer A to the tiny-app logs only. The is exemplified in the yellow box above.

The Admin first clicks the gear on the left, then Team > Groups, and creates a new group called “tiny-app.” Users in the group are only able to see logs that match the query “app:tiny-app” (under Access Scope). 

Next, the Admin creates an IAM access group to define which users are in this group. The Admin clicks Manage > Access (IAM) > Access Groups > Create, and creates an access group with two policies:

  1. The first one gives access to the service instance: Viewer for “LA 2.”
  2. The second one selects the Log Group: Viewer and Reader for “LA 2” / “tiny-app.”

In the Users tab, the Admin chooses “Developer A.”

Now, when Developer A opens the “LA 2” instance, only the tiny-app lines are visible.

This scenario can be further extended to security teams and other teams with need for access to specific logs and events. Both IBM Log Analysis and IBM Cloud Activity Tracker support this new feature. You could even use the same IAM groups for access rights across multiple IBM Log Analysis and IBM Cloud Activity Tracker instances.

Get started today

Both the Log Analysis and Activity Tracker services are found in the IBM Cloud catalog. Alternatively, you may access both services within Observability. Learn more about each service:

More from Announcements

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Consulting augments expertise with AWS Competencies: A win-win for clients 

3 min read - In today's dynamic economic landscape, businesses demand continuous innovation and speed of execution. At IBM Consulting®, our unwavering focus on partnerships and shared commitment to delivering enterprise-level solutions to mutual clients have been core to our success.   We are thrilled to announce that IBM® has recently gained five competencies from Amazon Web Services (AWS) in vital domains including Cloud Operations, Internet of Things (IoT), Life Sciences, Mainframe Modernization, and Telecommunications. With these credentials, IBM further establishes its position as a…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters