By jason-mcalpin 2 min read
March 4, 2021

Today we are announcing a brand-new way to manage access to IBM Cloud resources called tag-based access management.

This new access management capability allows authorized users to create IAM policies based on a new object called the access management tag. This new type of tag can be added to IAM-enabled IBM Cloud resources, making these resources objects of tag-based IAM policies.

How does tag-based access management work?

Tag-based access management allows an administrator of an IAM-enabled resource to create an access policy based on existing access management tags. An access policy that contains access management tags provides administrators the ability to grant or revoke access to a resource by attaching or detaching the access management tag to the resource. Using access management tags may reduce the number of access policies needed within an account while also providing a simplified way to grant access to a heterogeneous group of resources.

Start using tag-based access management

To get started, select a resource that you want to tag from the Resource List. You can add an access management tag by selecting Add tags from the actions menu for the resource. Access management tags must follow “key:value” format:

Once you’ve tagged the appropriate resources with the new access management tag, the access policy creation step is very similar to what it has been previously. However, instead of creating an access policy targeting a specific resource or resource group, you will create the access policy with the newly created access management tag as the target.

Begin by selecting All Identity and Access enabled services from the dropdown, as seen below. Then, you’ll use the new Services based on attributes button and select Access management tags. All you have to do from there is pick your access management tag from the dropdown and select one or more roles for the access policy. Finish by creating the access policy, and you’ve successfully begun to use the new tag-based access management system:

One example of a useful way to use the new access management tag is to provide access to a testing environment in an account. An account administrator can tag all resources related to a specific testing environment with a unique access management tag. Then, they can create a tag-based access policy for an access group or a developer to gain access to those resources. If the account administrator needs to add or remove resources from the testing environment, it is as simple as adding or removing the access management tag from a resource.   

Learn more

The release of the access management tag and our brand-new tag-based access management paradigm represents a huge step forward for IBM Cloud and our customers. To learn more, see the documentation.

We are very excited for our users to enjoy this new, simplified method of access management. We also look forward to any feedback, as always. Thanks for reading, now get to tagging!

Categories

Announcements  |  Cloud  |  cyber-security  | 
jason-mcalpin

More from Announcements
September 21, 2023

IBM TechXchange underscores the importance of AI skilling and partner innovation

3 min read - Generative AI and large language models are poised to impact how we all access and use information. But as organizations race to adopt these new technologies for business, it requires a global ecosystem of partners with industry expertise to identify the right enterprise use-cases for AI and the technical skills to implement the technology. During TechXchange, IBM's premier technical learning event in Las Vegas last week, IBM Partner Plus members including our Strategic Partners, resellers, software vendors, distributors and service…

August 29, 2023

Introducing Inspiring Voices, a podcast exploring the impactful journeys of great leaders

< 1 min read - Learning about other people's careers, life challenges, and successes is a true source of inspiration that can impact our own ambitions as well as life and business choices in great ways. Brought to you by the Executive Search and Integration team at IBM, the Inspiring Voices podcast will showcase great leaders, taking you inside their personal stories about life, career choices and how to make an impact. In this first episode, host David Jones, Executive Search Lead at IBM, brings…

August 18, 2023

IBM watsonx Assistant and NICE CXone combine capabilities for a new chapter in CCaaS

5 min read - In an age of instant everything, ensuring a positive customer experience has become a top priority for enterprises. When one third of customers (32%) say they will walk away from a brand they love after just one bad experience (source: PWC), organizations are now applying massive investments to this experience, particularly with their live agents and contact centers.  For many enterprises, that investment includes modernizing their call centers by moving to cloud-based Contact Center as a Service (CCaaS) platforms. CCaaS solutions…

August 2, 2023

See what’s new in SingleStoreDB with IBM 8.0

3 min read - Despite decades of progress in database systems, builders have compromised on at least one of the following: speed, reliability, or ease. They have two options: one, they could get a document database that is fast and easy, but can’t be relied on for mission-critical transactional applications. Or two, they could rely on a cloud data warehouse that is easy to set up, but only allows lagging analytics. Even then, each solution lacks something, forcing builders to deploy other databases for…