Announcements
Cloud
March 4, 2021 By jason-mcalpin 2 min read

Today we are announcing a brand-new way to manage access to IBM Cloud resources called tag-based access management.

This new access management capability allows authorized users to create IAM policies based on a new object called the access management tag. This new type of tag can be added to IAM-enabled IBM Cloud resources, making these resources objects of tag-based IAM policies.

How does tag-based access management work?

Tag-based access management allows an administrator of an IAM-enabled resource to create an access policy based on existing access management tags. An access policy that contains access management tags provides administrators the ability to grant or revoke access to a resource by attaching or detaching the access management tag to the resource. Using access management tags may reduce the number of access policies needed within an account while also providing a simplified way to grant access to a heterogeneous group of resources.

Start using tag-based access management

To get started, select a resource that you want to tag from the Resource List. You can add an access management tag by selecting Add tags from the actions menu for the resource. Access management tags must follow “key:value” format:

Once you’ve tagged the appropriate resources with the new access management tag, the access policy creation step is very similar to what it has been previously. However, instead of creating an access policy targeting a specific resource or resource group, you will create the access policy with the newly created access management tag as the target.

Begin by selecting All Identity and Access enabled services from the dropdown, as seen below. Then, you’ll use the new Services based on attributes button and select Access management tags. All you have to do from there is pick your access management tag from the dropdown and select one or more roles for the access policy. Finish by creating the access policy, and you’ve successfully begun to use the new tag-based access management system:

One example of a useful way to use the new access management tag is to provide access to a testing environment in an account. An account administrator can tag all resources related to a specific testing environment with a unique access management tag. Then, they can create a tag-based access policy for an access group or a developer to gain access to those resources. If the account administrator needs to add or remove resources from the testing environment, it is as simple as adding or removing the access management tag from a resource.   

Learn more

The release of the access management tag and our brand-new tag-based access management paradigm represents a huge step forward for IBM Cloud and our customers. To learn more, see the documentation.

We are very excited for our users to enjoy this new, simplified method of access management. We also look forward to any feedback, as always. Thanks for reading, now get to tagging!

jason-mcalpin

More from Announcements
July 2, 2024

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

June 24, 2024

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

June 21, 2024

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters