October has been a very busy month for the IBM Cloud platform team.

Adding to the momentum of IBM Cloud platform enhancements—like our new invite user experience that includes the ability to view action-to-role mappings that enable you to assign access with ease and confidence—is our new resource access report feature.

Have you ever wanted to know which users and service IDs in your account have access to a specific IBM Cloud resource? We understand it has been difficult for account owners and administrators to find out who or what has access to certain resources in an account. As accounts grow in size and complexity, the ability to track access to resources is important for both organizational and compliance-based reasons. 

Until now, this task has been a manual process that required administrators to view the assigned access for individual users, access groups, service IDs, and services one-by-one. The introduction of the resource access report is a big step forward in providing you with a simple and quick method to see access rights to a resource in an IBM Cloud account. 

You might already be familiar with the Resource list page in the IBM Cloud console, which is a one-stop-shop for viewing all resources created in an account. From this convenient view, you can easily drill down into any IAM-enabled resource to find out who has access and what level of access they are assigned. 

Ensure you have access to this capability

Before you try it out, there are a few things to know about the report:

  • The access report option is displayed for everyone, but only account owners or users assigned to at least the Administrator role on the selected resource can download the report.
  • Depending on your assigned access, you might be able to view just the IDs. If you have full access, you can see all details, including user names, access group names, access group memberships, and dynamic rules that provide the access. Check the value that is set for the fullReport flag. If it is set to false, you don’t have full access to view all display names, memberships, or rules.
  • The report is a snapshot of the access to the resource at the time you download the report. It doesn’t provide a log of historical access to the resource. 

For more information about what you’ll see based on your assigned access, check out the documentation.

Download the access report for a resource

If you have the authority to download the access report, you can complete the following steps:

  1. Go to the Resource list in your account.
  2. From the Actions menu for the row of the resource that you want a report for, click Export access report.
  3. Click Download JSON to get the report.

Note: The report includes details about the selected resource, but does not include details about its sub-resources. 

Analyze the results of the access report 

For the selected resource within the account, the JSON file includes the following information. 

  • The resource display name.
  • The information for the user who generated the report, such as IBMid, display name, and email address.  
  • A flag called fullReport, which is determined by the user’s level of access in the account. If set to true, you can view all the details in the report. 
  • Subjects who have access to the resource, including their assigned roles and the actions mapped to each role.
  • The IDs of the policies that provide the access.

Questions and feedback

As always, we are excited to deliver another highly requested feature to our users. We hope this has a positive impact on your experience with IBM Cloud, and we can’t wait for you to start using it more. Feel free to let us know what you think by using the Feedback button on any page in the IBM Cloud console. Have a happy and productive fourth quarter!


More from Cloud

IBM Cloud inactive identities: Ideas for automated processing

4 min read - Regular cleanup is part of all account administration and security best practices, not just for cloud environments. In our blog post on identifying inactive identities, we looked at the APIs offered by IBM Cloud Identity and Access Management (IAM) and how to utilize them to obtain details on IAM identities and API keys. Some readers provided feedback and asked on how to proceed and act on identified inactive identities. In response, we are going lay out possible steps to take.…

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…

IBM NS1 Connect: How IBM is delivering network connectivity with premium DNS offerings

4 min read - For most enterprises, how their users access applications and data is an essential part of doing business, and how they service those application and data responses has a direct correlation to revenue generation.    According to We Are Social’s Digital 2023 Global Overview Report, there are 5.19 billion people around the world using the internet in 2023. There’s an imperative need for businesses to trust their networks to deliver meaningful content to address customer needs.  So how responsive is the…