October has been a very busy month for the IBM Cloud platform team.

Adding to the momentum of IBM Cloud platform enhancements—like our new invite user experience that includes the ability to view action-to-role mappings that enable you to assign access with ease and confidence—is our new resource access report feature.

Have you ever wanted to know which users and service IDs in your account have access to a specific IBM Cloud resource? We understand it has been difficult for account owners and administrators to find out who or what has access to certain resources in an account. As accounts grow in size and complexity, the ability to track access to resources is important for both organizational and compliance-based reasons. 

Until now, this task has been a manual process that required administrators to view the assigned access for individual users, access groups, service IDs, and services one-by-one. The introduction of the resource access report is a big step forward in providing you with a simple and quick method to see access rights to a resource in an IBM Cloud account. 

You might already be familiar with the Resource list page in the IBM Cloud console, which is a one-stop-shop for viewing all resources created in an account. From this convenient view, you can easily drill down into any IAM-enabled resource to find out who has access and what level of access they are assigned. 

Ensure you have access to this capability

Before you try it out, there are a few things to know about the report:

  • The access report option is displayed for everyone, but only account owners or users assigned to at least the Administrator role on the selected resource can download the report.
  • Depending on your assigned access, you might be able to view just the IDs. If you have full access, you can see all details, including user names, access group names, access group memberships, and dynamic rules that provide the access. Check the value that is set for the fullReport flag. If it is set to false, you don’t have full access to view all display names, memberships, or rules.
  • The report is a snapshot of the access to the resource at the time you download the report. It doesn’t provide a log of historical access to the resource. 

For more information about what you’ll see based on your assigned access, check out the documentation.

Download the access report for a resource

If you have the authority to download the access report, you can complete the following steps:

  1. Go to the Resource list in your account.
  2. From the Actions menu for the row of the resource that you want a report for, click Export access report.
  3. Click Download JSON to get the report.

Note: The report includes details about the selected resource, but does not include details about its sub-resources. 

Analyze the results of the access report 

For the selected resource within the account, the JSON file includes the following information. 

  • The resource display name.
  • The information for the user who generated the report, such as IBMid, display name, and email address.  
  • A flag called fullReport, which is determined by the user’s level of access in the account. If set to true, you can view all the details in the report. 
  • Subjects who have access to the resource, including their assigned roles and the actions mapped to each role.
  • The IDs of the policies that provide the access.

Questions and feedback

As always, we are excited to deliver another highly requested feature to our users. We hope this has a positive impact on your experience with IBM Cloud, and we can’t wait for you to start using it more. Feel free to let us know what you think by using the Feedback button on any page in the IBM Cloud console. Have a happy and productive fourth quarter!

Was this article helpful?
YesNo

More from Cloud

How a US bank modernized its mainframe applications with IBM Consulting and Microsoft Azure

9 min read - As organizations strive to stay ahead of the curve in today's fast-paced digital landscape, mainframe application modernization has emerged as a critical component of any digital transformation strategy. In this blog, we'll discuss the example of a fictional US bank which embarked on a journey to modernize its mainframe applications. This strategic project has helped it to transform into a more modern, flexible and agile business. In looking at the ways in which it approached the problem, you’ll gain insights…

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters