What's New

Introducing More Flexibility and Control for IBM Cloud Account Management Services Access

Share this post:

More flexibility and control for IBM Cloud account management services

IBM Cloud is excited to announce more flexibility and control for account management services like billing, user management, and global catalog. This update means that key account management functions such as tracking usage, viewing billing information, inviting users, and more can now be granted to other users in your account with IBM Cloud Identity and Access Management (IAM) policies.

We also heard from our users that they needed more granular account-wide access management capabilities to isolate account management tasks. Tasks like managing billing being isolated from resource management tasks like creating resources. Previously, granting access for All Identity and Access enabled services included all account management services. Now, we have logically separated the policy management of account management services from resources and resource groups. This means there will be two policies now (versus a single policy) going forward, including one for All account management services and the other for All resources in account (including future IAM enabled services), as shown below:

How do I try it out?

Get started in the following simple ways:

1) Go to the Users list and select a user to get started.

2) Click on Access Groups and select the access group to which you want to assign access:

  • Select the Access Policies tab, and click the Assign access button
  • On the Choose Access Type page (see below), select the Assign access to account management services option
  • Options to try:
    • Choose to assign access to All Account Management Services for your main administrator
    • Choose a specific account management service, such as User Management, for more specific administrator capability
    • To give a user account admin level rights or the ability to manage user access as well as all account resources, you must assign two policies: Administrator level for All Identity and Access Enabled Services and Administrator level for  b (as seen below)

Learn more

To learn more details about this new feature and IAM access as a whole, please check out our great documentation at https://console.bluemix.net/docs/iam/users_roles.html#platformrolestable2 and  https://console.bluemix.net/docs/overview/whats-new/index.html#whatsnew.

We are listening to our users and always happy to deliver something that helps you in your day-to-day job. Whether you see something wrong or right, we’d like your feedback by clicking the Feedback button along the right side of any page in IBM Cloud. In addition, we have many new announcements coming up, so check back on the IBM Cloud Blog to receive the freshest updates.

Product Owner - IBM Cloud IAM (Identity Access Management)

Chris Lynk

Cloud Senior Software Developer

Jeff Rosas

IBM Cloud Developer

More What's New stories
November 16, 2018

IBM Cloud Functions Adds Support for PHP 7.2

IBM Cloud Functions added support for PHP 7.1 last year, and with the release of 7.2, we are updating! With PHP 7.2 you can ensure better app performance.

Continue reading

November 7, 2018

IBM Cloud Functions Adds Support for Ruby 2.5

IBM Cloud Functions is welcoming Ruby 2.5 as a natively supported programming language. Join the Serverless revolution and start building cloud-native apps.

Continue reading

November 5, 2018

Announcing IBM Cloud Data Shield Experimental – Scalable Data-in-Use Protection for Your Container Workloads

Data Shield, powered by Fortanix, provides data-in-use protection for your container workloads running on the IBM Cloud Kubernetes Service. It leverages Intel® SGX technology to run code and data in CPU-hardened “enclaves” or a Trusted Execution Environment (TEE).

Continue reading