May 2, 2017 | Written by: Nancy Li and Deanna Brown
Categorized: What's New
Share this post:
As of May 23rd IBM Bluemix Container Service now provides a native Kubernetes operations experience while removing the burden of maintaining master nodes. Kubernetes itself is based on the Docker engine for managing software images and instantiating containers. Get the details.
Authors: Nancy Li & Deanna Brown
What is Identity & Access Management?
IBM Cloud Identity & Access Management enables you to securely authenticate users and control access to all cloud resources consistently in the IBM Bluemix Cloud Platform. This is a core capability of platform which means it’s no extra cost to you.
Bluemix is transitioning to a new, cloud-wide fine-grained access control capability. With access control, you can give users access to only the resources they need in an individual service or service instance level. Three pre-defined roles are supported: Admin, Editor, and Viewer. These give you the ability to control the types of actions users can perform against the resources they have access to.
The Access Control UI provides a simplified way of specifying policies for the resources within your account. After you’ve selected the user you want to set access policies for, it enables you to select a service from the list of services that are enabled with identity and access management. You can optionally select a region or a specific instance of the service. Then, you select the role that you want to assign the user for that resource or set of resources.
Initially, the account owner has the ability to set access for any resource within the account. The account owner can give others the ability to manage access within the account by assigning them the Administrator role on the account.
To start, you can use identity and access management to control access to the Kubernetes-based IBM containers service and its resources. Watch for additional services to adopt the new access control model soon.
Why move to a new model?
The new access control model has several advantages over the previous access control model, which was based on a user’s roles in Cloud Foundry orgs and spaces. You can now set access at a much finer-grained level, down to the individual service or service instance level, and can grant a user different roles for different resources. You can also manage access for resources across the cloud consistently, including resources outside of Cloud Foundry.