Introducing More Flexibility and Control for IBM Cloud Account Management Services Access
By: Tim Brantner, Chris Lynk, and Jeff Rosas
More flexibility and control for IBM Cloud account management services
IBM Cloud is excited to announce more flexibility and control for account management services like billing, user management, and global catalog. This update means that key account management functions such as tracking usage, viewing billing information, inviting users, and more can now be granted to other users in your account with IBM Cloud Identity and Access Management (IAM) policies.
We also heard from our users that they needed more granular account-wide access management capabilities to isolate account management tasks. Tasks like managing billing being isolated from resource management tasks like creating resources. Previously, granting access for All Identity and Access enabled services included all account management services. Now, we have logically separated the policy management of account management services from resources and resource groups. This means there will be two policies now (versus a single policy) going forward, including one for All account management services and the other for All resources in account (including future IAM enabled services), as shown below:
How do I try it out?
Get started in the following simple ways:
1) Go to the Users list and select a user to get started.
2) Click on Access Groups and select the access group to which you want to assign access:
Select the Access Policies tab, and click the Assign access button
On the Choose Access Type page (see below), select the Assign access to account management services option
Options to try:
Choose to assign access to All Account Management Services for your main administrator
Choose a specific account management service, such as User Management, for more specific administrator capability
To give a user account admin level rights or the ability to manage user access as well as all account resources, you must assign two policies: Administrator level for All Identity and Access Enabled Services and Administrator level for b (as seen below)
To learn more details about this new feature and IAM access as a whole, please check out our great documentation at https://console.bluemix.net/docs/iam/users_roles.html#platformrolestable2 and https://console.bluemix.net/docs/overview/whats-new/index.html#whatsnew.
We are listening to our users and always happy to deliver something that helps you in your day-to-day job. Whether you see something wrong or right, we’d like your feedback by clicking the Feedback button along the right side of any page in IBM Cloud. In addition, we have many new announcements coming up, so check back on the IBM Cloud Blog to receive the freshest updates.