Cloud
October 31, 2019 By Ben Lopez
Michelle Kaufman
Chris Hatko
Ramiya Ramanathan
3 min read

October has been a very busy month for the IBM Cloud platform team.

Adding to the momentum of IBM Cloud platform enhancements—like our new invite user experience that includes the ability to view action-to-role mappings that enable you to assign access with ease and confidence—is our new resource access report feature.

Have you ever wanted to know which users and service IDs in your account have access to a specific IBM Cloud resource? We understand it has been difficult for account owners and administrators to find out who or what has access to certain resources in an account. As accounts grow in size and complexity, the ability to track access to resources is important for both organizational and compliance-based reasons. 

Until now, this task has been a manual process that required administrators to view the assigned access for individual users, access groups, service IDs, and services one-by-one. The introduction of the resource access report is a big step forward in providing you with a simple and quick method to see access rights to a resource in an IBM Cloud account. 

You might already be familiar with the Resource list page in the IBM Cloud console, which is a one-stop-shop for viewing all resources created in an account. From this convenient view, you can easily drill down into any IAM-enabled resource to find out who has access and what level of access they are assigned. 

Ensure you have access to this capability

Before you try it out, there are a few things to know about the report:

  • The access report option is displayed for everyone, but only account owners or users assigned to at least the Administrator role on the selected resource can download the report.
  • Depending on your assigned access, you might be able to view just the IDs. If you have full access, you can see all details, including user names, access group names, access group memberships, and dynamic rules that provide the access. Check the value that is set for the fullReport flag. If it is set to false, you don’t have full access to view all display names, memberships, or rules.
  • The report is a snapshot of the access to the resource at the time you download the report. It doesn’t provide a log of historical access to the resource. 

For more information about what you’ll see based on your assigned access, check out the documentation.

Download the access report for a resource

If you have the authority to download the access report, you can complete the following steps:

  1. Go to the Resource list in your account.
  2. From the Actions menu for the row of the resource that you want a report for, click Export access report.
  3. Click Download JSON to get the report.

Note: The report includes details about the selected resource, but does not include details about its sub-resources. 

Analyze the results of the access report 

For the selected resource within the account, the JSON file includes the following information. 

  • The resource display name.
  • The information for the user who generated the report, such as IBMid, display name, and email address.  
  • A flag called fullReport, which is determined by the user’s level of access in the account. If set to true, you can view all the details in the report. 
  • Subjects who have access to the resource, including their assigned roles and the actions mapped to each role.
  • The IDs of the policies that provide the access.

Questions and feedback

As always, we are excited to deliver another highly requested feature to our users. We hope this has a positive impact on your experience with IBM Cloud, and we can’t wait for you to start using it more. Feel free to let us know what you think by using the Feedback button on any page in the IBM Cloud console. Have a happy and productive fourth quarter!

Was this article helpful?
YesNo
Ben Lopez
OM - Identity & Access Management (IAM)
Michelle Kaufman
Content Lead and Strategist, IBM Cloud Platform
Chris Hatko
Identity and Access Management Development
Ramiya Ramanathan
IBM Cloud Design

More from Cloud
April 26, 2024

Bigger isn’t always better: How hybrid AI pattern enables smaller language models

5 min read - As large language models (LLMs) have entered the common vernacular, people have discovered how to use apps that access them. Modern AI tools can generate, create, summarize, translate, classify and even converse. Tools in the generative AI domain allow us to generate responses to prompts after learning from existing artifacts. One area that has not seen much innovation is at the far edge and on constrained devices. We see some versions of AI apps running locally on mobile devices with…

April 8, 2024

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

April 4, 2024

The advantages and disadvantages of private cloud 

6 min read - The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028, and it is forecast to increase by…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters