Enterprise security

An enterprise is a hierarchy of IBM Cloud accounts that contains a parent account at the highest level with child account groups as the middle level and optional individual accounts that you can add at the lowest level. To provide security between the levels of accounts, enterprises isolate user and access management between the enterprise account and its child accounts.

The users and their assigned access in the enterprise account are entirely separate from users in the child accounts, and no access is inherited between the two types of accounts. User and access management in each enterprise and each account is entirely separate and must be managed by the account owner or a user given the Administrator role in the specific account.

Resources and services within an enterprise function the same as in stand-alone accounts. Each account in an enterprise can contain resource groups that manage access to multiple resources. For account security and how to use resource groups, see IBM Cloud account security.

Use cases

The user lists for each account are only visible to the users who are invited to that account. Just because a user is invited and given access to manage the entire enterprise, it doesn't mean that they can view the users who are invited to each child account.

Both user management and access management are entirely separate in each account and in the enterprise itself. This separation means that users who manage your enterprise can't access account resources within the child accounts unless you specifically enable them to. For example, your financial officer can have the Administrator role on the Billing account management service within the enterprise account. The financial officer must be invited to a child account with the appropriate access rights to view offers or update spending limits for the child account.

Role inheritance for enterprises

Learn more

For an overview of enterprise accounts, see IBM Cloud docs: What is an enterprise?

For step-by-step instructions for setting up an enterprise hierarchy of accounts, see IBM Cloud docs: Setting up an enterprise

For tips for setting up an enterprise, see IBM Cloud docs: Best practices for setting up an enterprise

Parent topic: Security