Identity and Access Management
You can manage your user account more safely and effectively with the help of the access management feature in the Arvancloud panel.
If you own a large business with many experts, or you are a freelancer with many projects on hand, you need to allocate your dashboard resources to different people.
For example, in a large organization, domain management, infrastructure access, file, and media management are each the responsibility of a team. In addition, you may need someone within a team to have access to manage files but not to delete them; Or, as a freelancer, make a project's resources available only to project owners.
The access management system or IAM allows you to define for each member of your team only access to the resources they need and reduce the possibility of human errors in your infrastructure.
Basic Concepts
This section discusses the main and basic concepts of Arvancloud's access management system.
Organization
The organization is the largest working unit in accessibility concepts. Each organization consists of one or more workspaces and has an owner and several members. The organization in Arvancloud's user panel is equivalent to a user account, which will be owned by the creator at the time of its creation and will have a workspace by default.
Workspace
Each organization can have one or more workspaces. Each workspace is independent; That is, resources, members, and financial calculations are completely separate. Also, each user can be a member of one or more workspaces and switch between them.
Member
A user who is not the owner of the workspace but is invited to it by the owner of the workspace. After inviting a member, the owner of the workspace determines the access level of this user so that they can access only the resources they need.
Service
Each of Arvancloud's products is known as a service. For example CDN, Cloud Server, Object Storage, Cloud Container, and Video Platform. Also, different roles are predefined for each service that can be assigned to members.
Resource
Anything built into any service and managed by workspace members. For example, an instance in Cloud Server or a domain in CDN, each is one of the resources.
Resource Group
Several resources are placed in a category so that this group can be easily assigned to members. With the help of this feature, you can categorize your resources into several groups so that certain people have access to certain resources.
Access Policy
Access policies are a set of people and roles. These rules are defined for groups of resources and their combination determines which person has which role on which resources. One or more access policies can be created and defined for each resource group.
Machine User
In addition to user panel access, you can create virtual users (Machine Users) and define access policies for them like panel users to access groups of resources as you specify. This feature includes keys used to communicate with services via API.
Level
Currently, two levels of workspace and resources are defined in the access management system, and access policies are defined in these two levels.
The workspace level is provided on all public resources and services. For example, financial access and support are located in this section.
The resource level can also be used to define rules on predefined groups of resources.
IAM Functions
In general, to define access policies, you must go through the following steps:
Inviting members to a workspace
Creating groups of resources
Defining access policies for resources
It is also possible to define access at the workspace level. These accesses are related to all resources or departments for which resources are not defined, such as the accesses of the finance and support department.