Access Management
With the Identity & Access Management (IAM) feature, you can securely manage access to ArvanCloud's Cloud Server resources.
If you are a freelancer with multiple projects or own a large business with many professionals, you need to assign access to each of your user panel resources to different people. For example, in a large organization, you may want someone to be able to create instances but not be able to delete them. Or as a freelancer, you need to share the resources of each project with the owner of that project.
The access management system or IAM gives you the possibility to specify who and under what conditions can access the services and resources of your Cloud Server.
1st Step: Invite Members
If you haven't created a workspace in your user account or added other members of your team or organization to it, you can invite your colleagues to your user account with the help of the following guides:
2nd Step: Create a Resource Group
Now that you've added new members to your account, it's time to create a Resource Group. In the ArvanCloud IAM system, a number of resources that fall into a category are called resource groups.
The resource group allows you to assign access to other members more easily. With this feature, you can categorize your resources into several groups so that certain people have access to certain resources.
Note that you can manage access to all resources of a workspace without creating a resource group. For this purpose, you can define a policy at the workspace level as explained in the next step.
To create a resource group, enter your account's "Settings" and go to the "Resources" section from the Workspace menu.
By clicking on the Create Resource Group button, you will enter the following page and it is possible to view and select all your active services. All instances, disks, private networks, floating IPs, snapshots, and firewall groups on your workspace will be displayed in the Cloud Server section.
Select the resources you want to manage access to and click Confirm.
These groups can always be viewed, edited, and deleted from the Resource Management section.
3rd Step: Add Rules
In the ArvanCloud IAM system, it is possible to define rules at the workspace and resource group levels. At the workspace level, the rule applies to all the resources of that workspace, and at the resource group level, it applies only to the resources in that group.
- To define a rule on a group of resources, enter the Resource Management section and click the "Add Rule" button in front of the group of resources you want.
- To define a rule at the workspace level, enter the Resource Management section and select the Add Rule option from the "Actions" section.
On the page that opens, you can determine the access required for each user.
On this page, in addition to general information such as the name and description, there are three important parts:
Users: In this section, select all the members who are supposed to have a role in this rule.
Machine Users: Here, define the virtual users who are supposed to access the products with the API.
Roles: In this section, specify the access that users should have from among the following roles:
- IaaS Administrator has access to view, change and delete resources.
IaaS Contributor can view or modify resources, but cannot delete resources.
- IaaS Viewer can only view resources and cannot make any changes.
After entering the settings, click the "Save" button and your rule will be applied. You can also view, edit and delete rules in the "Policies" section of the workspace menu.
After creating any resource in ArvanCloud Cloud Server, it is recommended to specify its access level in this section.