Kyndryl Modern Operations Applications new authorization model | Concept description | IBM Cloud | Amazon Web Services | Azure | Google Cloud Platform | Kyndryl Modern Operations Applications Core legacy User Access |
---|---|---|---|---|---|---|
Users, Access Groups, Service IDs | Subjects added to the platform | Identities | Users, groups, and roles | User, group, service principal, managed identity | User accounts and service accounts. Supported identity types: Google Account, Service account, Google group, G Suite domain, Cloud Identity domain | Users, Organizations, Teams, Roles |
Service IDs | ID for a service or application | Service IDs | Roles assigned to an app | User-assigned identity | Service accounts | N/A |
API key | Credential used for a user or service ID | API key | Access Key | api-key | API key | User API key |
Access Groups | Way to organize users and service IDs where all members of the group are assigned the same access | Access groups | Groups, roles | Active Directory groups | Google Groups | Team |
Policy | Access assignment made up of a subject, target, and role | Policy | Policy | Role assignment | Policy | N/A |
User ID, Access Group ID, Service ID | A user, service ID, or access group | Policy subject | An IAM user, group, or a role | Security principal | A resource | N/A |
Roles | Collection of actions for a specific resource that are used as a building block to make an access policy | Roles | AWS-managed policy | Role definition | Predefined roles | Role |
Custom Roles | Customer-defined and named role, including only the actions chosen by the user | Custom roles | Customer-managed policies | Custom roles | Custom roles | Custom roles |
Permissions | What is allowed to be completed within the context of the platform or service | Actions | Actions | Permissions | Permissions | N/A |
Resources | Target of an access policy | Resources | Resources | Resources | Resources | N/A |
Resource Groups | Logical organization container for IAM-enabled services | Resource groups | Tags | Resource groups | Projects | N/A |
Administration Audit Service | Audit with Activity Tracker | Auditing | Audit with AWS CloudTrail | Azure Logging and Auditing Activity logs | Audit with Audit logging | N/A |