Cloud Services

ModernOps

IAM overview
Published On May 16, 2024 - 2:08 PM

IAM overview

Discover the new authorization model that manages out-of-the-box role based access controls, custom roles, access groups, access policies, and attribute based access controls.
The main benefit in this new Identity Access Management (IAM) authorization model is to improve the user experience and add value with the new features by increasingly converging all authorization and access management in one single place to better govern the capabilities of all Kyndryl Modern Operations Applications.
  • Brand new consistent and secure way to manage authorization in Kyndryl Modern Operations Applications in one single place.
  • Simple way to manage the right permission scopes to the right resources.
  • Intuitively assign permissions to the right group of users, and assign the right users to the right groups with the new Access Groups.
  • Implement an effective and consistent Attribute-based access control (ABAC) strategy across Kyndryl Modern Operations Applications.
  • Flexibility to group permissions for the specific needs of the organization by enabling the brand new Custom Roles.
  • Find familiarity with industry standard terminology and authorization models to easily comprehend and work with Kyndryl Modern Operations Applications.
    • Create a consistent Attribute-based access control (ABAC) and Role-based access control (RBAC) configurations across Administration, the subscriptions, and Common Services that is intuitive and simple to adopt.
  • Support the capability to manage ABAC for resources in the different cloud providers or any other technologies connected to the platform, making it easy to group resources in a secure manner.

Access Management concept comparison

The following table shows a comparison of the terminology used by each of the most common cloud providers in the industry. See how Kyndryl has integrated industry standards and adopted proven and widely used access management concepts.
Kyndryl Modern Operations Applications new authorization model
Concept description
IBM Cloud
Amazon Web Services
Azure
Google Cloud Platform
Kyndryl Modern Operations Applications Core legacy User Access
Users, Access Groups, Service IDs
Subjects added to the platform
Identities
Users, groups, and roles
User, group, service principal, managed identity
User accounts and service accounts. Supported identity types: Google Account, Service account, Google group, G Suite domain, Cloud Identity domain
Users, Organizations, Teams, Roles
Service IDs
ID for a service or application
Service IDs
Roles assigned to an app
User-assigned identity
Service accounts
N/A
API key
Credential used for a user or service ID
API key
Access Key
api-key
API key
User API key
Access Groups
Way to organize users and service IDs where all members of the group are assigned the same access
Access groups
Groups, roles
Active Directory groups
Google Groups
Team
Policy
Access assignment made up of a subject, target, and role
Policy
Policy
Role assignment
Policy
N/A
User ID, Access Group ID, Service ID
A user, service ID, or access group
Policy subject
An IAM user, group, or a role
Security principal
A resource
N/A
Roles
Collection of actions for a specific resource that are used as a building block to make an access policy
Roles
AWS-managed policy
Role definition
Predefined roles
Role
Custom Roles
Customer-defined and named role, including only the actions chosen by the user
Custom roles
Customer-managed policies
Custom roles
Custom roles
Custom roles
Permissions
What is allowed to be completed within the context of the platform or service
Actions
Actions
Permissions
Permissions
N/A
Resources
Target of an access policy
Resources
Resources
Resources
Resources
N/A
Resource Groups
Logical organization container for IAM-enabled services
Resource groups
Tags
Resource groups
Projects
N/A
Administration Audit Service
Audit with Activity Tracker
Auditing
Audit with AWS CloudTrail
Azure Logging and Auditing Activity logs
Audit with Audit logging
N/A
Do you have two minutes for a quick survey?
Take Survey