Cloud Services

ModernOps configuration

Access groups
Published On Sep 04, 2024 - 11:24 AM

Access groups

Learn how to manage access groups, which are groupings for organizing Users, Service IDs, or a combination of both into a single entity that facilitates assigning Access Policies to multiple subjects at a time.
The main benefit of having Access Groups is that you can add or remove Users or Service IDs to the Access Group, as well as assigning it one or more Access Policies that could continue to be managed in a centralized construct, instead of adding the same Access Policies individually to all the Users or Service IDs; this facilitates the onboarding experience by managing just a few steps in the process.
The following permissions are needed to be able to manage Access Groups and Access Policies. The
Platform Administrator
role, which is the out-of-the-box role granted to you when the account is first created, is the only role that includes all these permissions. Alternatively, as a
Platform Administrator
, you can create Custom Roles and assign them the Access Groups and Access Policies permissions.
Permission
Description
iam.accessgroups.view
Allow to view Access Groups
iam.accessgroups.create
Allow to create Access Groups
iam.accessgroups.update
Allow to update Access Groups
iam.accessgroups.delete
Allow to delete Access Groups
iam.accessgroups-rules.view
Allow to view Access Groups rules
iam.accessgroups-rules.add
Allow to add Access Groups rules
iam.accessgroups-rules.delete
Allow to delete Access Groups rules
iam.accessgroups-members.view
Allow to view Access Groups members
iam.accessgroups-members.add
Allow to add members to Access Groups
iam.accessgroups-members.delete
Allow to delete members to Access Groups

Accessing the Access Groups page

The Access Groups page allows you to create, edit, and view Access Groups. At the same time, you can add and remove users from the Access Groups, and even create an Access Policy into the Access Groups. In this way, you can control your access management needs quickly and efficiently.
To navigate into the Access Groups page, follow these steps:
  1. Access the IAM page.
  2. Select
    Access Groups
    from the left navigation bar of the page. A new page is displayed.
Once in the Access Groups page, you can perform a series of actions to personalize your access management needs, including the following:
  • Creating a new Access Group
    • Editing an Access Group
    • Deleting an Access Group
  • Adding Users to an Access Groups
    • Removing Users from an Access Groups
  • Adding Access Policies to an Access Group
    • Removing Access Policies from an Access Group
    • Viewing Access Policies
  • Adding Rules to an Access Group
    • Viewing, editing, and deleting rules
  • Adding Service IDs to an Access Group

Creating a new Access Group

  1. Click
    Add New
    .
  2. Select
    Add an Access Group
    . The Add Access Group page opens.
    In this page, complete the following information to add a new Access Group:
    • Access Group Name:
      Enter the name of the Access Group.
    • Description:
      Enter an optional description.
  3. Click
    Add
    to finish.
The
Access Group
list is automatically updated with the new Access Group been displayed.

Editing an existing Access Group

  1. Click the
    overflow menu
    next to the Access Group that you want to edit.
  2. Select
    View Details
    . The Details page for the Access Group selected opens.
  3. Click
    Settings
    and then
    Edit
    at the top of the page The Settings Details page opens.
  4. Make all necessary updates, and click
    Update
    to finish.
After Step 2, when you are in the Details page for the Access Group, you can also perform other actions, including the following:
  • Adding Users
  • Assigning Access Policies
  • Adding Service ID
Complete these actions by clicking
Add New
, and selecting the appropriate action.

Deleting an existing Access Group

  1. Click the
    overflow menu
    next to the Access Group that you want to edit.
  2. Select
    Delete
    , and confirm the deletion by typing the name of the Access Group.

Adding Users to an Access Group

To add a new User to this Access Group, follow these steps:
  1. Select the Access Group that you want to edit.
  2. Click
    Add New
    .
  3. Select
    Add Users
    . The
    Add Users to Access Group
    page opens.
  4. In this page, a dropdown menu displays a list of users that you can select from. Make your selection and click
    Add
    at the bottom of the page to finish.
The
Users
list from that specific
Access Group
is automatically updated and the new User is displayed.

Removing Users from an Access Group

To remove a User from an Access Group, follow these steps:
  1. Select the Access Group that you want to edit.
  2. Select
    Users
    from the left navigation bar, if not already selected.
  3. Click the
    overflow menu
    next to the User that you want to remove.
  4. Select
    Remove
    , and confirm the removal by typing the name of the user.
You can remove several users from an Access Group in bulk. To do so, select the checkbox next to each of the users and click
Remove
at the top of the Users list.

Viewing Users

To view all the Users in a particular
Access Group
, simply access the Access Group page and confirm that the
Users
tab is selected. You can use the filter and search capabilities to do more specific searches.

Adding Access Policies to an Access Group

You can assign Access Policies to resources depending on your level of access.
To add a new Access Policy to an Access Group, follow these steps:
  1. Access the
    Access Groups
    that you want to add an Access Policy to.
  2. Click the overflow menu and select
    View details
    .
  3. From the left navigation bar, select
    Access Policy
    .
  4. Click the
    Assign Access Policy
    button. A new page is displayed.
  5. Complete the following information:
    • Select Service:
      Select the service available from the dropdown menu.
    • Select Scope:
      Based on the service that you selected, click the radio button that applies to your selection:
      • If you select
        All resources
        , the Access Policy is assigned to all resources within the Access Group.
      • If you select
        Resources based on selected attributes
        , you can add acccess tags or attributes for a more specific access selection.
        • Access Tags: Select and access tag from the dropdown list. 
        • Attributes: Select an attribute from the dropdown list. You can add all the existent attributes by clicking the
          Add attribute +
          link.
          • Based on the attribute selected, select the
            attribute name
              and
            attribute value
            from the dropdown list.  The attribute operator is set equal by default. 
    • Select Role:
      Select the Platform role or roles that you want to assign to this Access Policy. You may also select one of the Custom Roles that you have created.
    A tag number lets you know how many permissions are associated to that specific role. Click said tag number to learn about the permissions' descriptions.
  6. Click
    Add
    at the bottom of the page to complete the request.
The
Access Policies
list from that specific
Access Group
is automatically updated and the new Access Policy is displayed.

Removing an Access Policy from an Access Group

To delete an Access Policy from an Access Group, follow these steps:
  1. Navigate to the
    Access Group
    page and select the
    Access Policies
    tab from the left navigation bar.
  2. Click the
    overflow menu
    next to the Access Policy that you want to remove.
  3. Select
    Delete
    , and confirm the deletion.

Viewing Access Policies

To view all the Access Policies associated to an Access Group, simply access the
Access Group
page and navigate to the
Access Policies
tab from the left navigation bar. This list of Access Policies displays specific information such as the services, roles, and resources. You can use the filter and search capabilities to do more specific searches.

Adding Service IDs to an Access Group

To add a Service ID to an Access Group follow these steps:
  1. Navigate to the Access Group of your choice.
  2. Click
    Add New
    .
  3. Select
    Add Service ID
    . The Add Service ID(s) to [Name of the Access Group] page opens.
  4. Select one or more Service IDs to be added.
  5. Click
    Add
    .
If all available Service IDs have already been assigned to the Access Group, a message lets you know of this.
Do you have two minutes for a quick survey?
Take Survey