Create a Custom Role (Create Role with self -regulation rights)
Bizfly Cloud Identify and access management is a supporting service to manage and decentralize the services of Bizfly Cloud.
Access to Dashboard of IAM Service
The default roles of the system (updated over time)
Note:
- The default role of the system is that the user roles cannot manipulate or delete.
Create a new role
Enter the information about Role like role name, description.
Proceed to choose services, resources and rights when operating with the service for role custom
As above, when the user is invited to the project with the role named custom-role will have the right to view the details of the project when working with the project they are invited
Invite users to go to project with the Role to create or change the user’s role in advance through the role and create
Details of creating new and adding members (user) to the project you see in the item quickstart
Using the user account is invited to Dashboard system of Bizfly Cloud
Visit the IAM service, at the screen Projects management Please click on the project is invited
When switching to the tab List of Users list, a user error message will not have access to appear because when creating the Role only gives users the right to view Project details
To be able to access with more rights, please contact the Project’s OWNER owner, and ask them to consider granting additional rights
After adding the right to the role, please go back
Combine using custom role with condition (condition)
For a more objective perspective, we will use Cloud-Server as an example.
At the previously created role (custom role), we choose Edit Role -> Add new permissions and similar operations
Use the invited account to the Project with the previously created Role and access the Cloud-Server service.
Access to any server has been created.
Result
- We can see that the operations are still completely normal because it has previously given the rights such as viewing the list of servers/volumes, viewing details of a server/volume
Now we return to custom role has been created to conduct the next editing. At the permission section of Cloud-Server service, add condition.
The first is to choose Condition name
Khi chọn xong tên điều kiện sẽ có một dấu ? hiển thị phía cuối condition. Khi bấm vào sẽ hiển thị Tên điều kiện vừa chọn có nghĩa là gì. When the conditional name is finished, there will be a sign ? display at the end of the condition. When clicking on will display What does the condition just selected means.
Continue to choose Condition Type. Depending on Condition Name chosen, the conditions Condition Type displayed out to select will have different values. Basically, there will be 6 values as follows:
-
StringEquals: The resource you manipulate must be equal to the value you enter. For example, in this case, you choose Conditioner Name servers.uuid and the type of condition StringEquals means that the server you operate must have uuid equal to the value you enter in the value box.
-
StringNotEquals: The resource you manipulate must have a different condition than the value you enter.
-
StringEqualsIgnoreCase: The resource you manipulate must be equal to the value you enter, but there is no need to distinguish between capitalized and written characters.
-
StringNotEqualsIgnoreCase: The resource you manipulate must have a different condition than the value you enter without distinguishing between capital and normal writing characters.
-
StringLike: The resource you manipulate must have the same conditions as the value you enter. For example, the input value is
qzz897-665then you manipulate with conditional resources likeaqzz897-665973-xbncor95AXCAXC-AQZZ897-665K-X3CForXXVA-WADLMIH88-AQZZ897-665will be manipulated. -
StringNotLike: The resource you manipulate must have the same conditions as the value you enter. For example, the import value is
qzz897-665then you manipulate with conditional resources likeaqzz897-665973-xbncor95AXCAXC-AQZZ897-665K-X3CForXXVA-BAMVIH88-AQZZ897-665will not be manipulated.
Enter the value and proceed to confirm new/edit Role.
Carry out the newly created role/editing information.
Thus we have created a custom role with a combination of using condition. Check the user side invited to the role just created.
Return to Cloud-Server service and experience. Just now, they had setup Condition servers.uuid StringEquals`` a9139f1e-fdd4-43f7-a69a-6d88186a585a
Try accessing a server with an id different from the value set in the condition. Specifically in this example is b1d25961-1c84-45fb-8330-555704654711.
Try accessing another server with the same id with the set value in the condition a9139f1e-fdd4-43f7-a69a-6d88186a585a.
Result
- With the server with id
b1d25961-1C84-45FB-8330-555704654711do not display the information of the server anymore due to being blocked. - With the server with the equal id with the value set in condition, there is still normal information.
Now try changing the type of condition via StringNotEquals see why.
Go back to Cloud-Server service and try again.
Result
- With the server with id
B1D25961-1C84-45FB-8330-555704654711now displays the server information. - With the server with the equal id with the value set in condition now can not display the server information anymore.
Combined with other conditions.
Go back to Cloud-Server service and try again.
Result
- With volume with id equal to the value set in condition will get information of volume from api.
- With volume, there is a difference with the value set in condition that cannot get the information of volume from api.
Add other conditions and attach value to the value that the volume has just reported and cannot get information from api.
Result
- With volume, I reported that I could not get the information earlier now.
Still with such condacts now we try to add new rights to see if it works?
Here I will attach more the right to increase the hard drive capacity.
Result
- With volume with id equal to the value mounted in the condition, it is possible to increase the hard drive capacity.
- With volume, there is a difference with the value set in the condition, which cannot increase the hard drive capacity and have an error message.
Note
- Only combine the same
Conditional Typewith aCondition Name.