Expand the right to the tag
Bizfly Cloud Identify and Access Management is a support service to manage and decentralize the services of Bizfly Cloud. Currently, besides supporting the assignment of existing Role (Member, Maintainer, ETC), Bizfly Cloud also supports the custom roles (custom role) created by users. However, one inadequacies are in some situations to be able to use with the expansion of powers (Permission) or inherit the Role for some organizations with a large scale that can be difficult to customize and create more custom roles. To solve this problem, Bizfly Cloud has an additional feature that allows users to expand the Role’s powers.
So what is the tag ?
Tag is a feature that allows users to assign “labels” to objects to use the same purpose. For the system Bizfly Cloud, “Tag” will help users to be able to expand the permission (permission) through the inheritance of the role without having to change the user’s Role. For example, 2 users A, B (user) are assigned the “Cloud Server“ role with the right to operate the “Cloud Server“ service. However, in a temporary specific situation or expanding the rights of user B with the desire, the manager needs to create another custom role (including CDN and CS) so that User B has authority.
To solve this problem, the Bizfly Cloud side provides additional tag features for managers to expand or inherit the user’s rights without having to change the Role.
Access to Dashboard of IAM Service
Select Sidebar Tab on the left corner of IAM’s screen interface to enter the Tag management interface and click “Add new tag”
The new display of the new tag will appear, enter the necessary information.
Note: Users will need to select specific projects with specific tags.
In this example, we will create 2 roles that are servers with CDN corresponding to the right label to manipulate with the corresponding Cloud Server and CDN services. After creating the necessary tags the tag screen will display as follows
Then we will go to the Role interface to proceed to create 2 corresponding roles of the power to allow users to manipulate with Cloud Server and CDN in Project Devops_Test@vccloud.vn
Here we will create Role Server has access to the service Cloud Server in Project devops_Test@vccloud.vn
Similarly, we will create Role CDN with access to CDN service in Project devops_test@vccloud.vn
After creating, we will have 2 custom roles (custom role) displayed in the role interface of IAM
Next, please pay attention in each role there will be an additional “assigning the tag here”, clicking and proceeding to create the tag label that we have created earlier.
Note: When the user type the desired tag label, it is necessary to enter the system to record as in the picture then proceed to confirm it to update.
Results after updating for 2 custom roles (custom roles)
Next to be able to decentralize the user or move to the user management interface and proceed the same with the design tag
Update the tag labels just now we have assigned in the role interface for the user that we want to expand the authority.
One note is in inheritance, the back tag will record the previous tag (if corresponding to the Role assigned that tag has powers - Permission duplicates each other)
For example, role CS 1 with tag CS1 has access to server A, role CS2 tag cs2 does not have access to server A. So after assigning user A to tag cs1, cs2, the user A will not have access to server A because the cs2 tag behind the tag will be overwritten.
Results of powers
Thus, the user account assigned will have access to the service system Cloud Server and CDN.
In case the manager then only wants the user account to be only accessible to the CDN, it is possible to remove the TAG server and the user will no longer have to go to the service Cloud Server anymore