English
Our Service
Other service

IAM for vStorage

IAM is essential to protecting resources within vStorage services. Without proper access control, unauthorized users can access sensitive data or disrupt critical operations. IAM helps enforce the principle of least privilege, minimizing potential attack surfaces and protecting your server resources from unauthorized access and data compromise.

1. Getting Started with IAM

This guide is intended to guide users to quickly get started with IAM in vStorage services by using the default permission (defined by VNG Cloud Managed Policies) for the vStorage system called vStorageFullAccess.

  1. Accessing the IAM Console

  • Open your web browser and access the IAM Console URL: https://hcm-3.console.vngcloud.vn/iam/

  • Log in as a Root User Account or a User Account with access rights. You will need to provide a username/email and password when logging in.

  • After logging in, you will see the IAM Console interface, which provides an overview of your IAM configuration.

  1. Create a new IAM User Account

  • Click "Create user" in the left menu

  • Click "Create a user account."

  • Enter the user account details, including username and password.

  • Review the settings and click "Create user account" in the upper right corner.

  1. Access the vStorage Portal with the IAM User Account

  • Open your web browser and go to the vStorage website URL: https://console.vstorage.vngcloud.vn/

  • Remember to log out of the Root User account and log in with the IAM User Account created in step 2.

  • After logging in, you will see an overview of the vStorage website.

  • Try to access the Network, Server, Bock store, Load balancer, Container & Billing pages, you will see a notification about limited permissions as below.

Notice

  • The IAM User Account created in Step 2 does not currently have permissions to perform actions on the vStorage cloud service.

  • To grant permissions to the above IAM User Account, refer to the instructions in Step 4 below. Note that this guide provides an example of vStorageFullAccess.

4. Assign Permissions to IAM Accounts

  • Open your web browser and go to the IAM Console URL: https://hcm-3.console.vngcloud.vn/iam/

  • Log in as the Root User account. You may need to provide a username and password or use other authentication methods such as single sign-on (SSO) if configured.

  • Once logged in, you will see the IAM Console interface, which provides an overview of your IAM configuration.

  • Click on "User account" in the left menu.

  • Search for an IAM user account by entering the username in the search box.

  • Click on the row containing the IAM user account information in the search results.

  • By default, you will see the "Permission" tab on the IAM user account details page.

  • Click on the "Attach policies" button and then you will see a dialog box appear containing all the Policies.

  • Search for the vStorageFullAccess policy by entering its exact name in the search box.

  • Tick the result and click the "Attach" button in the lower right corner of the dialog box.

5. Re-Access the vStorage Portal with an IAM User Account

Re-Access the vStorage Portal by following the instructions in Step 3, and then you can access all sections of the vStorage Portal after assigning the vStorageFullAccess policy to the IAM user account.

2. List of VNG Managed Policies

VNG Managed Policy is an IAM Policy created by default by the VNG Cloud IAM system. These Policies are managed by VNG Cloud itself to support users in quickly setting up the necessary access rights for IAM user accounts for resources of each specific Product. Let's find out the list of VNG Managed Policies for vStorage:

  • vStorageAPIFullAccess: Includes full access to vStorage system resources via the public API

  • vStorageIAMUserFullAccess: Includes full access to vStorage's IAM system.

  • vStorageAPIReadOnlyAccess: Only includes Read access to vStorage system resources via public API

  • vStorageFullAccess: Includes full access to vStorage system resources

  • StorageClientToolReadOnlyAccess: Only includes Read access to vStorage system resources from Client Tools

  • vStorageReadOnlyAccess: Only includes Read access to vStorage system resources

  • vStorageClientToolFullAccess: Includes full access to vStorage system resources from Client Tools

  • vStorageIAMUserReadOnlyAccess: Only includes Read access to vStorage IAM system.

  • vStorageNormalAccess: Includes full access to vStorage system resources (except for actions related to vStorage - Billing system)

3. Explore IAM for vStorage in Detail

Learn more about IAM for vStorage: Identity and Access Management (IAM) for vStorage

Learn more about IAM:

  • IAM Identity

  • Common Use Cases for IAM

PreviousIAM for vServerNextIAM for vMonitor

Last updated

Logo

Address

VNG Corporation

Contact us

support@vngcloud.vn1900 1549

About us

About VNG CloudGet started our cloud