Access control to specific resources
Last updated
Last updated
Address
VNG CorporationWhen you need to assign specific permissions on each resource, you need to create a Policy and specify the Resource correctly. In this tutorial, we will guide you to assign permissions on each server of vServer, for example when you have 2 servers: web1-server, db-server, and you want User: System1 to have full rights on all Resources of vServer. , but only full rights on Resource:server are web1-server, not allowing operations on the important server db-server . The model will look like below:
To set up IAM according to the above model, we will have the following steps:
Step 1 : Create User: System1 if you do not have a User Account (note that if you already have User: System1, make sure User: System1 does not have any rights or does not have rights that overlap with the instructions)
Step 2 : Get the ID information of the server web1-server
Step 3 : Create a Policy with the name vServerFullAccessWebServers that allows access to all resources of vServer, but only full rights on web1-server
Step 4 : Attach Policy: vServerFullAccessWebServers to User: System1
Step 5 : Log in and check the rights of User: System1
Detailed steps are as follows
Step 1: Create User: System1 if you do not have a User Account (note that if you already have User: System1, make sure User: System1 does not have any rights or does not have rights that overlap with the instructions)
Create a User Account by accessing the User Account tab on the IAM management page here , clicking Create a User Account, filling in Username and Password information, then clicking Create User Account
After successfully creating a User Account, it will be listed on the User Account page as below
Step 2: Get the ID information of the server web1-server
Visit the server management page here to get server ID information, click Copy ID at server web1-server to get the ID, save it for use in the next steps.
Step 3: Create a Policy with the name vServerFullAccessWebServers that allows access to all resources of vServer, but only full rights on web1-server
To create a Policy, go to the Policy tab on the IAM page here , click Create a Policy , name the Policy: vServerFullAccessWebServers and click Next step
Select Product : vserver and Actions : All vserver actions to select all vServer actions
Then in the Resource section, click on the Resource arrow to select Resource information, select Any for other Resource types, and Resource: server , click Add a server to add specific servers that are allowed to operate.
The popup displays you fill in the server ID information of web1-server , click Add to add.
At this point you will see Resouce information: the server already has the server ID of web1-server. If you want to add more server IDs, continue clicking Add a server to add. Then click Create Policy to create the Policy
Step 4: Attach Policy: vServerFullAccessWebServers to User: System1
After successfully creating Policy: vServerFullAccessWebServers, you proceed to attach this Policy to User: System1, you can do it in User Account or Policy, here we will guide in Policy, click on the name of the Policy to go to the details page. Policy details:
Select the Policy usage tab and click Attach to add User: System1
Select User: System1 and click Add
After adding User: System1 to Policy: vServerFullAccessWebServer, you will see information like below
Step 5 : Log in and check the rights of User: System1
Now you can log in to User: System1 to check permissions
Access vServer here , without logging into any account you will be redirected to the sign-in page, select " Sign-in With IAM User Account "
Fill in the root user email account information that User: System1 was previously created, IAM username and password information of User: System1, click Sign-in with IAM User Account
You will now see that User: System1 will have full rights on server web1-server and other resources of vServer.
Accessed web1-server's detail page successfully
Successfully shutdown web1-server:
Accessing db-server details page failed:
Failed to shutdown db-server:
So you have completed decentralizing User: System1 with full rights on all Resources of vServer, but only granting full rights on Resource: server: web1-server, not allowing operations on the important server, db. -server
