Access control to specific resources

When you need to assign specific permissions on each resource, you need to create a Policy and specify the Resource correctly. In this tutorial, we will guide you to assign permissions on each server of vServer, for example when you have 2 servers: web1-server, db-server, and you want User: System1 to have full rights on all Resources of vServer. , but only full rights on Resource:server are web1-server, not allowing operations on the important server db-server . The model will look like below:

To set up IAM according to the above model, we will have the following steps:

Step 1 : Create User: System1 if you do not have a User Account (note that if you already have User: System1, make sure User: System1 does not have any rights or does not have rights that overlap with the instructions)

Step 2 : Get the ID information of the server web1-server

Step 3 : Create a Policy with the name vServerFullAccessWebServers that allows access to all resources of vServer, but only full rights on web1-server

Step 4 : Attach Policy: vServerFullAccessWebServers to User: System1

Step 5 : Log in and check the rights of User: System1

Detailed steps are as follows

Step 1: Create User: System1 if you do not have a User Account (note that if you already have User: System1, make sure User: System1 does not have any rights or does not have rights that overlap with the instructions)

Create a User Account by accessing the User Account tab on the IAM management page here , clicking Create a User Account, filling in Username and Password information, then clicking Create User Account

After successfully creating a User Account, it will be listed on the User Account page as below

Step 2: Get the ID information of the server web1-server

Visit the server management page here to get server ID information, click Copy ID at server web1-server to get the ID, save it for use in the next steps.

Step 3: Create a Policy with the name vServerFullAccessWebServers that allows access to all resources of vServer, but only full rights on web1-server

To create a Policy, go to the Policy tab on the IAM page here , click Create a Policy , name the Policy: vServerFullAccessWebServers and click Next step

Select Product : vserver and Actions : All vserver actions to select all vServer actions

Then in the Resource section, click on the Resource arrow to select Resource information, select Any for other Resource types, and Resource: server , click Add a server to add specific servers that are allowed to operate.

The popup displays you fill in the server ID information of web1-server , click Add to add.

At this point you will see Resouce information: the server already has the server ID of web1-server. If you want to add more server IDs, continue clicking Add a server to add. Then click Create Policy to create the Policy

Step 4: Attach Policy: vServerFullAccessWebServers to User: System1

After successfully creating Policy: vServerFullAccessWebServers, you proceed to attach this Policy to User: System1, you can do it in User Account or Policy, here we will guide in Policy, click on the name of the Policy to go to the details page. Policy details:

Select the Policy usage tab and click Attach to add User: System1

Select User: System1 and click Add

After adding User: System1 to Policy: vServerFullAccessWebServer, you will see information like below

Step 5 : Log in and check the rights of User: System1

Now you can log in to User: System1 to check permissions

Access vServer here , without logging into any account you will be redirected to the sign-in page, select " Sign-in With IAM User Account "

Fill in the root user email account information that User: System1 was previously created, IAM username and password information of User: System1, click Sign-in with IAM User Account

You will now see that User: System1 will have full rights on server web1-server and other resources of vServer.

Accessed web1-server's detail page successfully

Successfully shutdown web1-server:

Accessing db-server details page failed:

Failed to shutdown db-server:

So you have completed decentralizing User: System1 with full rights on all Resources of vServer, but only granting full rights on Resource: server: web1-server, not allowing operations on the important server, db. -server