The Elastic Volume Service (EVS) now also supports the assignment of granular access permissions at "action level" via the Identity & Access Management Service (IAM). This allows you to create permissions for individual actions. An example of this would be to grant permission to create or delete snapshots only to individual users or groups of users.
You can now easily configure this via the "Custom Policy Designer", which is available to you via the IAM Service (Tab: "Permissions", via "Create Custom Policy"). You can select from 52 individual actions for which you can assign individual permissions. These actions can not only be "granted", but also explicitly prohibited.
The access authorization can be linked to further conditional parameters. These must be met before the user is then allowed to perform the corresponding action. For example, permissions can be bound to time periods. This allows you to issue authorizations only for certain periods of time, which then expire at a certain time.
Below you will find again the short overview of the update:
Permissions can be
- be set up on action level (51 individual actions in total)
- be allowed or explicitly prohibited
- can now also be linked to conditions
Please be informed that IAM fine grained policies are currently given for DE only. Feel free to refer to the OTC documentation for more information.
Further information can be found in the EVS area of the Help Center.