The Elastic Volume Service (EVS) now also supports the assignment of granular access permissions at "action level" via the Identity & Access Management Service (IAM) in the NL region. This allows you, for example, to create permissions for individual actions. An example of this would be that you only grant permission to create or delete snapshots to individual users or user groups.
You can now easily configure this via the "Custom Policy Designer", which is available to you via the IAM Service (Tab: "Permissions", via "Create Custom Policy"). A total of 52 individual actions are available to you, for which you can assign individual permissions. These actions can not only be "granted" but also explicitly prohibited.
The access authorisation can also be linked to further condition parameters. These must be met before the user is then allowed to perform the corresponding action. For example, authorisations can be linked to time periods. This allows you to issue authorisations only for certain periods of time, which then expire again at a certain time.
Below you will find a brief overview of the update:
Permissions can be
- set up at action level (a total of 51 individual actions)
- allowed or explicitly forbidden
- now also linked to conditions.
Further information can be found in the OTC-Documentation.