You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
IBM Cloud Identity and Access Management (IAM) controls who can access your resources and what they can do. Properly configured IAM is the foundation of a secure IBM Cloud environment.
When you sign up for IBM Cloud, you create an account. The account owner has full control over:
| Type | Description |
|---|---|
| Lite | Free, no credit card required, access to Lite plan services |
| Pay-As-You-Go | Full catalogue access, pay only for what you use |
| Subscription | Commit to monthly spending for discounts |
You can invite users to your IBM Cloud account by email. Each user gets:
Access groups let you organise users and assign permissions collectively:
Access Group: Cloud-Developers
├── User: alice@example.com
├── User: bob@example.com
└── User: charlie@example.com
→ Policy: Editor role on all Kubernetes resources
→ Policy: Viewer role on Cloud Object Storage
Best practice: Always assign policies to access groups, not individual users.
IBM Cloud IAM uses roles to define what actions a user can perform:
Control access to platform-level actions (managing resources, viewing billing):
| Role | Description |
|---|---|
| Viewer | View resources and their details |
| Operator | View resources and perform platform actions (e.g., restart) |
| Editor | Create, update, and delete resources |
| Administrator | Full access including managing access policies |
Control access to service-specific actions (reading data, invoking APIs):
| Role | Description |
|---|---|
| Reader | Read-only access to service data |
| Writer | Read and write access to service data |
| Manager | Full control over the service including configuration |
For fine-grained control, you can create custom roles that combine specific actions.
An access policy grants a role to a user or access group on a specific scope:
Policy:
Subject: Access Group "Cloud-Developers"
Role: Editor (Platform) + Writer (Service)
Target: All resources in resource group "Production"
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.