IAM Workflow Introduction

Last update:2022-06-09 12:17:15

CDNetworks IAM(Identity and Access Management) enables you to manage access to CDNetworks products/services and your service resources securely when you use Main Account.

This topic is described that IAM Work Overview before you get started using IAM to create your Sub Accounts and grant the permissions to allow and deny their access to your service resources.

The overall workflow is here.

  • Main Account gets the system policies that consist of default permissions and actions to perform functional operations of CDN products that you have contracted with CDNetworks.
  • Main Account can create a new user at the User Management in the CDNetworks Console.
    (When Main Account creates only a new Sub Account, there is no permission to access any functions and products.
    Main Account can decide to grant existed system policy or custom policy to the Sub Accounts by Main Account-self
    . If you don’t have any information on what policy is, please go to the article “Basic Concept”)
  • Main Account can grant system policy to subaccount to delegate the role to end-user.
  • Main Account can create a custom policy, and combine the actions into the custom policy as you need
  • Main Account can grant custom policy to Sub Account to delegate the role to end-user.
  • Main Account can assign Control Group to Sub Account to manage the acceleration domains by an end-user. (This step is available for manage CDN and security products)

墨西哥、多米尼加共和国新节点上线

In the diagram above, you can give each role of the persons and you want which functions are allowed to end-user A, which functions are not allowed to end-user A and other end-users are the same cases.

For your efficient IAM way, your Main Account is granted with all system policies for your products by default. Sub Accounts don’t have a policy by default, Main Account should grant policy to Sub Accounts so that Sub Accounts will have a custom policy. in the CDNetworks Console, we provide flexible IAM functions - user management, policy management, permission management, and Control Group management.

No Function Entrance Description Remarks
1 User Management IAM → Identities → Users Create Users: create Sub Accounts for end-users
Delete Users: delete Sub Accounts
Modify Basic Information: change the Display name and email address
Modify Login Settings: Reset Password, turn on/off Console Login
Add Permissions: Add/Update Policies to use functions.
2 Permission Management IAM → Permissions → Grants Assign/Revoke Permissions to Sub Account(s) for aligning policy to Sub Accounts.
3 Control Group Management IAM → Permissions → Control Group MGMT Create / Manage User-Customized Control Group
Assign Sub Accounts to use CDN domains(acceleration domains)
Main Account should use for CDN/Cloud Security Product
Not available for Cloud Storage, UC (User management component)
4 Policy Management IAM → Permissions → Policies Create / Delete policy to add allow/deny to actions
Set actions to allow or refuse(deny)for CDN/Cloud Security Products,
Main Account should use “Policy for functions” for CDN/Cloud Security Product.
Main Account should use “Policy with expression” for Object storage/UC.

As above tables, CDNetworks IAM has many functions to support your user-account management efficiently.

Tip:

  • Action means the element to perform some functional operations of products - e.g. view traffic charts or edit domain configuration on Console.
  • For CDN and security products, Main Account should grant both “policy for function” and should assign corresponding acceleration domains with users by “Control Group”
  • For the Other products (Object Storage, UC), Main Account should grant “Policy with expressions” to users, because “policy with expressions” includes both function and resources.
Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!