What Is IAM

Introduction to IAM

IAM (Identity and Access Management) is the identity and access management feature provided by CDNetworks, helping you centrally manage user identities and their access rights under your account. With IAM, you can create multiple IAM users under the same main account and assign product, resource, and operation permissions according to different personnel responsibilities, enabling more secure and flexible permission management.

CDNetworks automatically assigns a main account to each customer. The main account has full administrative rights over all purchased products, services, and resources.

When you need to assign different products or resources to be managed by different personnel, you can use IAM to create IAM users (sub-accounts) and grant them the appropriate permissions, enabling role-based and responsibility-based access control.

Advantages of Using IAM

In real-world enterprise scenarios, multiple teams or members often jointly manage resources under the same platform account. For example:

• Assign operations personnel to manage daily configuration and resource maintenance
• Assign security staff to manage security policies and access control
• Allow developers to handle API calls and application integrations
• Enable different departments to manage different products or business units separately

If all personnel operate with the main account, it may result in account sharing, excessive permissions, and unclear management responsibilities.

With IAM, you can:

• Create independent accounts for different members
• Assign the minimum necessary permissions on demand
• Avoid sharing the main account among multiple users
• Enhance account security and standardize management
• Enable clearer responsibility delineation and auditing management

Core Capabilities of IAM

Centralized Management of Main Account

The main account is the primary entity for resource ownership, usage measurement, and billing on the platform. It holds full control over all resources and can access all enabled products and services.

Create and Manage IAM Users

You can create multiple IAM users under the main account and centrally manage their basic information and access methods.

Assign Permissions to Users

Based on different roles or responsibilities, you can assign one or more permission policies to IAM users to control their accessible products, resource scopes, and permitted actions.

Access Control Methods

You can restrict IAM user access conditions, such as allowing access to specified resources only during certain times, from specific network environments, or via secure methods, to enhance account security.

By configuring access policies, you can effectively prevent account misuse risks.

Centralized Resource Management

All account resources are always centrally managed by the main account. Even if there are changes in personnel positions or staff departures, resources and data remain under the main account, making continuous management and handover more convenient.

Applicable Scenarios for IAM

IAM is suitable for business scenarios that require multi-user collaboration, role-based management, and fine-grained permission control, such as:

• Different departments manage different products separately
• Different roles have different operational permissions
• Restrict some users to only view or only manage designated resources
• Provide API access capabilities for developers
• Strengthen account security management and avoid sharing the main account

Example: Assigning Management Permissions by Department

If you use multiple products simultaneously and require different departments to manage each, you can achieve fine-grained authorization through IAM. For example:

• Department A Is Responsible for Managing Specified Business Products
• Department B Is Responsible for Storage or Resource Service Management

In the main account, you can create individual IAM users for personnel in different departments and grant them the appropriate product management permissions. Each department can only access products and resources relevant to their responsibilities, which facilitates management and reduces the risk of operational errors.

Assign permissions by department to effectively achieve fine-grained role management and enhance security.

Basic Operation Procedures

1. Log in to the customer console using the main account.
2. Go to IAM (Access Control).
3. Create an IAM User and enter the user information.
4. Configure the user’s login method or API access method as needed.
5. Grant the appropriate permission policies to the IAM User.
6. After completing the configuration, the corresponding user accesses authorized features and resources using their individual account.

After the procedure is implemented, organizational members can access their respective resources according to their permissions, ensuring security and control.