Example of API Execution Authority Control¶
The contents below shows examples how to control API execution authority.
If allowing an user to operate the portal screens, the user needs to be linked with the group created at Example of Authority Setting to allow GET operation of management feature as well as the group created at Example of Authority Setting for controlling access to Keystone. . (Please refer to Notifications on Access to Portal Screens for further details.)
In addition, the user needs to be linked with groups which indivisually conduct API execution authority control (each user_defined_group in the picture below). The OR condition will be applied to these groups.
By creating multiple IAM groups and granting the authority to the user with the OR condition, more flexible control of API execution authority become available.