Home >Documents >Enterprise Cloud 2.0 Tutorial v2.43.3 > 2. Common Function > 2.1. Use NTT Com Business Portal (Business Portal) > 2.1.5. How to use Smart Data Platform IAM > 2.1.5.1. How to Use API Authority Control Function > Examples of API Authority Settings >Example of VM Operation Only User Setting

Example of VM Operation Only User SettingΒΆ

An example of an IAM role that allows a user to perform operations on a specified virtual server is as follows. Project_id is the tenant ID, and server_id is the instance ID you want to restrict the operation to.
This setting is provided by Nova Restricted Operation as a template.
 {
   "contract_id" : "econXXXXXXXXX",
   "iam_role_name" : "nova_restricted_operation",
   "description" : "Nova Restricted Operation",
   "resources" : [
       {
           "basePath" : "/ecl-nova",
           "ipAddress" : "*",
           "path" : "/v2/{project_id}/servers/{server_id}/*",
           "verb" : "*"
       }
   ]
}
By specifying the request URL, which locates later than the end point, to the path, the VM for operation is limited.
To accept all path indicated after server_id, * (asterisk) is used for specifying. If * (asterisk) is not used, only the API that uses the path of /v2/{project_id}/servers/{server_id} is executable control.
Link the IAM role above to nova_restricted_operation_grop.
Example of setting operation(Virutal machine)
Example of Read Only User Setting
Example of Global IP Specifying on Connecting Destination