Home >Documents >Enterprise Cloud 2.0 Tutorial v2.43.3 > 2. Common Function > 2.1. Use NTT Com Business Portal (Business Portal) > 2.1.5. How to use Smart Data Platform IAM > 2.1.5.1. How to Use API Authority Control Function > Examples of API Authority Settings >Example of Read Only User Setting

Example of Read Only User SettingΒΆ

An example of the IAM role for read only users are as follows:
This setting is provided by READ ONLY as a template.
{
   "contract_id" : "econXXXXXXXXX",
   "iam_role_name" : "read_only",
   "description" : "Read Only Permission",
   "resources" : [
       {
           "basePath" : "*",
           "ipAddress" : "*",
           "path" : "*",
           "verb" : "GET"
       }
   ]
}

Link the IAM role above to read_only_group.

../../../../../_images/read_only_user1.png
If you want to permit the console access from a virtual server or baremetal server, the permission to POST API is required. (Ref. Get console in 1.1. Virtual Server (Nova) and Get Management Console in 2.2. Server Actions )
With the settings instructed below, you can permit each console access's console access.
This setting is provided by Server Console Access as a template.
{
   "contract_id" : "econXXXXXXXXX",
   "iam_role_name" : "console_access",
   "description" : "Nova/Baremetal Console Access Permission",
   "resources" : [
       {
           "basePath" : "/ecl-nova",
           "ipAddress" : "*",
           "path" : "*",
           "verb" : "POST",
           "os-getVNCConsole" : "*",
           "type" : "novnc"
       },
       {
           "basePath" : "/ecl-baremetal-server",
           "ipAddress" : "*",
           "path" : "*",
           "verb" : "POST",
           "os-getManagementConsole" : "*"
       }

   ]
}
Example of Authority Setting for permitting GET Operation of Management Function
Example of VM Operation Only User Setting