Example of Read Only User Setting

An example of the IAM role for read only users are as follows:
This setting is provided as a template named READ ONLY.
{
   "contract_id" : "econXXXXXXXXX",
   "iam_role_name" : "read_only",
   "description" : "読み取り専用IAMロール",
   "resources" : [
       {
           "basePath" : "*",
           "ipAddress" : "*",
           "path" : "*",
           "verb" : "GET"
       }
   ]
}

Link the IAM role above to read_only_group.

../../../../../_images/read_only_user1.png
If you want to permit the console access from a virtual server or baremetal server, the permission to POST API is required. (Ref. Get console in 1.1. Virtual Server (Nova) and Get Management Console in 2.2. Server Actions )
With the settings instructed below, you can permit each console access's console access.
This setting is provided by Server Console Access as a template.
{
   "contract_id" : "econXXXXXXXXX",
   "iam_role_name" : "console_access",
   "description" : "VM/Baremetal Serverへのコンソールアクセスを許可するIAMロール",
   "resources" : [
       {
           "basePath" : "/ecl-nova",
           "ipAddress" : "*",
           "path" : "*",
           "verb" : "POST",
           "os-getVNCConsole" : "*",
           "type" : "novnc"
       },
       {
           "basePath" : "/ecl-baremetal-server",
           "ipAddress" : "*",
           "path" : "*",
           "verb" : "POST",
           "os-getManagementConsole" : "*"
       }

   ]
}