Verifying API AuthorityΒΆ
With APIs, the information below are available to be referred.
IAM Group List
IAM Role List
IAM Group User List
IAM Role Details
Note
By obtaining the IAM Group List, it becomes available to refer to the IAM Role List linking with the IAM Group.
See Smart Data Platform IAM API Reference for details.
To make sure the authority setting has been made appropriately, check the items below:
Check item |
Contents to be checked |
---|---|
Execution of Keystone API |
Whether or not the IAM Group and IAM Role that permit Keystone API execution have been created and linked each other. Whether or not the User List linked with the IAM Group that permits Keystone API execution has been obtained and the relevant user's User ID appears.
(Obtain Keystone's iam_group_id at IAM Group List , and confirm whether or not the relevant user's User ID has been linked appropriately at IAM Group User List .)
|
Linkage between IAM Group and
the relevant user
|
Whether or not the User List linked with the created IAM Group has been obtained and the relevant user's User ID appears.
(Obtain the IAM Group's iam_group_id that was created at IAM Group List , and confirm whether or not the relevant user's User ID has been linked at IAM Group User List .)
|
Linkage between IAM Group and
the IAM Role
|
Whether or not the IAM Group List has been obtained and the created IAM Role's ID and Name for the created Group appear.
(Confirm whether the created IAM Group and the created IAM Role have been linked each other at IAM Group List .)
|
Deletion of the linkage between the Default Group and
the relevant user
|
Whether or not the User List linked with the Default Group has been obtained and the relevant user's User ID doesn't appear.
(Obtain the Default Group's iam_group_id at IAM Group List , and confirm whether or not the relevant user's User ID is linked at IAM Group User List .)
|
No any linkage between the relevant user and other
IAM Group
|
Confirm the user is not linked with any other IAM Group which the client has created. If the user is linked with multiple IAM Groups, the OR condition will be applied.
(Obtain iam_group_id of the IAM Group List at IAM Group List , and confirm the relevant user is not linked with each IAM Group at IAM Group User List .)
|
Confirming IAM Role description |
Obtain details of the created IAM Role, and confirm whether or not the resource descriptions has correctly what the user want to limit.
(Obtain iam_role_id of the IAM Role List at IAM Role List , and confirm whether or not the descriptions created for IAM Role has correctly reflect what the user want to limit at IAM Role Details .)
|
Permission on GET Operation Execution
(If the relevant user uses GUI.)
|
Whether or not the IAM Group and IAM Role which permit GET operation have been created and linked each other. The user list of IAM Group permitting GET operation has been obtained, and the relevant user's User ID appears.
(Obtain iam_role_id of IAM Group that permit GET operation at IAM Role List , and confirm whether or not the relevant user has been linked at IAM Group User List .)
|