Home >Documents >Enterprise Cloud 2.0 Tutorial v2.43.3 > 2. Common Function > 2.1. Use NTT Com Business Portal (Business Portal) > 2.1.5. How to use Smart Data Platform IAM > 2.1.5.1. How to Use API Authority Control Function > API Permission Management Settings (Portal) >Creating IAM Group and Role

Creating IAM Group and Role

Creating IAM Group

Open the "IAM Groups" from the tab of the "API IAM Management" page, and click the "Add IAM Group" button.

IAM group list page

From the Add New IAM Group page, enter the IAM group name (required) and the IAM group description (optional). Click the "Add IAM Group" button.

Create new IAM group

Creating IAM Role

Open the "IAM Roles" from the tab of the "API IAM Management" page, and click the "Add IAM Role" button.

IAM group list page

From the Add IAM Role page, enter the IAM role name (required), IAM role description (optional), and resources (required). Click the "Add IAM Role" button. The resources can be freely described or a template can be used.

IAM group list page

Enter the condition that is used for API execution in JSON's object style to Resource. If there are multiple conditions and you intend to use the OR condition, connect the objects with comma (,). Here is an example:

{
  "basePath" : "/ecl-keystone",
  "ipAddress" : "*",
  "path" : "*",
  "verb" : "*"
}
for multiple conditions
{
  "basePath" : "/ecl-keystone",
  "ipAddress" : "*",
  "path" : "*",
  "verb" : "*"
},
{
  "basePath" : "/ecl-sss",
  "ipAddress" : "*",
  "path" : "*",
  "verb" : "GET"
}

The API permission control does not work for the Backup / Security operation screen. If you want to limit these operations, you can set the screen display for each user from the screen link below.

Backup Security control

When the link is pressed, a list of users to be restricted is displayed. Select the user you want to limit.

メニューユーザリスト

Set the availability of Backup and Security services. Users who are set to OFF will not be able to operate Backup and Security services from the menu.

Backup Security control

How to use IAM template

The template provided by Smart Data Platform can be used for IAM role resource settings. On the IAM role creation screen, click “Select from Template”.

IAM Role template's button

A list of templates is displayed. Select the "+" to expand the contents of the template. Click Select to post the template to the resource on the IAM role creation page.

Warning

When you select a template, the resource being written will be overwritten by the template. In addition, please input the items such as ID after selecting the template as appropriate.

IAM Role template list
Access to API Execution Authority Function
Editing and Deleting IAM Group/Role