You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
Background
Currently CloudStack provides very limited IAM services and there are several drawbacks within those services:
- Offers few roles out of the box (user and admin) with prebaked access control for these roles. There is no way to create additional roles with customized permissions.
- Some resources have access control baked into them. E.g., shared networks, projects etc.
Goal for this feature would be to address these limitations and offer true IAM services in a phased manner
Architecture and Design description
IAM Taxonomy