Background

Currently CloudStack provides very limited IAM services and there are several drawbacks within those services:

• Offers few roles out of the box (user and admin) with prebaked access control for these roles. There is no way to create additional roles with customized permissions.
• Some resources have access control baked into them. E.g., shared networks, projects etc.

Goal for this feature would be to address these limitations and offer true IAM services in a phased manner

Architecture and Design description

IAM Taxonomy