You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Background

Currently CloudStack provides very limited IAM services and there are several drawbacks within those services:

  • Offers few roles out of the box (user and admin) with prebaked access control for these roles. There is no way to create additional roles with customized permissions.
  • Some resources have access control baked into them. E.g., shared networks, projects etc.

Goal for this feature would be to address these limitations and offer true IAM services in a phased manner

Architecture and Design description

IAM Taxonomy

iamTaxonomy

Group

Group contains a number of CloudStack accounts. Customers should be able to Create, Edit, List and Delete Groups. Editing includes adding or removing accounts to or from a group. For backwards compatibility, out of box, CloudStack will provide 3 default groups:

  • Root Admin Group
  • Domain Admin Group
  • End User Group

Account

  • No labels