You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pages/manage_and_operate/observability/logs_data_platform/iam_access_management/guide.en-gb.md
+9-5Lines changed: 9 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,9 +45,9 @@ This section details how to configure local user/identity groups and policies to
45
45
46
46
### Create a group for local users
47
47
48
-
By default, the least privileged group available for local users is read-only over all the products of your account. If you would like to have an even more restricted account able to read only shared data from your Logs Data Platform, we advise you to create a group with the role **None** and attach your local users to it. In the OVHcloud Control Panel, navigate to `IAM`{.action} {.action} > `Identities`{.action} > `User groups`{.action} to create such a group.
48
+
By default, the least privileged group available for local users is read-only over all the products of your account. If you would like to have an even more restricted account able to read only shared data from your Logs Data Platform, we advise you to create a group with the role **None** and attach your local users to it. In the OVHcloud Control Panel, navigate to `IAM`{.action} > `Identities`{.action} > `User groups`{.action} to create such a group.
49
49
50
-
{.thumbnail}
50
+
{.thumbnail}
51
51
52
52
You can then create a policy with the basic rights to access the OVHcloud Control Panel and attach it to the group. All your local users will be able to connect to the OVHcloud Control Panel. Navigate to `IAM`{.action} > `Policies`{.action} > `My Policies`{.action} to create this policy and attach it to the user group.
53
53
@@ -67,7 +67,9 @@ Creating a local user is fully documented in the [dedicated documentation](/page
67
67
68
68
### Create a policy for the service
69
69
70
-
You now need to create a policy in order to allow the local user to see the Logs Data Platform service inside the OVHcloud Control Panel. The goal here is to have access to the service only but without any sub resources visible (ie no streams, dashboards, indices, aliases or OpenSearch Dashboards instances). Navigate to `IAM`{.action} > `Policies`{.action} > `My Policies`{.action} to create this policy. Add the local user to your policy and select the **Logs Data Platform: service** product type to list your services in the *Resources* dropdown list and enable the panel of the *Actions* related to Logs Data Service.
70
+
You now need to create a policy in order to allow the local user to see the Logs Data Platform service inside the OVHcloud Control Panel. The goal here is to have access to the service only but without any sub resources visible (ie no streams, dashboards, indices, aliases or OpenSearch Dashboards instances). Navigate to `IAM`{.action} > `Policies`{.action} > `My Policies`{.action} to create this policy.
71
+
72
+
Add the local user to your policy and select the **Logs Data Platform: service** product type to list your services in the *Resources* dropdown list and enable the panel of the *Actions* related to Logs Data Service.
71
73
72
74
{.thumbnail}
73
75
@@ -102,7 +104,7 @@ One of the new feature available thanks to IAM is the ability to group sub-resou
102
104
103
105
To create a resource group, navigate to `IAM`{.action} > `Policies`{.action} > `Resource Groups`{.action}.
You need to select the product type (Dashboards, Streams, Alias, Index, OpenSearch Dashboards) and then select the specific resource you want to share.
108
110
@@ -120,7 +122,9 @@ Similarly to the previous policy, you need to add your local user and you need t
120
122
You can mix Resource Groups and specific resources in the same policy. All actions attached to the policy will be then be attached to all related sub-resources.
121
123
You have several actions for each sub-resource type. For brevity, this guide will not detail all the actions available for all the items.
122
124
123
-
Here are some use cases of several rights which can all be together in one policy showcasing the complexity enabled by IAM policies. Actions starting with **ldp:apiovh** are actions related to OVHcloud APIs (thus the control panel UI). The other actions are related to their specific backend: Graylog or OpenSearch.
125
+
Here are some use cases of several rights which can all be together in one policy showcasing the complexity enabled by IAM policies. Actions starting with **ldp:apiovh** are actions related to OVHcloud APIs (thus the control panel UI). The other actions are related to their specific backend: Graylog or OpenSearch.
126
+
127
+
**Click the following links to display the related examples:**
124
128
125
129
/// details | These actions give an access in read-only to one or several indices:
Copy file name to clipboardExpand all lines: pages/manage_and_operate/observability/logs_data_platform/iam_migration_to_iam/guide.en-gb.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,7 @@ If you use the role and permission system, we strongly recommend [migrating to I
47
47
48
48
The Graylog Web UI will now display an Identity Provider selector. You can find the username/password authenticator by selecting **Legacy username/password**. You can also try the OVHcloud IAM authenticator by selecting the appropriate provider (EU or CA).
0 commit comments