Skip to main content

Introducing IAM roles dedicated to Alert Center

· 4 min read
Kali (명시온)
Kali (명시온)
Service Manager
Management Update

📢 Alert Center permissions have been subdivided!

KakaoCloud Alert Center permission management has been improved so that more precise roles can be configured at the organization and project levels. This makes it possible to grant appropriate permissions to each user and operate notification policies more safely and efficiently.

In this post, we introduce what IAM roles dedicated to Alert Center are and how to use them effectively.

🔐 IAM and Alert Center permission structure

KakaoCloud IAM (Identity and Access Management) is a service that controls access permissions for cloud resources. IAM uses RBAC (Role-Based Access Control) so that only users granted specific roles can access the resources they need.

Previously, permissions for Alert Center resources could not be subdivided by organization or project, making it difficult to grant appropriate permissions to users who needed to manage only notifications for a specific organization or project. With this improvement, manager and viewer roles can now be assigned separately at the organization and project levels, enabling more flexible permission management.

In other words, if a user is responsible for managing Alert Center for the entire organization, an organization-level role can be granted; if a user needs to manage only notifications for a specific project, a project-level role can be granted.

🏢 Introducing roles dedicated to Alert Center

🏛️ Role management at the organization level

Organization-level Alert Center roles have permission to manage notifications generated by IAM and Billing services. To manage Alert Center resources within an organization, you must grant the Alert Center Organization Manager or Alert Center Organization Viewer role.

Organization Managers can view all Alert Center resources and directly manage notification policies and receiving channels. Organization Viewers can view all resources but cannot change settings. If Alert Center notification settings need to be changed, grant the Manager role; if only monitoring is needed, grant the Viewer role.

📌 Role management at the project level

Alert Center is used not only at the organization level but also at the project level. Project-level Alert Center roles have permission to manage notifications such as metrics, logs, and events generated in individual projects. If you need to manage notifications generated in a specific project, grant the Alert Center Project Manager or Alert Center Project Viewer role.

Project Managers can view all Alert Center resources in the project and manage notification policies and receiving channels. Project Viewers can view all resources but cannot change settings.

🚨 Changes starting March 18

With the introduction of the new permission system, appropriate roles must be assigned to use Alert Center features starting March 18.

✔️ Only organization or project administrators, or users with Alert Center roles, can manage resources.
✔️ Users without permissions can only view Alert Center resources and cannot view the recipient list of the default receiving channel.
✔️ Until March 18, resources in Alert Center can be created and deleted without roles, the same as before. In other words, to configure notification policies in Alert Center after March 18, appropriate roles must be assigned in advance at the organization or project level.

🔎 Use Alert Center more safely and flexibly

Although new roles dedicated to Alert Center have been added, users with existing IAM project roles can still use some features.

For example, users with the Project Member or Project Reader role can still view notification policies, receiving channels, and sending history in Alert Center. However, they cannot view the recipient list within receiving channels. In other words, basic monitoring is possible, but the new Alert Center roles are required for detailed notification management.

Alert Center is a service that detects various events and logs generated by cloud services and provides notifications. Through this subdivision of IAM roles, safer and more efficient permission management is possible at the organization and project levels. Please configure the required roles properly for stable system operations.

For more details, see Alert Center > Key concepts.

Thank you!