2 posts tagged with "access"

KakaoCloud resource hierarchy

Hello, KakaoCloud IAM (Identity and Access Management) is a service that lets you manage access and control permissions for cloud resources and user groups.

Recently, KakaoCloud released the Reader role for both the 'Organization' and 'Project' levels in IAM.

An 'Organization' is the top-level concept in the KakaoCloud hierarchy and can be viewed as a cloud domain. A 'Project' is a group that can own service-level resources and is a lower-level hierarchy within an organization. At both the organization and project levels, the Reader role is fundamentally granted only permission to view information or resources within the corresponding group.

• A user granted Reader permission at the organization level can view the organization's information and all project information within that organization. However, the user cannot view or manage resources other than project information. It is an organization-level role with minimal permissions compared with Organization Owner and Organization Admin.

• Project Reader is also a permission configured only to view resources by project. It is one permission level lower than Project Member and can view resources owned within the project. To create, read, update, or delete resources beyond resource viewing, a user must be granted Project Member or higher permissions.

With the addition of the Reader role at the organization and project levels, permissions can now be created more granularly based on users' affiliations and responsibilities within an organization. The changed IAM role system applies equally to all KakaoCloud regions.

For more information about role management in KakaoCloud, see the IAM role management documentation.

We will continue working to provide safer and more convenient cloud services.

Thank you.

Hello, we are announcing changes to the Object Storage permission system.

The permission system of Object Storage is slightly different from the IAM permission system. Unlike IAM, Object Storage has detailed roles so that permissions can be configured not only for buckets but also for individual objects.

In this release, the "Storage Viewer" role has been added to Object Storage permission settings. This role is granted permission to view bucket metadata information and object metadata.

With this change, users with the "Project Reader" permission in IAM roles are granted the "Storage Viewer" permission in Object Storage. In addition, "Project Admin" in IAM roles is granted the "Storage Admin" permission in Object Storage roles, and "Project Member" is granted the "Storage Editor" permission. This part remains unchanged from before.

For more detailed role definitions, see the following image comparing IAM and Object Storage roles. This role system applies to both kr-central-1 and kr-central-2.

Permission setting architecture

In the console, you can add or modify the new "Storage Viewer" role for members in the [Add role] pop-up window in the same way as before.

Bucket role settings

For instructions on creating and managing buckets with detailed role configuration, see the detailed tutorial guide.

KakaoCloud users can use object-based storage optimized for storing and processing large volumes of data as objects in Object Storage. For more information about Object Storage, which enables more precise permission management through role-based access control, see the technical documentation.

We will continue working to provide safer and more convenient cloud services.

Thank you.