Skip to main content

Configure access control

To strengthen security, you can use per-key access control to manage who can access each key.
Selectable subjects are users, groups, service accounts, and service agent accounts in same project, and actual permissions follow corresponding IAM roles.

Enable access control

If access control is not enabled, you can change it to Enable access control.

  1. Go to KakaoCloud Console > Security > KMS.
  2. In User keys list, click name of key for which you want to enable access control.
  3. On details page, click Access control tab.
  4. Click [Enable access control] button on right side of Access control title.
  5. When you enable access control, you can add allowed subjects. To add subjects, you need permission to view IAM resources in project.
    • If you are owner, you can choose to allow only owner.
    • If owner loses service access permissions and there is no longer any subject that can manage key, request owner change through Help Desk. Changed owner must have IAM roles required to manage access control.
    • If you enable access control without adding your own account other than owner, you will also lose access to key, so make sure to verify before proceeding.
    • Individual users who belong only to groups are excluded from subject search.
    • Owner is not displayed in subject list.
  6. In Enable access control modal, click [Use].
  7. Even if subject has service access permissions, it cannot access key unless it is included in allowed subjects.
    • For access requests, contact owner or subject with permission to manage allowed subjects.

Disable access control

If access control is enabled, you can change it to Disable access control.

  1. Go to KakaoCloud Console > Security > KMS.
  2. In User keys list, click name of key for which you want to disable access control.
  3. On details page, click Access control tab.
  4. Click [Disable access control] button on right side of Access control title.
  5. In Disable access control modal, click [Disable].
    • Allowed subject list is reset. If you enable it again, you must configure allowed subject list again.
  6. Subjects with service access permissions can access key.