| copyright | lastupdated | ||
|---|---|---|---|
|
2018-04-11 |
{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:codeblock: .codeblock} {:pre: .pre}
{: #managing-service-access-roles}
You can secure services within {{site.data.keyword.Bluemix_notm}} by allowing only users with specified access roles to complete certain actions. {: shortdesc}
{: #platform-access-roles}
You can use platform access roles to enable users to complete tasks on platform resources, such as creating or deleting instances in your IBM Cloud account.
Table 1. Actions that are mapped to platform access roles| Action | Role |
|---|---|
| View instances of Certificate Manager | Administrator, Operator, Editor, Viewer |
| Create an instance of Certificate Manager | Administrator, Editor |
| Delete an instance of Certificate Manager | Administrator, Editor |
Historically platform roles also give access to certain actions on certificates within instances. This definition is obsolete and will be removed in the near future.
{: #service-acceess-roles}
You can use service access roles to enable users to complete tasks in Certificate Manager instances, such as importing, downloading, editing or deleting certificates.
Table 2. Actions that are mapped to service access roles| Action | Role |
|---|---|
| List certificates | Manager, Writer, Reader |
| Download a certificate and private key | Manager, Writer |
| Update certificate data | Manager, Writer |
| Upload certificates, private keys, and intermediate certificates | Manager |
| Delete a certificate and private key | Manager |
For more information about user roles and permissions, see User roles.
{: #assigning-user--access-roles}
To assign an access role on the account-level or resource group-level, complete the following steps. If the user is not part of your organization, start by sending an invitation to that user.
- Go to Manage > Account > Users.
- From the Actions menu, select Assign policy.
- Click Assign access to resources or Assign access within a resource group.
- Under Services, select Certificate Manager.
- Optional: Select a Region or use the default, All regions.
- Optional: Select a Service instance or use the default, All instances.
- Under Select roles > Assign platform/service access roles, select the appropriate access level.
Examples:
- Assign the Viewer role to every user so that every user can see service instances.
- If you want a user to be able to create instances, assign the Administrator or Editor role to that user.
- If you want a user to view certificates within an instance, assign the Reader role to that user.