This repository has been archived by the owner on Aug 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 38
/
access_identities.dita
20 lines (16 loc) · 1.66 KB
/
access_identities.dita
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<?xml version="1.0" encoding="UTF-8"?>
<!--This work by Eucalyptus Systems is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. See the accompanying LICENSE file for more information.-->
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept id="access_identities">
<title>User Identities</title>
<shortdesc></shortdesc>
<conbody>
<p>In Eucalyptus, user identities are organized into accounts. An account is the unit of resource usage
accounting, and also a separate namespace for many resources (security groups, key pairs, users,
etc.)</p>
<p>Accounts are identified by either a unique ID (UUID) or a unique name. The account name is
equivalent to IAM’s account alias. It is used to manipulate accounts in most cases. However, to be compatible with AWS, the EC2 commands often use account ID to display resource ownership. There are command line tools to discover the correspondence of account ID and account name. For example, euare-accountlist lists all the accounts with both their IDs and names.</p>
<p>An account can have multiple users, but a user can only be in one account. Within an account, users can be associated with Groups. Group is used to attach access permissions to multiple users. A user can be associated with multiple groups. Because an account is a separate name space, user names and group names have to be unique only within an account. Therefore, user X in account A and user X in account B are two different identities.</p>
<p>Both users and groups are identified by their names, which are unique within an account (they also have UUIDs, but rarely used).</p>
</conbody>
</concept>