The page has been translated by Gen AI.

ID Center Permission Set Management

You can check and manage the set of permissions for the ID Center.

Create a set of permissions

You can create a set of permissions and add it to the ID Center.

To create a set of permissions, follow these steps.

  1. All services > Management > ID Center menu is clicked. It moves to the Service Home page of ID Center.
  2. On the Service Home page, click the Authority set menu. It moves to the Authority Set List page.
  3. On the Authority Set List page, click the Create Authority Set button. It moves to the Create Authority Set page.
  4. On the Create Permission Set page, in the Enter Basic Information section, enter the basic information and then click the Next button.
Classification
Necessity
Detailed Description
Permission Set NameRequiredEnter the name of the permission set
  • Use English, numbers, and special characters (+=-_@,.) to enter within 32 characters
Enter a description of the permission set within 1,000 characters
Maximum Session DurationRequiredEnter the session time allowed for the user when accessing the Console through the Access Portal
  • Time selection: 1 hour, 2 hours, 4 hours, 8 hours, 12 hours
  • Direct input: Input possible in seconds from 3,200 seconds (1 hour) to 43,200 seconds (12 hours)
Table. Permission Set Basic Information Items
  1. In the 권한 세트 설정 area, select a policy to use and set the policy, then click the 다음 button.
Classification
Necessity
Detailed Description
Default PolicyOptionalConnects the default policy provided by Samsung Cloud Platform Console
  • Use item is selected and then select the default policy to be linked to the authority set from the list
Custom PolicyOptionalLink the custom policy created under the Account
  • Use item is selected and the custom policy to be linked to the permission set is entered directly
  • If there is no IAM policy name matching the entered custom policy name in the Account, the permission set cannot be applied
Inline PolicyOptionalSet the policy to be applied to the permission set directly
  • Use item is selected and set according to the policy setting mode
  • JSON Mode: Set directly using the JSON Editor
Table. Permission Set Setting Items
Notice
The permission set can have up to 20 policies linked to it, which is the sum of the default policies and custom policies.
  1. In the 입력 정보 확인 area, check the basic information and permission policies of the permission set, and then click the 완료 button.
  2. When the popup window for creating a set of permissions opens, click the Confirm button.

Check details of permission set

You can check and manage detailed information about the permission set, user group, and account information.

To view detailed information about a set of permissions, follow these steps.

  1. Click all services > Management > ID Center menu. It moves to the Service Home page of ID Center.
  2. On the Service Home page, click the 권한 세트 menu. It moves to the 권한 세트 목록 page.
  3. On the Authority Set List page, click the authority set to view detailed information. It moves to the Authority Set Details page.
    • Authority Set Details page displays basic information and consists of Basic Information, Authority, Account tabs.

Basic Information

You can check and modify the basic information of the permission set.

ClassificationDetailed Description
Permission Set DeleteButton to delete the permission set
ServiceService Name
Resource TypeResource Type
SRNUnique resource ID in Samsung Cloud Platform
Resource NameResource Name
  • In policies, it means policy name
Resource IDUnique Resource ID
CreatorUser who created the service
Creation TimeTime when the service was created
ModifierUser who modified the service information
Modified TimeTime when service information was modified
Permission Set NamePolicy Name
Maximum session persistence timeThe session time allowed for users when accessing the Console through the Access Portal
  • Modify button can be clicked to change the persistence time
    • Time selection: 1 hour, 2 hours, 4 hours, 8 hours, 12 hours
    • Direct input: possible to input in seconds from 3,200 seconds (1 hour) to 43,200 seconds (12 hours)
DescriptionDescription of policy name
  • Edit button can be clicked to modify the description
Table. Basic information tab items of the authority set

Authority

You can view and manage policies attached to a set of permissions.

ClassificationDetailed Description
Default PolicyThe default policy linked to the set of permissions
  • After selecting a policy from the default policy list, you can disconnect by clicking the Disconnect button
  • New default policy can be linked by clicking the Link Policy button
User-defined policyUser-defined policies linked to the authority set
  • It is possible to disconnect by selecting a policy from the user-defined policy list and clicking the Disconnect button
  • New user-defined policies can be linked by clicking the Policy Link button
Inline PolicyService name of inline policy connected to the authority set
  • Delete button can be clicked to delete the connected inline policy
  • Policy Edit button can be clicked to modify the inline policy
  • If there is no connected inline policy, the Policy Create button can be clicked to create one
Table. Authority information items of the authority set

Account

You can check and modify the account information of the authority set.

ClassificationDetailed Description
Account nameAccount Name
Account IDAccount ID
EmailAccount’s Email
Table. Account tab items of the permission set

Connect Basic Policy

You can attach a new default policy to the set of permissions.

To link a basic policy, follow these procedures.

  1. Click on 모든 서비스 > Management > ID Center menu. It moves to the Service Home page of ID Center.
  2. On the Service Home page, click the 권한 세트 menu. It moves to the 권한 세트 목록 page.
  3. On the Authority Set List page, click the authority set to link to the basic policy. It moves to the Authority Set Details page.
  4. Authority Set Details page, click the Authority tab.
  5. Click the Policy Link button in the Basic Policy area. It moves to the Basic Policy Link page.
  6. On the Basic Policy Linkage page, select the policy you want to link from the list of basic policies, and then click the Complete button.
Classification
Necessity
Detailed Description
Connected Base Policy-Name of the base policy connected to the authority set
Default Policy LinkRequiredSelect the default policy to link to the authority set
  • If selected, it will be added to the Linked Default Policy item
Fig. Attaching a Default Policy to a Permission Set Item
  1. When the policy connection notification popup window opens, click the Confirm button.

Connect custom policies

You can attach a new custom policy to a set of permissions.

To link a custom policy, follow these steps.

  1. Click all services > Management > ID Center menu. It moves to the Service Home page of ID Center.
  2. On the Service Home page, click the Authority Set menu. It moves to the Authority Set page.
  3. On the Authority Set List page, click the authority set to which you want to attach a custom policy. It moves to the Authority Set Details page.
  4. Authority Set Details page, click the Authority tab.
  5. Click the Policy Link button in the Custom Policy area. It moves to the Custom Policy Link page.
  6. Custom Policy Connection page, select the policy you want to connect from the list of custom policies, and then click the Complete button.
Classification
Necessity
Detailed Description
Connected User-Defined Policy-Default Policy Name Connected to the Authority Set
User-defined policy linkingRequiredEnter the user-defined policy to be linked to the permission set directly
  • When selected, add to the Linked User-Defined Policy item
  • Click the Add button to enter additional user-defined policies to be linked
Table. Items for attaching custom policies to permission sets
  1. When the policy connection notification popup window opens, click the Confirm button.

Creating an inline policy

You can modify the inline policies attached to a set of permissions.

To modify the in-line policy, follow the next procedure.

  1. Click all services > Management > ID Center menu. It moves to the Service Home page of ID Center.
  2. On the Service Home page, click the Authority Set menu. It moves to the Authority Set List page.
  3. On the Authority Set List page, click the authority set you want to modify the in-line policy for. It moves to the Authority Set Details page.
  4. Authority Set Details page, click the Authority tab.
  5. In the 인라인 정책 area, click the 정책 생성 button. This will take you to the 인라인 정책 생성 page.
  6. On the 인라인 정책 생성 page, in the 권한 설정 section, select the policy setting method and the service to apply, then click the 다음 button.
Classification
Necessity
Detailed Description
Basic Mode/JSON ModeRequiredSelect the policy setting method
  • Basic Mode: Use the mode provided by the Console to set
  • JSON Mode: Set directly using the JSON Editor
ServiceRequiredSelect the service to set the policy
  • Add Service: Add a service to set the policy
Table. Inline Policy Creation - Service Settings
Caution

In policy settings, we provide default mode and JSON mode.

  • When entering JSON mode or moving the screen after writing in basic mode, services with duplicated control requirements are integrated into one, and services with incomplete settings are deleted.
  • JSON mode where the contents written in does not match the JSON format can not be converted to default mode.
  1. After setting the permissions, click the Next button.
Classification
Necessity
Detailed Description
Control TypeRequiredPolicy Control Type Selection
  • Allow Policy: a policy that allows defined permissions
  • Deny Policy: a policy that denies defined permissions
Deny policy is applied first for the same target
ActionRequiredSelect actions provided by each service
  • Actions that allow individual resource selection are displayed in purple
  • Actions that target all resources are displayed in black
  • Add Action Directly: You can specify multiple actions at once using the Wildcard *
Applied ResourceRequiredResource to which the action is applied
  • All Resources: Apply to all resources for the selected action
  • Individual Resource: Apply only to the specified resource for the selected action
    • Individual resources are only possible when selecting individual resources in purple actions
    • Click the Add Resource button to specify the target resource by resource type
Authentication TypeRequiredAuthentication method for the target users to apply the policy
  • All Authentication: Applies regardless of the authentication method
  • API Key Authentication: Applies to users who use API key authentication
  • Temporary Key Authentication, Console Login: Applies to users who use temporary key authentication or console login
Applied IPRequiredIP that allows policy application
  • Custom IP: IP registered and managed directly by the user
    • Applied IP: IP registered directly by the user, to which control policies are applied, and can be registered in IP address or range format
    • Excluded IP: IP to be excluded from Applied IP, which can be registered in IP address or range format
  • All IP: No IP access restriction
    • All IPs are allowed access, but if exceptions are needed, Excluded IP can be registered to restrict access to registered IPs
Additional ConditionsOptionalAdd conditions for Attribute-Based Access Control (ABAC)
  • Condition Key: Select from Global condition key and service condition key list
  • Qualifier: Default, Any value in request, All values in request
  • Operator: Bool, Null
  • Value: True, False
Table. Policy Creation - Permission Setting
  1. Check Input Information page, check the entered information and click the Complete button.
  2. If the policy modification notification popup window opens, click the Confirm button.

Registering individual resources as applied resources

You can register individual resources as applied resources when setting permissions.

To register individual resources as applied resources, follow the next procedure.

  1. Select an action where individual resources can be selected from the action options.
  • Actions that allow individual resource selection are displayed in purple.
  1. Applied Resource에서 Individual Resource을 클릭하세요.
  2. Click the Add Resource button. The Add Resource popup window will open.
Classification
Necessity
Detailed Description
Free TypeRequiredSelect the type of resource to add
SRN-Unique resource ID in Samsung Cloud Platform
  • Automatically updated based on the input items below
AccountRequiredAccount ID setting
  • Current Account: Current Account ID is automatically entered and cannot be modified
  • All Accounts: Added to all accounts (not recommended)
  • Direct Input: Account ID is directly entered using English lowercase letters and numbers within 100 characters (Wildcard input is not allowed)
RegionSelectDirectly enter the region information of the resource within 100 characters
  • Select All checks to add resources from all regions
Resource IDRequiredDirectly enter the resource ID to be added within 100 characters
  • Select All If checked, all resources of the corresponding resource type are added
Fig. Policy Creation - Registering Individual Resources as Applied Resources

Delete permission set

Notice
If a set of permissions is applied to an Account, it cannot be deleted.

To delete a set of permissions, follow these steps.

  1. All services > Management > ID Center menu is clicked. It moves to the Service Home page of ID Center.
  2. On the Service Home page, click the 권한 세트 menu. It moves to the 권한 세트 목록 page.
  3. Select one or more authorization sets to delete from the authorization set list.
  4. After confirming the selected set of permissions, click the Delete button. You can also delete them individually from the Delete permission set’s Permission set details page.
  5. When the popup window notifying the deletion of the permission set opens, click the Confirm button.
ID Center Account assignment
ID Center Access Portal use