Managing ID Center Permission Sets

You can view and manage the permission sets of the ID Center.

Create Permission Set

You can create a permission set and add it to ID Center. To create a permission set, follow these steps.

1. Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.

2. On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.

3. On the Permission Set List page, click the Create Permission Set button. You will be taken to the Create Permission Set page.

4. On the Create Permission Set page, after entering the basic information in the Basic Information Input area, click the Next button.

   Category	Required status	Detailed description
   Permission set name	Required	Enter the permission set name using English letters, numbers, and special characters (+=-_@,.) within 32 characters
   description	Select	Enter a description of the permission set within 1,000 characters
   Maximum session duration	Required	Enter the session time allowed for the user when accessing the Console via the Access Portal Select time: 1 hour, 2 hours, 4 hours, 8 hours, 12 hours Enter duration: can be entered in seconds ranging from 3,200 seconds (1 hour) to 43,200 seconds (12 hours)

   Table. Permission set basic information items

5. Permission Set Settings area, select the policy to use and configure the policy, then click the Next button.

   Category	Required status	Detailed description
   Default policy	Selection	Connect the default policies offered by the Samsung Cloud Platform Console After selecting the Use item, select the default policy to associate with the permission set from the list
   Custom policy	Select	Connect a custom policy created under the Account Select the Use item, then directly enter the custom policy to attach to the permission set The permission set cannot be applied to Accounts that lack an IAM policy name matching the entered custom policy name
   Inline policy	Select	Directly set the policies to apply to the permission set Use after selecting the item, configure according to the policy setting mode Default mode: Configure using the mode provided by the Console. Refer to 인라인 정책 생성하기 JSON mode: Directly configure using the JSON Editor

   Table. Permission set configuration items

   guide

   A permission set can be linked with up to 20 policies in total, combining default and custom policies.

6. In the Input Information Confirmation area, after reviewing the basic information and permission policies of the permission set, click the Create button.

7. When the popup notifying the creation of a permission set opens, click the Confirm button.

View permission set details

You can view and manage detailed information about permission sets, user groups, and account information. To view the detailed information of a permission set, follow these steps.

1. Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
2. On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.
3. On the Permission Set List page, click the permission set whose details you want to view. You will be taken to the Permission Set Details page.
   • The Permission Set Details page displays basic information and consists of Basic Information, Permissions, Account tabs.

Basic Information

You can view and edit the basic information of the permission set.

Permission

You can view and manage policies attached to a permission set.

Account

You can view and edit the Account information of a permission set.

Connect the default policy

You can attach a new default policy to a permission set. To link the default policy, follow the steps below.

1. Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.

2. On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.

3. On the Permission Set List page, click the permission set to which you want to attach the default policy. You will be taken to the Permission Set Details page.

4. On the Permission Set Details page, click the Permission tab.

5. In the Default Policy area, click the Policy Connection button. Navigate to the Default Policy Connection page.

6. On the Basic Policy Connection page, select the policy you want to link from the default policy list, then click the Complete button.

   Category	Required	Detailed description
   Linked default policy	-	Default policy name attached to the permission set
   Default policy connection	Required	Select the default policy to attach to the permission set When selected, add to the Connected Default Policy item

   Table. Attach default policy to permission set item

7. When the popup notifying the policy connection opens, click the Confirm button.

Connecting a custom policy

You can attach a new custom policy to a permission set. To link a custom policy, follow these steps.

1. Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.

2. On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set page.

3. Permission Set List page, click the permission set to attach a custom policy. You will be taken to the Permission Set Details page.

4. On the Permission Set Details page, click the Permission tab.

5. In the Custom Policy area, click the Policy Connect button. You will be taken to the Custom Policy Connect page.

6. On the Custom Policy Connection page, select the policy you want to connect from the custom policy list, then click the Done button.

   Category	Whether required	Detailed description
   Attached custom policy	-	Default policy name attached to the permission set
   Custom policy association	Required	Directly enter a custom policy to attach to the permission set When selected, add to the Attached Custom Policy item Click the Add button to further enter custom policies to attach

   Table. Attach a custom policy to a permission set item

7. When the popup notifying the policy connection opens, click the Confirm button.

Create Inline Policy

You can modify the inline policy attached to the permission set. To modify the inline policy, follow these steps.

1. Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.

2. On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.

3. Permission Set List page, click the permission set to edit the inline policy. You will be taken to the Permission Set Details page.

4. On the Permission Set Details page, click the Permission tab.

5. In the Inline Policy area, click the Create Policy button. You will be taken to the Create Inline Policy page.

6. Inline Policy Creation page’s Permission Settings area, after selecting the policy configuration method and the service to apply, click the Next button.

   Category	Required status	Detailed description
   Basic mode/JSON mode	Required	Select the policy configuration method Default mode: Configure using the mode provided by the Console JSON mode: Configure directly using the JSON Editor
   Service	Required	Select the service to set the policy Add Service: Add a service to configure the policy

   Table. Inline policy creation - Service configuration

   Caution

   The policy settings provide Basic Mode and JSON Mode.

   • After writing in Basic Mode and entering JSON Mode or navigating the screen, services with duplicate control requirements are consolidated into one, and services that have not completed configuration are deleted.
   • If the content written in JSON mode does not conform to JSON format, you cannot switch to basic mode.

7. After setting the permissions, click the Next button.

   • To register an individual resource as an applied resource, refer to Register an individual resource as an applied resource and proceed.

     Category	Whether required	Detailed description
     Control type	Required	Select policy control type Allow policy: A policy that permits the defined permissions Deny policy: A policy that denies the defined permissions For the same target, the deny policy takes precedence
     Action	Required	Select actions provided for each service Actions that can select individual resources are shown in purple Actions that target all resources are shown in black Add Action Directly: You can specify multiple actions at once using the wildcard *
     Applied resource	Required	Resources to which the action applies All resources: Apply to all resources for the selected action Individual resources: Apply only to the specified resources for the selected action Individual resources are only available when selecting the purple action that allows individual resource selection Click the Add resource button to specify target resources by resource type For more details on Add resource, see Register individual resources as applicable resources
     Authentication Type	Required	Authentication method of the user target to which the policy will be applied All authentication: Applied regardless of authentication method Authentication key authentication: Applied to users authenticated with an authentication key Temporary key authentication, Console login: Applied to users with temporary key authentication or Console login
     Applied IP	Required	IP allowed for policy application Custom IP: User registers and manages the IP directly Applied IP: IP that the user registers directly, to which control policies are applied; can be registered as an IP address or range Excluded IP: IP to be excluded from Applied IP, can be registered as an IP address or range All IPs: No IP access restriction Access is allowed for all IPs, but if exceptions are needed, register Excluded IP to restrict access for the specified IPs
     Additional condition	Select	Add conditions for attribute-based access control (ABAC) Condition Key: Select from Global condition keys and service condition key list Qualifier: Default value, arbitrary value in the request, all values in the request Operator: Bool, Null Value: True, False

     Table. Policy Creation - Permission Settings

8. After reviewing the information entered on the Check Input Information page, click the Complete button.

9. When the popup notifying a policy change opens, click the Confirm button.

Register individual resources as applied resources

Permission Settings allows you to register individual resources as applied resources. To register individual resources as applied resources, follow these steps.

1. In the action selection, select an action that can select individual resources.
   • Actions that allow individual resource selection are displayed in purple.
2. In Applied Resource, click Individual Resource.
3. Click the Add Resource button. The Add Resource popup opens.

   Category	Whether required	Detailed description
   Self-type	Required	Select the type of resource to add
   SRN	-	Unique resource ID in Samsung Cloud Platform Automatically updated according to the input fields below
   Account	Required	Account ID Settings Current Account: Current Account ID is auto-filled and cannot be edited All Accounts: Add to all Accounts (not recommended) Manual Input: Manually enter the Account ID using lowercase English letters and numbers, up to 100 characters (wildcard input not allowed)
   Region	Select	Enter the resource’s region information directly within 100 characters Select All When checked, add resources from all regions
   Resource ID	Required	Enter the resource ID to add directly, up to 100 characters Select All when checked adds all resources of that resource type

   Table. Policy creation - Register individual resources as applicable resources

Delete Permission Set

To delete a permission set, follow these steps.

1. Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
2. On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.
3. Select at least one permission set to delete from the permission set list.
4. After verifying the selected permission set, click the Delete button.
   • You can also delete individually from the Permission Set Details page of the permission set to be deleted.
5. When the popup notifying the deletion of the permission set opens, click the Confirm button.