The page has been translated by Gen AI.

Console Access

The console access feature allows PM and PL group users to manage access to the CSP console by assigning roles and policies to cloud accounts and users. Here, users can access the console with the appropriate permissions based on the settings.

The console access section consists of four main management areas.

  1. Role Management: Defines and manages the level at which users can access the CSP console.
  2. Policy Management: Defines new policies and manages the roles mapped to each policy.
  3. Account Management: Manages cloud accounts and ensures each account is mapped to the correct role permissions.
  4. User Management: Controls user console access by mapping users to the correct roles, giving them the necessary permissions to access the cloud console.

Role Management

In the role management menu, you can view and manage all roles registered to a project, and filter roles by CSP or project.

Create Role

To create a role, click the Create Role button. To create a new role, you must fill in the required information in the popup window:

  1. Project: Select a project from the user’s project list.
  2. CSP: Select a CSP.
  3. Role Name: Enter a unique role name and click the Validate button to check for consistency.
  4. Description: Add a brief description of the role.

View Role

To access detailed information about a role, go to the role management menu and click on the desired role. All project users can view role details, including policies, cloud accounts, and users mapped to the role.

The role view screen displays the following key details:

  1. Role Information: Basic details related to the role.
  2. Delete Role: Click the Delete button to remove this role.
  3. Policies: Displays a list of policies currently mapped to the role.
  4. Accounts: Displays a list of accounts related to the role.
  5. Users: Displays a list of users connected to the role.
Note
To set up policy, account, and user mappings, you must first create policies in the policy management menu and ensure that cloud accounts and users are pre-registered to the project.
Note
  • The process in CSPs starts after the user addition approval is completed. Therefore, it may take some time for the status to change to Approved and be confirmed in the user’s CSP Role list. (Up to 10 minutes)
  • Maximum 10 policies can be mapped to an AWS role.
  • Each account has a role limit based on its CSP with up to 800 roles in AWS and up to 5000 in Azure.
  • Each user has a role limit based on the CSP with up to 10 roles of AWS and 4000 roles of Azure can be mapped.

Delete Role

To delete a role and remove its mapping, select the role from the list and click the Delete button. Or alternatively, click the Delete button on the View Role page. Confirm the action to delete the role permanently. Removing a policy mapping eliminates the relationship between the role and the related policy.

Policy Management

PM and PL group users can add or delete policies mapped to a role by selecting or deselecting policies from the policy list.

Create Policy

To create a new policy, click Create Policy and fill in the required information:

  1. Project: Select a project from your list of registered projects.
  2. CSP: Choose the cloud service provider.
  3. Policy Name: Enter a name for the policy and validate it.
  4. JSON Code: Provide the JSON code that defines the policy.
  5. Description: Include a brief description of the policy.

To map a policy to a role, click the Add button above the policy list to open a popup. In the popup, you can view and select policies defined within the same project. Click the Save button to complete the mapping process. You can map multiple policies at once.

Make sure to check if the desired policy is created in the policy management menu before mapping.

View Policy

To access detailed information about a policy, navigate to the Policy Management section and click on the desired policy. All project users can view policy details, including the roles mapped to the policy.

Delete Policy

To remove a policy mapping from a role, select the policy from the list and click the Delete button. The deleted policy will reappear in the Add Policy popup list, allowing you to add it back if needed. Removing a policy mapping eliminates the relationship between the role and the related policy.

Account Management

PM and PL group users can map cloud accounts to a role or remove them.

View Account

To view account details:

  • Navigate to Account Management and click on the desired account.
  • All project users can access the account’s details, including a list of roles mapped to that account.
  • Project managers or PL group users can also edit or delete roles associated with the account.

Add Role to Account

  • To map roles to an account, click the “Add” button above the roles list to open the “Add Roles” pop-up.
  • In the pop-up, select roles from the list that belong to the same project as the account, and click the Save button to complete the mapping process.
Note
  • Maximum 800 roles can be mapped to an AWS account and 5000 roles to an Azure account.

Delete Role from Account

To remove a role from an account, select the role from the list and click the Delete button. The deleted role will reappear in the Add Role popup, allowing you to add it back if needed. You can delete multiple roles at once.

User Management

Through the user management menu, users can view and manage all users registered to a project. Users can be searched by name.

View User

To view user details:

  • Go to the user management menu and click on the user.
  • All project users can view user details, including roles mapped to the user.
  • PM or PL group users can add or delete roles from the user.

Add Role to User

To map a role to a user, click the Add button above the role list to open the Add Role popup. In the popup, you can view all roles in the user’s project, select the role to add, and click the Create Approval button to proceed with the approval process.

Note
  • Each user has a role limit based on the CSP with up to 10 roles of AWS and 4000 roles of Azure can be mapped.

Create Approval

Assigning a role to a user requires an approval process, which is done through the Create Approval popup and sent via Knox approval system or CAM’s own approval system.

  1. Title: Automatically input by the system and cannot be modified.
  2. Approver: Automatically added by the system, with the option to add approvers and consensus following the approval guide.
  3. Content: Project and role information is automatically input by the system and cannot be modified.

Delete Role from User

To remove a role from a user, click the Delete button. After a final deletion confirmation, the user’s role mapping will be removed. The removed role will reappear in the Add Role popup, allowing you to add it back if needed. Role removal does not require approval, but re-adding a role does.

Home
Resource Access