The page has been translated by Gen AI.

Console Access

The console access feature allows PM and PL group users to assign roles and policies to cloud accounts and users, enabling management of access to the CSP console. Based on the permissions set here, users can access the console with the appropriate privileges.

The console access section consists of four main management areas.

  1. Role Management: Defines and manages the level at which a user (User) can access the CSP console.
  2. Policy Management: Define new policies (Policy) and manage the roles mapped to each policy.
  3. Account Management: Manage cloud accounts (Account) and ensure each account is mapped to the correct role permissions.
  4. User Management: By mapping each user to the appropriate role (Role), we ensure they have the permissions required to access the cloud console, thereby controlling user console access.

Role Management

In the role management menu, you can view and manage all roles registered in the project, and filter roles by CSP or by project for review.

Create role

To create a role, click the Create Role button. To create a new role, you must fill in the following required information in the popup window.

  1. Project: Select a project from the user’s project list.
  2. CSP: Select CSP.
  3. Role Name: Enter a unique role name and click the Validate button to check consistency.
  4. Description: Add a brief description of the role.

View role

To access detailed information about a role, go to the role management menu and click the desired role. All project users can view role details, including policies, cloud accounts, and users mapped to the role.

The role view screen displays key details, including the following.

  1. Role Information: Basic details related to the role.
  2. Delete Role: Delete click the button to remove this role.
  3. Policy: Shows the list of policies mapped to the current role.
  4. Account: Shows a list of accounts related to the role.
  5. User: Shows the list of users associated with a role.
Reference
To set up policy, account, and user mappings, you must first create a policy in the policy management menu, and the cloud accounts and users must already be registered in the project.
Reference
  • The CSP process starts after the user addition approval is completed. Therefore, it may take some time (up to 10 minutes) for the status to change to ‘Approved’ and appear in the user’s CSP role list.
  • You can map up to 10 policies to an AWS role.
  • Each account has role limits based on the CSP; AWS can have up to 800 roles, while Azure can have up to 5,000 roles.
  • Each user has role limits based on the CSP, and in AWS up to 10 roles can be mapped, while in Azure up to 4,000 roles can be mapped.

Delete role

PM or PL group users can delete roles within a project. In the role management list, select the role to delete and click the Delete button. Or you can delete them one by one by clicking the Delete button on a specific role screen.

Policy Management

PM and PL group users can select or deselect policies from the policy list to add or remove policies mapped to a role.

Create Policy

To create a new policy, click the “Create Policy” button and fill in the required information in the “Create Policy” popup.

  1. Project: Select a project from the list of registered projects.
  2. CSP: Select CSP.
  3. Policy Name: Enter the policy name and click the “Validate” button to verify its consistency.
  4. JSON code: Enter the JSON code that defines the policy.
  5. Description: Add a brief description of the policy.

To map policies to a role, click the Add button above the policy list to open the popup window. In the popup, you can view and select policies defined within the same project. Click the Save button to complete the mapping process. You can map multiple policies at once.

Before mapping the policy, verify that the desired policy has been created in the policy management menu.

View policy

To view detailed information about a policy, go to the Policy Management menu and click the desired policy. All project users can view policy details, including the roles mapped to the policy.

Delete Policy

To remove a policy mapping from a role, select the policy from the list and click the Delete button. The deleted policy will reappear in the Add Policy popup list, and can be added again if needed. Removing the policy mapping eliminates the relationship between the role and the associated policies.

Account Management

PM and PL group users can map or remove cloud accounts from roles.

View Account

To view account details:

  • Go to Account Management and click the desired account.
  • All project users can access the details of that account, and the account includes a list of mapped roles.
  • PM or PL group users can also edit or delete roles associated with the account.

Add role to account

  • To map roles to an account, click the Add button above the role list to open the Add Roles popup.
  • In the popup, select a role that belongs to the same project as the account and click the Save button to complete the mapping process.
Reference
  • You can map up to 800 roles in an AWS account and up to 5,000 roles in an Azure account.

Delete role from account

To remove a role from an account, select the role from the list and click the Delete button. The removed role reappears in the Add Role popup, and you can add it again if needed. You can also delete multiple roles at once.

User Management

Through the User Management menu, users can view and manage all users registered within the project. Users can search for a user by name.

User view

To view the user’s details:

  • Go to User Management and click the user.
  • All project users can view user details, including the roles mapped to that user.
  • PM or PL group users can add or remove roles for a user.

Add role to user

To map a role to a user, click the Add button above the role list to open the Add Role popup. In the popup, you can view all roles in the project the user belongs to, select the role to add, and click the Create Approval button to proceed with the approval process.

Reference
  • Each user has role limits based on the CSP and can map up to 10 AWS roles and 4,000 Azure roles.

Create approval

To assign a role to a user, an approval process is required. The approval process proceeds through the Create Approval popup and then via the Knox approval system or CAM’s own approval system.

  1. Title: Automatically entered by the system and cannot be edited.
  2. Approver: The approval route is automatically assigned by the system, and you can manually add approvers and consentees according to the approval guide.
  3. Content: Project and role information is automatically entered by the system and cannot be edited.

Remove role from user

To unmap a role from a user, click the Delete button. After confirming the final deletion, the user’s role mapping is removed. The removed role reappears in the Add Role popup, allowing you to add it again if needed. Note that unmapping a role does not require approval, but re-adding a role does require approval.

Home
Resource Access