Learn how to provide a user with the minimum rights to allow them to log in to the OVHcloud Control Panel.
Requirements
- an OVHcloud account
- knowing how to manage account users
- knowing how to set up policies for IAM
Instructions
To be able to log in to the OVHcloud Control Panel, a user should have at least this set of rights on the account resource:
- account:apiovh:me/get
- account:apiovh:me/certificates/get
- account:apiovh:me/tag/get
With these rights, a user will be able to log in to the OVHcloud Control Panel. To be able to perform any actions inside the Control Panel additional rights have to be assigned through IAM.
Using UI
Using the UI, you can set up a policy with the following configuration:
- Add a
resourceType
"OVHcloud customer account". - Add your account as a resource.
- Add the three rights listed above as an action.
You can now link your users to this policy to give them the right to log in to the OVHcloud Control Panel.
Using API
Using the API, you can set up a policy according to the following example:
{
"name": "manager_ro",
"description": "manager_ro",
"identities": [
....
],
"resources": [
{
"urn": "urn:v1:us:resource:account:xx1111-ovh"
}],
"permissions": {
"allow": [
{
"action": "account:apiovh:me/get"
},
{
"action": "account:apiovh:me/supportLevel/get"
},
{
"action": "account:apiovh:me/certificates/get"
},
{
"action": "account:apiovh:me/tag/get"
}
]
}
}
Go further
For more information and tutorials, please see our other IAM or Manage and Operate guides, or explore the guides for other OVHcloud products and services.