| title | excerpt | updated |
|---|---|---|
Creating an IAM policy to allow users access to the OVHcloud Control Panel |
Find out how to grant the minimum rights required to log in to the OVHcloud Control Panel |
2024-10-02 |
This guide explains how to provide a user with the minimum rights to allow them to log in to the OVHcloud Control Panel.
- You have an OVHcloud account.
- You know how to manage account users.
- You know how to configure policies for IAM.
To be able to log in to the OVHcloud Control Panel, a user should have at least this set of rights on the account resource:
- account:apiovh:me/get
- account:apiovh:me/supportLevel/get
- account:apiovh:me/certificates/get
- account:apiovh:me/tag/get
With these rights, a user will be able to log in to the OVHcloud Control Panel. To be able to perform any actions inside the Control Panel however, additional rights have to be assigned through IAM.
Using the UI, you can set up a policy with the following configuration:
Add the identites you want to give access to.
{.thumbnail}
Add a resourceType "OVHcloud customer account" and add your account as a resource.
{.thumbnail}
Then you can either use the managed permissions group controlPanelAccess
{.thumbnail}
Or add the 4 rights listed above as an action.
{.thumbnail}
You can now link your users to this policy to give them the right to log in to the OVHcloud Control Panel.
Using the API, you can set up a policy according to the following example:
{
"name": "manager_ro",
"description": "manager_ro",
"identities": [
....
],
"resources": [
{
"urn": "urn:v1:eu:resource:account:xx1111-ovh"
}],
"permissions": {
"allow": [
{
"action": "account:apiovh:me/get"
},
{
"action": "account:apiovh:me/supportLevel/get"
},
{
"action": "account:apiovh:me/certificates/get"
},
{
"action": "account:apiovh:me/tag/get"
}
]
}
}Join our community of users.