Announcements
Cloud
Security
April 15, 2021 By Charles Comiskey
Randy Bertram
3 min read

Effectively immediately, our IBM Log Analysis and IBM Cloud Activity Tracker services are enabled to perform IAM-based access control of the services.

This feature makes it easier for teams to more effectively manage who has access to data offered through the services. The new IAM-level control offers you the ability to configure role-based access control to individual operators with granularity at the log-line level.

This new feature helps solve several common scenarios:

  1. Business desire to access sections of log and event data for specific insights by larger audiences and audiences outside your normal team.
  2. Security and privacy desire to isolate data access to individuals with a need to know.
  3. Solutions architecture desire to set up application logs and cloud activity tracking events to meet DevOps organizational needs.

A greater ability to control who has access to specific log and event data allows you to more accurately define who has access to specific insights and extend the value of your log and cloud activity event data.

Details on this new feature are documented and available in the services’ respective doc area:

Defining access – an example

In this scenario, the admin has an IBM Log Analysis account named “LA 2” with logs from many applications. Each application may contain sensitive data and there is business desire to keep user access isolated for need to know. Developer A is assigned to an application called tiny-app. The logs of tiny-app are also mingled with all the other logs, which Developer A should not see. 

The Admin wants to restrict Developer A to the tiny-app logs only. The is exemplified in the yellow box above.

The Admin first clicks the gear on the left, then Team > Groups, and creates a new group called “tiny-app.” Users in the group are only able to see logs that match the query “app:tiny-app” (under Access Scope). 

Next, the Admin creates an IAM access group to define which users are in this group. The Admin clicks Manage > Access (IAM) > Access Groups > Create, and creates an access group with two policies:

  1. The first one gives access to the service instance: Viewer for “LA 2.”
  2. The second one selects the Log Group: Viewer and Reader for “LA 2” / “tiny-app.”

In the Users tab, the Admin chooses “Developer A.”

Now, when Developer A opens the “LA 2” instance, only the tiny-app lines are visible.

This scenario can be further extended to security teams and other teams with need for access to specific logs and events. Both IBM Log Analysis and IBM Cloud Activity Tracker support this new feature. You could even use the same IAM groups for access rights across multiple IBM Log Analysis and IBM Cloud Activity Tracker instances.

Get started today

Both the Log Analysis and Activity Tracker services are found in the IBM Cloud catalog. Alternatively, you may access both services within Observability. Learn more about each service:

Charles Comiskey
Product Manager
Randy Bertram
STSM, IBM Cloud Developer Services

More from Announcements
July 2, 2024

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

June 24, 2024

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

June 21, 2024

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters