Creating a service ID by using the IBM Cloud Private management console

You can create a service ID that provides your users with specific role permissions for an identified service on your cluster.

Complete the following steps to create a service ID:

  1. Log in to the IBM Cloud Private Web console of your cluster with an ID that has cluster administrator access.

  2. In the navigation menu, select Manage > Identity & Access.

  3. Select Service IDs.

  4. Select Create a service ID.

  5. Enter a name and description for your service ID. The name must be a single string that only contains letters, numbers, underscores (_), and hyphens (-).

  6. The binding type is to a namespace.

  7. Select an existing namespace from the list. Selecting the namespace defines the scope of the service ID.

  8. Select Create to create the service ID.

  9. Bind an access policy to the service ID. You must have an associated access policy to identify which roles are affected by the service ID. Complete the following steps:

    1. Navigate to Manage > Identity & Access > Service IDs, if you are not already on that screen.
    2. Select the name of the service ID that you want to update.
    3. Select the Access Policies tab. A list of the access policies that are already associated with that service ID is displayed.
    4. Select Create Access Policy to create the access policy.
    5. Select the role to which you are giving the permissions.
    6. Select the service type to be managed by this policy. The 3 steps that follow are optional, and narrows the scope of where the service ID has permissions.
    7. Specify an instance of the selected service type to control limit the access to that instance.
    8. Enter the resource type and the resource identifier of the specified instance to further narrow the scope of that instance.
    9. Select Add to associate the access policy with the service ID.

  10. Create an API key for the service ID. By using the API key, the call is identified as coming from this service ID. Complete the following steps:

    1. As you view the details of the service ID, select the API keys tab.
    2. Select Create API Key to obtain a key assigned to the service ID.
    3. Enter the Name and Description for your API key. This helps you identify it when you download it.
    4. Select Create to download the API key. The key is downloaded as a .json file to your default location.
      Remember: You cannot view the API key after you leave this screen.

  11. Click Add Teams and select the team that you want to bind with service ID. You must bind a team to the service ID to identify the roles that are affected by the service ID.

  12. You can remove a service ID by selecting the Open and close the list of options (...) icon for the service ID, and select Remove.

Note: If you want to create a service ID by using the command-line interface, see Creating a service ID by using the IBM Cloud Private CLI.