Creating a service ID by using the IBM Cloud Private management console
You can create a service ID that provides your users with specific role permissions for an identified service on your cluster.
Complete the following steps to create a service ID:
-
Log in to the IBM Cloud Private Web console of your cluster with an ID that has cluster administrator access.
-
In the navigation menu, select Manage > Identity & Access.
-
Select Service IDs.
-
Select Create a service ID.
-
Enter a name and description for your service ID. The name must be a single string that only contains letters, numbers, underscores (_), and hyphens (-).
-
The binding type is to a namespace.
-
Select an existing namespace from the list. Selecting the namespace defines the scope of the service ID.
-
Select Create to create the service ID.
-
Bind an access policy to the service ID. You must have an associated access policy to identify which roles are affected by the service ID. Complete the following steps:
- Navigate to Manage > Identity & Access > Service IDs, if you are not already on that screen.
- Select the name of the service ID that you want to update.
- Select the Access Policies tab. A list of the access policies that are already associated with that service ID is displayed.
- Select Create Access Policy to create the access policy.
- Select the role to which you are giving the permissions.
- Select the service type to be managed by this policy. The 3 steps that follow are optional, and narrows the scope of where the service ID has permissions.
- Specify an instance of the selected service type to control limit the access to that instance.
- Enter the resource type and the resource identifier of the specified instance to further narrow the scope of that instance.
- Select Add to associate the access policy with the service ID.
-
Create an API key for the service ID. By using the API key, the call is identified as coming from this service ID. Complete the following steps:
- As you view the details of the service ID, select the API keys tab.
- Select Create API Key to obtain a key assigned to the service ID.
- Enter the Name and Description for your API key. This helps you identify it when you download it.
- Select Create to download the API key. The key is downloaded as a
.json
file to your default location.
Remember: You cannot view the API key after you leave this screen.
-
Click Add Teams and select the team that you want to bind with service ID. You must bind a team to the service ID to identify the roles that are affected by the service ID.
-
You can remove a service ID by selecting the Open and close the list of options (...) icon for the service ID, and select Remove.
Note: If you want to create a service ID by using the command-line interface, see Creating a service ID by using the IBM Cloud Private CLI.