Manage Policies
IAM Policies are JSON documents that define permissions and rules for accessing resources. These policies are attached to IAM user accounts, user groups, and service accounts to control the actions they can perform on specific resources. IAM policies follow an "allow" or "deny" principle, meaning they explicitly grant or deny access to resources and actions.
Step 1: Creating a Policy
To create a policy, follow these steps:
- Access the IAM Console: https://iam.console.greennode.ai/
- Click on "Policy" in the left menu.
- Click "Create a policy."
- Provide a policy name and an optional description.
- Click "Next step" to continue configuring permissions.
- By default, the interface will display the "Visual editor" tab. Use the Visual editor to continue the creation process.
- Select a specific Product within the Greennode AI Platform you want to configure.
- Specify the Actions allowed on the product's resources.
- Select the Resources to which the actions apply (All resources / Specific resources).
- Provide optional conditions for application.
- To add a new set of Actions applicable to a new set of Resources within the same Policy, click "Add Rule" (as shown below), and continue with steps 6 to 9.
- Review the settings and click "Create policy."
Note: For policies to function correctly, you need to attach them to a specific object (IAM user account, service account, group). Refer to the instructions below for managing policy usage.Step 2: Creating and Editing Policies with JSON
In addition to creating and editing policies with the Visual editor, you can also use the "JSON" tab to create/edit policies. Below is a sample JSON corresponding to the following selection:
- Product: Greennode AI Platform
- Effect: Allow Permission
- Action: All Greennode AI Platfomr actions
- Resource: All resources
- Request conditions: Not set
- {
- "statements": [
- {
- "effect": "allow",
- "actions": [
- "ai-platform:*"
- ],
- "resources": [
- "*"
- ]
- }
- ]
- }
Explanation of JSON Attributes:
- Statement: The core of the policy.
- Effect:
AlloworDenypermissions. - Action: A list of actions allowed/denied on the Resource.
- Resource: A list of resources to which the Actions apply.
- Condition: (Optional) Request conditions.
- Effect:
Relationship Between Visual Editor and JSON
The Visual editor and JSON are two policy editing tools provided by IAM Greennode AI Platform.
When you create/edit a policy from the Visual editor/JSON, the data is automatically updated between the two tabs.
To streamline the process of creating/editing policies, you can switch between the Visual editor and JSON features. Note that all actions/edits from either tab are synchronized with the other tab.
Step 3: Managing Policy Usage
To attach a policy to IAM user accounts, groups, and service accounts, follow these instructions:
- Access the policy you want to manage.
- On the policy details page, click the "Policy usage" tab.
- To attach the policy to the desired objects, click the "Attach" button in the upper right corner. A popup will appear, allowing you to select the objects to apply the policy to.
- In the popup:
- Click the "User" tab and select the IAM User Accounts to which this policy will apply.
- Click the "Group" tab and select the User Groups to which this policy will apply.
- Click the "Service Account" tab and select the Service Accounts to which this policy will apply.
- Review the selected objects and click the "Add" button to complete the process.
- You can review the list of objects that have just been assigned by clicking on the "User," "Group," or "Service Account" tabs.
Step 4. Deleting a Policy
You can delete a policy by following these two options:
Delete multiple policies at once:
- Access IAM with the Root User Account or an IAM User Account.
- Click on "Policy" in the left menu.
- Select the policies you want to delete (a "Delete" button will be enabled in the upper right corner when you select at least one policy).
- Click the "Delete" button. A confirmation dialog will appear to ensure you are not deleting the wrong policies. Then, click the "Confirm" button to complete the process.
Delete a single policy: We recommend accessing the policy details and reviewing the "Policy usage" information before deleting to ensure you are not deleting the wrong policy.
Note:To avoid accidentally deleting policies that are being used by IAM objects, we recommend detaching the policy from the IAM objects instead of deleting it directly. Once a policy is deleted, it cannot be recovered.
Related Articles
Manage User Accounts
In Greennode AI Platform, creating IAM user accounts and groups is a straightforward process using the IAM management console. It aims to grant additional users access to services and resources on your account without sharing sensitive security ...Manage User Groups
An IAM User Group is a collection of IAM user accounts. IAM User Groups simplify permission management by allowing you to grant, change, and revoke permissions for multiple IAM user accounts at once. For example, you could create an IAM User Group ...Manage Service Accounts
A Service Account is an identity you create within your Root User account that has specific permissions. It shares some similarities with an IAM User Account. To clarify, both Service Accounts and IAM User Accounts are identities with permission ...Manage a notebook instance
Notebook instances provide you with a dedicated environment to develop and experiment with your AI models. After creating a notebook instance, follow these steps to seamlessly manage your instances: Step 1: Accessing Notebook Instances Dashboard: ...Manage a model endpoint
This guide will walk you through the key features and steps involved in deploying your models, optimizing costs through undeployment, and removing endpoints when they are no longer needed. After creating a model endpoint, follow these steps to ...
