Identity Access Management (IAM)

Impossible Cloud is an enterprise-grade cloud service provider that offers sophisticated identity access management (IAM), formerly known as user management. This enables data access restrictions, enforces data governance rules, and ensures compliance with regulatory requirements. Our product is built following the industry S3 standard, so users can expect the underlying features to be similar to what they're accustomed to from other cloud providers.

Three main concepts should be considered when using Impossible Cloud Storage's IAM - each with a dedicated tab in the menu. Note that each of these tabs is only visible to the root user:

  • Root user: A specific account with a dedicated login mail and password. This can either be a root user or a sub-user. While the root user can define groups and policies, the sub-user can only conduct the dedicated interactions assigned to the group(s) that the account belongs to. For instance, this could be marketing staff.

  • Group: A representation of an organizational unit comprising dedicated accounts assigned to selected policies. For instance, this could be a marketing department.

  • Policy: A set of permissions defining what individuals can see and do. These rules are defined on a group level, which consists of dedicated users. For instance, this could comprise permissions for the marketing department for marketing-relevant content.

To provide you with true S3 compatibility, our object storage enables key S3 permissions consisting of:

  • List: Shows an overview of authenticated buckets for the respective group. This is a minimum requirement for any sub-user in that group to see the assigned buckets.

  • Read: When partially enabled, this allows the assigned group's sub-users to retrieve objects and their previous versions. When fully enabled, you can also allow these sub-users to retrieve the status of the object lock incl. retention and legal hold status.

  • Write: When enabled, this allows sub-users of the assigned group to delete or add an object. Root users can choose to assign either permission or both simultaneously to a group.

Please refer to this guide for instructions on managing IAM through AWS CLI.

Information about IAM endpoints is available here: Endpoints and console URLs.

Last updated