Impossible Cloud Documentation
  • Company overview
    • What is Impossible Cloud
  • Getting Started
    • Getting Started with Impossible Cloud Storage
      • Setting up
      • Next steps
      • Getting support
  • Feature Release Notes
    • 29th April 2025
  • Impossible cloud storage Guide
    • Storage Console URLs and API Endpoints
    • Storage Console
      • Accessing the console
        • Signing up for Impossible Cloud Storage
        • Signing in to Impossible Cloud Storage
        • Session lifetime limits
      • Interacting with the console
        • Navigating the menu
        • Using the panel
    • Buckets and Objects
      • Creating a bucket
      • Storing objects in a bucket
      • Interacting with objects
      • Creating folders in a bucket
      • Interacting with folders and buckets
      • Public File Sharing via URLs
      • Emptying a Bucket
      • Limitations
      • Versioning and object lock
        • Enabling versioning
        • Using versioning
        • Enabling object lock
        • Using object lock
    • Access keys
    • CLI User Guide
      • AWS CLI installation instructions
      • AWS CLI configuration
      • Using Impossible Cloud with AWS CLI
      • AWS CLI basic commands
      • AWS CLI advanced commands
        • Examples
      • AWS CLI for cloud-to-cloud migration scenarios
      • AWS CLI Credentials & Config chain
      • AWS CLI: IAM
        • Limitations
        • List of supported operations
        • Operations Descriptions and Examples
    • Usage
      • Storage Calculation
      • Fair use policy
    • Profile settings
      • Multi-Factor Authentication (MFA)
        • Enabling and Disabling MFA
        • MFA Reset
        • Organization-Wide Policies
  • Security
    • Securing Your Data
    • Identity Access Management (IAM)
      • Managing Users
      • Managing Groups
      • Managing Policies
    • CORS support
      • Limitations
      • CORS Configuration
  • Integrations with other applications
    • Backup Software Integrations Guides
    • Cloud Storage Browsers Integrations Guides
    • Media Management Software Integrations Guides
    • NAS Applications Integrations Guides
  • Other support resources
    • Impossible Cloud Management Console (ICMC)
    • Knowledge Base
    • Help Center
    • System Status
Powered by GitBook
On this page
  • Overview
  • Users, Policies, and Groups
  • Supported IAM Features

Was this helpful?

Export as PDF
  1. Security

Identity Access Management (IAM)

PreviousSecuring Your DataNextManaging Users

Last updated 1 month ago

Was this helpful?

Overview

The Impossible Cloud Storage Console (ICSC) is an enterprise-grade cloud storage management tool that offers Identity and Access Management (IAM). This feature enables Role-Based Access Management (RBAC) for securing your storage and complying to data governance rules and regulatory requirements.

The Impossible Cloud Storage is S3 compatible and is built based on the industry-standard. Thus, users can expect the underlying IAM features to be similar to what they are accustomed to. The Impossible Cloud Storage's IAM features can be configured through the Storage Console (GUI) as well as using the .

Users, Policies, and Groups

There are three main concepts that should be considered when using Impossible Cloud Storage's IAM features: Users, Policies, and Groups - each with a dedicated tab in the GUI.

  • : A specific account with a dedicated login mail and password. This can either be a root user or a sub-user. A user represents an individual that can access the Impossible Cloud Storage Console. For instance, an employee in a marketing department.

Currently, every organization will receive one root user with the ability to manage identity and access for their organization.

  • : A set of permissions defining what individuals can see and do. These rules are defined on a group level, which consists of dedicated users. For instance, this could comprise of permissions for the marketing department to access marketing-relevant content.

  • : A representation of an organizational unit comprising of user accounts assigned to selected policies. For instance, this could be a marketing department.

Supported IAM Features

To provide true S3 compatibility, our object storage supports all S3 actions and effects. This means that permissions can be assigned at the most granular level. For instance:

  • List: Shows a list of buckets authorized for the respective group. This is a minimum requirement for any sub-user in that group to see the assigned buckets.

  • Read: This allows the assigned group's sub-users to retrieve objects with their previous versions and configurations (e.g. object lock status, retention periods, and legal hold status).

  • Write: This allows sub-users of the assigned group to delete and/or add an object to a bucket.

Refer to AWS documentation on S3 and for more details.

AWS IAM API
User
Policy
Group
actions
effects