Impossible Cloud Storage Help
  • Company overview
    • What is Impossible Cloud
  • Getting Started
    • Getting Started with Impossible Cloud Storage
      • Setting up
      • Next steps
      • Getting support
  • Impossible cloud storage Guide
    • Storage Console URLs and API Endpoints
    • Storage Console
      • Accessing the console
        • Signing up for Impossible Cloud Storage
        • Signing in to Impossible Cloud Storage
        • Session lifetime limits
      • Interacting with the console
        • Navigating the menu
        • Using the panel
    • Buckets and Objects
      • Creating a bucket
      • Storing objects in a bucket
      • Interacting with objects
      • Creating folders in a bucket
      • Interacting with folders and buckets
      • Public File Sharing via URLs
      • Emptying a Bucket
      • Limitations
      • Versioning and object lock
        • Enabling versioning
        • Using versioning
        • Enabling object lock
        • Using object lock
    • Access keys
    • CLI User Guide
      • AWS CLI installation instructions
      • AWS CLI configuration
      • Using Impossible Cloud with AWS CLI
      • AWS CLI basic commands
      • AWS CLI advanced commands
        • Examples
      • AWS CLI for cloud-to-cloud migration scenarios
      • AWS CLI Credentials & Config chain
      • AWS CLI: IAM
        • Limitations
        • List of supported operations
        • Operations Descriptions and Examples
    • Usage
      • Storage Calculation
      • Fair use policy
    • Profile settings
      • Multi-Factor Authentication (MFA)
        • Enabling and Disabling MFA
        • MFA Reset
        • Organization-Wide Policies
  • Security
    • Securing Your Data
    • Identity Access Management (IAM)
      • Managing Users
      • Managing Groups
      • Managing Policies
    • CORS support
      • Limitations
      • CORS Configuration
  • Troubleshooting & Common Questions
    • Common errors
      • I can only see 'buckets' and 'keys' in the menu of the console
      • I can delete objects despite object lock & retention enabled
      • Cannot remove bucket [name]. The bucket you tried to delete is not empty. You must delete all ...
      • Errors while creating a bucket
    • FAQ
      • How to collect HAR log
      • How does pricing work?
      • What are the rules for setting a password?
      • What are the rules for naming buckets?
      • How to retrieve your CanonicalID
      • How to delete thousands of objects via aws cli
      • How does Impossible Cloud handle tax collection?
  • Integrations with other applications
    • Backup Software Integrations Guides
      • Acronis Cyber Infrastructure: creating a backup storage
      • Backup Exec: configuring Cloud Storage
      • Comet Backup: creating a storage vault using storage templates
      • Duplicati: adding a Backup Destination
      • HYCU: adding a Target
      • Impossible Surveillance Cloud
        • Step 1: Create a bucket in Impossible Cloud Console
        • Step 2: Create a subuser and assign policy
        • Step 3: Indentify VMS
          • XProtect
          • MOBOTIX
          • Siviellance
          • Velocity Vision
          • Other
      • MSP360: configuring a Storage Account in the management console
      • Nakivo: creating a Backup Repository
      • Tiger Bridge: configuring Tiger Bridge Target
      • Veeam: adding a Backup Repository
      • Storware: Adding a Backup Destination
    • Cloud Storage Browsers Integrations Guides
      • Cyberduck
        • Using Cyberduck with Impossible Cloud Storage
      • S3 Browser
        • Configuring S3 Browser with Impossible Cloud Bucket
      • CloudBerry Explorer
        • Adding a new Storage Account
      • CloudBerry Drive
        • Add Storage Account in CloudBerry Drive
    • Media Management Software Integrations Guides
      • Iconik: Media Management & Collaboration tool
        • Iconik Integration: Configuring Cloud Storage
    • NAS Applications Integrations Guides
      • QNAP Hybrid Backup Sync
        • Creating a Backup Job to Impossible Cloud Storage
      • Synology Hyper Backup
        • Creating a Backup Task to Impossible Cloud Storage
  • Other support resources
    • Other support resources
    • Impossible Cloud Management Console (ICMC)
Powered by GitBook
On this page
  • Overview
  • Users, Policies, and Groups
  • Supported IAM Features

Was this helpful?

  1. Security

Identity Access Management (IAM)

PreviousSecuring Your DataNextManaging Users

Last updated 4 days ago

Was this helpful?

Overview

The Impossible Cloud Storage Console (ICSC) is an enterprise-grade cloud storage management tool that offers Identity and Access Management (IAM). This feature enables Role-Based Access Management (RBAC) for securing your storage and complying to data governance rules and regulatory requirements.

The Impossible Cloud Storage is S3 compatible and is built based on the industry-standard. Thus, users can expect the underlying IAM features to be similar to what they are accustomed to. The Impossible Cloud Storage's IAM features can be configured through the Storage Console (GUI) as well as using the .

Users, Policies, and Groups

There are three main concepts that should be considered when using Impossible Cloud Storage's IAM features: Users, Policies, and Groups - each with a dedicated tab in the GUI.

  • : A specific account with a dedicated login mail and password. This can either be a root user or a sub-user. A user represents an individual that can access the Impossible Cloud Storage Console. For instance, an employee in a marketing department.

Currently, every organization will receive one root user with the ability to manage identity and access for their organization.

  • : A set of permissions defining what individuals can see and do. These rules are defined on a group level, which consists of dedicated users. For instance, this could comprise of permissions for the marketing department to access marketing-relevant content.

  • : A representation of an organizational unit comprising of user accounts assigned to selected policies. For instance, this could be a marketing department.

Supported IAM Features

To provide true S3 compatibility, our object storage supports all S3 actions and effects. This means that permissions can be assigned at the most granular level. For instance:

  • List: Shows a list of buckets authorized for the respective group. This is a minimum requirement for any sub-user in that group to see the assigned buckets.

  • Read: This allows the assigned group's sub-users to retrieve objects with their previous versions and configurations (e.g. object lock status, retention periods, and legal hold status).

  • Write: This allows sub-users of the assigned group to delete and/or add an object to a bucket.

Refer to AWS documentation on S3 and for more details.

AWS IAM API
User
Policy
Group
actions
effects