copyright | lastupdated | keywords | subcollection | ||
---|---|---|---|---|---|
|
2019-02-21 |
authorizations, service to service access, access between services |
iam |
{:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:new_window: target="_blank"} {:tip: .tip} {:note: .note}
{: #serviceauth}
Many of the capabilities of the {{site.data.keyword.Bluemix_notm}} Identity and Access Management (IAM) system are focused on managing and enforcing access to {{site.data.keyword.Bluemix_notm}} resources by users and their applications. However, there might be other scenarios in which you need to provide one service with access to a user's resource in another service. All users in your account can create an authorization, but only a user with the Administrator role can delete an authorization. You can set up and view authorizations within your account on the Authorizations page. {:shortdesc}
{: #create-auth}
You can only grant the level of access that you have as a user of the target service. For example, if you have only viewer access on the service that is going to be accessed, then you can assign only the viewer role for the authorization.
- From the menu bar, click Manage > Access (IAM), and select Authorizations.
- Click Create.
- Select a source and target service for the authorization. The source service is given access to the selected target service.
- Select a role to assign access to the source service that accesses the target service.
- Click Authorize.
Only services that allow this type of access to be granted are available as options. {: note}
{: #remove-auth}