Skip to content

[Update] IAM cross-account #7900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Verwendung von IAM-Richtlinien mit der OVHcloud API (EN)
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: How to use IAM policies using the OVHcloud API
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2024-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: How to use IAM policies using the OVHcloud API
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: How to use IAM policies using the OVHcloud API
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: How to use IAM policies using the OVHcloud API
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: How to use IAM policies using the OVHcloud API
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: How to use IAM policies using the OVHcloud API
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: How to use IAM policies using the OVHcloud API
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: "Cómo utilizar las políticas de IAM con la API de OVHcloud (EN)"
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: "Cómo utilizar las políticas de IAM con la API de OVHcloud (EN)"
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: "Comment utiliser les politiques IAM via l’API OVHcloud"
excerpt: "Découvrez comment donner des droits d'accès spécifiques aux utilisateurs d'un compte OVHcloud"
updated: 2024-08-21
updated: 2025-06-06
---

## Objectif
Expand Down Expand Up @@ -289,6 +289,16 @@ Vérifiez cela avec `GET /iam/policy`:

Les politiques ont été créées avec succès. Maintenant, "***user1***" peut **effectuer des redémarrages et créer des sauvegardes (snapshots)** sur le VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" peut **effectuer toutes les actions vps à l'exception de la suppression des snapshots** sur le VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Cas des politiques ciblant d'autres comptes clients OVHcloud

Les politiques d'accès peuvent cibler d'autres comptes clients.
Le compte destinataire de cette politique pourra gérer les droits ainsi reçus dans ses propres politiques d'accès, mais ne pourra jamais outrepasser les droits tels que défini dans la politique d'accès.

Par exemple un compte **xx1111-ovh** donnant des droits `vps:apiovh:ips/*` au compte **xx2222-ovh**.
Le compte **xx2222-ovh** pourra donner le droit `vps:apiovh:ips/delete` à ses propres utilisateurs, mais ne pourra jamais donner le droit `vps:apiovh:reboot`.

L'accès au support restera réservé au compte propriétaire de la ressource.

### Identités

Les politiques s'appliquent aux utilisateurs, qui peuvent être des comptes, des utilisateurs ou des groupes d'utilisateurs.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: "Comment utiliser les politiques IAM via l’API OVHcloud"
excerpt: "Découvrez comment donner des droits d'accès spécifiques aux utilisateurs d'un compte OVHcloud"
updated: 2024-08-21
updated: 2025-06-06
---

## Objectif
Expand Down Expand Up @@ -289,6 +289,16 @@ Vérifiez cela avec `GET /iam/policy`:

Les politiques ont été créées avec succès. Maintenant, "***user1***" peut **effectuer des redémarrages et créer des sauvegardes (snapshots)** sur le VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" peut **effectuer toutes les actions vps à l'exception de la suppression des snapshots** sur le VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Cas des politiques ciblant d'autres comptes clients OVHcloud

Les politiques d'accès peuvent cibler d'autres comptes clients.
Le compte destinataire de cette politique pourra gérer les droits ainsi reçus dans ses propres politiques d'accès, mais ne pourra jamais outrepasser les droits tels que défini dans la politique d'accès.

Par exemple un compte **xx1111-ovh** donnant des droits `vps:apiovh:ips/*` au compte **xx2222-ovh**.
Le compte **xx2222-ovh** pourra donner le droit `vps:apiovh:ips/delete` à ses propres utilisateurs, mais ne pourra jamais donner le droit `vps:apiovh:reboot`.

L'accès au support restera réservé au compte propriétaire de la ressource.

### Identités

Les politiques s'appliquent aux utilisateurs, qui peuvent être des comptes, des utilisateurs ou des groupes d'utilisateurs.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: "Come utilizzare le policy di IAM utilizzando l’API OVHcloud (EN)"
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: "Jak korzystać z zasad IAM przy użyciu interfejsu API OVHcloud (EN)"
excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
updated: 2024-08-21
updated: 2025-06-06
---

## Objective
Expand Down Expand Up @@ -288,6 +288,16 @@ Check it via `GET /iam/policy`:

The policies have been created successfully. Now, "***user1***" can **carry out reboots and create snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***". "***user2***" can **execute any vps action except for the deletion of snapshots** on the VPS "***urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net***".

#### Policies targeting other OVHcloud customer account

Access policies can target other OVHcloud customer account.
The targeted account of this policy will be able to manage the rights recieved that way on his own policies, but will never be able to override the rights set on the access policy.

For example an account **xx1111-ovh** giving rights on `vps:apiovh:ips/*` to account **xx2222-ovh**.
Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to his own users, but will never be able to give the right `vps:apiovh:reboot`.

Access to the support will still be reserved to the owner of the resource.

### Identities

Policies apply to users, which can be accounts, users or user groups.
Expand Down
Loading