Users and projects#

General information#

The IAM service ensures authorization and authentication for users accessing your company account in K2 Cloud. The service grants users the rights required to use particular cloud resources depending on the tasks and functions. For example, you can allow a particular user to use all infrastructure resources (instances, volumes, network interfaces, etc.), limit user access to object storage only, etc.

Authentication means user identity verification. Each IAM user receives their own login and password to enter K2 Cloud. If necessary, they can also be given their own access key to manage cloud resources using APIs. In order for the user to work with specific services, the relevant privileges must be granted. Authorization ensures that the user has the required rights to work with resources (for details, see the Policies and groups section).

There are two types of cloud services: global and project-specific. The former include billing and IAM, while resources of all other services belong to a particular project. Using projects as high-level containers for resources allows you to provision dedicated cloud infrastructure for a separate company division or specific task.

Users#

In the Users subsection, you can create new users and manage existing ones.

Note

To perform service functions, system user is created, along with the account.

Create user#

To provide a user with access to K2 Cloud resources, do the following:

  1. Go to the section IAM Users.

  2. Click Create.

  3. In the window that opens fill the required fields:

    • ID. User ID has the following format: <username>@<customer>, where customer is the company name specified at the registration in the cloud. User ID may only contain Roman letters, digits, and characters: ., _ and -.

    • Name. Both Roman and Cyrillic letters, as well as various characters, may be used.

    • email. User’s email. It is strongly recommended to always specify user’s email, since notifications of updates, maintenance works, backup errors and other events will be sent to this address.

    • The Require two-factor authentication (2FA) checkbox. When creating a user, you can require them to use mandatory two-factor authentication. In this case, when the user logs in to the cloud for the first time, a requirement to enable 2FA and relevant instructions are displayed.

    • Password. You can automatically generate a password or set your own. When setting a password, take into account requirements for its strength.

  4. Click Create to create the user .

Configure global grants#

You can give the user global grants to the Billing and IAM services.

We recommend give global grants wisely. Users with global grants for the IAM service can manage all IAM service resources: users, projects, policies, etc. Meanwhile, global grants for the billing service enable viewing tariff information, generating charges reports, and configuring related notifications.

Add global grants#

To grant privileges, add a user to an administrator group or enable a necessary policy.

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Open the Global grants tab and click Set up to go to the user’s global grants page.

  4. Open the Groups or Policies tab depending on how you want to grant user privileges. Click Add.

  5. Select the groups/policies you need and click Select to include them in the selection list.

  6. To confirm the action, click Add again.

Revoke global grants#

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Open the Global grants tab and click Set up to go to the user’s global grants page.

  4. Open the Groups or Policies tab depending on how the user privileges were granted.

  5. Select the privileges you want to revoke and click Delete.

  6. In the dialog window, confirm the action.

Configure project privileges#

Important

The Activity log grant allow users to control events in all projects of the company, no matter for which project they’ve been given.

Add user to project#

When adding a user to a project, you can set the privileges for the user in the project right away. Privileges can be granted by including users in the corresponding group or assigning them a policy.

Note

When adding a user to a project, select at least one group or policy.

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Open the Projects tab and click Add.

  4. Select the project to which you want to add a user and click Next to go to the next step.

  5. Select the groups to which you want to add the user and click Select to include them in the Selected groups list. You can skip this step and click Next right away to select policies, though we recommend using groups to grant user privileges.

  6. Select the policies you want to assign to the user and click Select to move them to the Selected policies list.

  7. To add the user to the project, click Create.

Add project privileges#

Note

When adding a user to a project, select at least one group or policy.

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Open the Projects tab.

  4. To add privileges, click Set up next to the respective project.

  5. When on the project privileges page, open the Groups or Policies tab depending on how you want to grant user privileges. Click Add.

  6. Select the groups/policies you need and click Select to include them in the selection list.

  7. To confirm the action, click Add again.

Revoke project privileges#

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Open the Projects tab.

  4. To revoke privileges, click Set up next to the respective project.

  5. When on the project privileges page, open the Groups or Policies tab depending on how the user privileges were granted.

  6. Select the privileges you want to revoke and click Delete.

  7. In the dialog window, confirm the action.

To revoke all user privileges in a particular project, delete the user from the project.

Delete a user from a project#

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Open the Projects tab

  4. Select the project from the list and click Delete.

  5. Confirm the user deletion from the project in the dialog window.

If you want to suspend all user privileges for a while, then inactivate the user.

Set up user profile#

Change user data#

To change user personal data:

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. To edit user data, go to the Information tab and click the edit icon next to the corresponding field:

    • name;

    • email;

    • phone number.

  4. Введите необходимое значение и нажмите на иконку для сохранения.

Change user password#

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Click Change password in the Information tab.

  4. In the dialog window, enter or generate a new password.

  5. To save the password, click Change.

Configure the two-factor authentication enforcement#

You can enable/disable the two-factor authentication enforcement for a user.

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Enable or disable 2FA required in the Information tab.

Disable optional two-factor authentication#

A user can enable two-factor authentication on their own. If necessary, you can disable it.

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. Click Disable 2FA in Information tab.

  4. In the dialog window, confirm the action.

Lock a user#

You can temporarily inactivate a user, for example, when the corresponding position becomes vacant.

  1. Go to the section IAM Users.

  2. Find the user in the list and click the user ID to go to their page.

  3. In the Information tab, set the Status switch to the disabled position. To unlock a user, return the switch to the Active position.

Delete user#

  1. Go to the section IAM Users.

  2. Select the user from the list and click Delete. You can select several users at once for deletion.

  3. In the dialog window, confirm the action.

Alternatively, you can delete a user on its page in the Information tab.

Projects#

You can create projects and manage users in this subsection.

Create a project#

Note

When creating a project, the system user is granted necessary project privileges to perform service functions.

To add a new project:

  1. Go to the section IAM Projects.

  2. Click Create.

  3. In the window that opens, specify a project ID and name. The project ID is used to work with the K2 Cloud’s IAM API. The character constraints are the same as for the user ID.

  4. Click Create again.

Add user to project#

When adding a user to a project, you can set the privileges for the user in the project right away. Privileges can be granted by including users in the corresponding group or assigning them a policy.

Note

When adding a user to a project, select at least one group or policy.

You can add several users at once, in which case they all receive the same privileges. If you want to grant different privileges, then add users separately from one another.

  1. Go to the section IAM Projects.

  2. Find the project in the resource table and click the project ID to go to its page.

  3. Open the Users tab and click Create.

  4. Select the users which you want to add to a project and click Next to go to the next step.

  5. Select the groups whose privileges you want to grant to the users in this project and click Select to include them in the Selected Users list. You can skip this step and click Next to select policies, though we recommend using groups to grant user privileges.

  6. Select the policies you want to assign to the users and click Select to move them to the Selected policies list.

  7. To add the users to the project, click :bdg-primary: Add.

Delete a user from a project#

  1. Go to the section IAM Projects.

  2. Find the project in the resource table and click the project ID to go to its page.

  3. Open the Users tab and select the user from the user table.

  4. To delete a user from the project, click Delete.

  5. In the dialog window, confirm the action.

Delete a project#

Attention

Deleting a project permanently deletes instances, VPCs, volumes, and other project resources. This action cannot be undone, so only delete a project when absolutely necessary.

  1. Go to the section IAM Projects.

  2. Select the project in resource table.

  3. Click Delete.

  4. In the window that opens, the cloud will once again ask you to confirm the project deletion. Enter the name of the project to be deleted, if you definitely want to do so.

  5. Click Yes, delete the project to complete the operation.

Alternatively, you can delete a project on its page in the Information tab.