| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2021-09-22 |
restrict service id, block users from creating service id, restrict service id creation |
account |
{:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:tip: .tip} {:note: .note} {:important: .important}
{: #restrict-service-id-create}
By default, all members of an account can create service IDs. However, access can be restricted so that only members with the correct access can create service IDs by using the Service ID creation setting. For more information, see Creating and working with service IDs.
{: shortdesc}
{: #enable-restrict-create-service-id}
To turn on the setting to restrict users from creating service IDs, you must have the following assigned access:
- An IAM policy with the
Administrator,Operator, orEditorrole on the IAM Identity Service.
If you turn on the Service ID creation setting, users in your account require specific access to create service IDs, including the account owner. To restrict who can create service IDs, use the following steps:
- In the {{site.data.keyword.cloud_notm}} console, go to Manage > Access (IAM), and select Settings.
- In the Account restrictions section, turn on the Service ID creation setting.
Now that the setting is enabled to restrict users from creating service IDs, you can assign the required access to enable specific users to continue creating service IDs. Remember, the account owner is also required to be assigned this explicit access. {: important}
{: #assign-access-create-service-id-restrict}
If the Service ID creation setting is turned on, only users, including the account owner, assigned the Service ID creator role on the IAM Identity Service can create service IDs.
The quickest way to assign a group of users the required access for creating service IDs is to create an access group and assign the group the required role. For more information about assigning access policies, see Setting up access groups. {: tip}