IBM Cloud Docs
Managing authorizations to grant access between services

Managing authorizations to grant access between services

Use IBM Cloud® Identity and Access Management (IAM) to create or remove an authorization that grants IBM Cloud Logs access to work with other services.

Authorizations

In a service to service (S2S) authorization:

  • The source service is the service that is granted access to the target service.

  • The roles that you select define the level of access for the source service.

  • The target service is the service that you are granting permission to be accessed by the source service based on the roles that you assign.

  • A source service can be in the same account where the authorization is created or in another account.

  • The target service is always in the account where the authorization is created.

    You can view whether the source service is located in the current account or another account by viewing the Source account column for the specific authorization on the Authorizations page in the IBM Cloud® console.

The following table lists the different S2S authorizations that you might need when you use the IBM Cloud Logs service:

S2S authorizations.
S2S Authorization Source service Target service
Authorize access to read and write data into the data bucket IBM Cloud Logs IBM Cloud Object Storage
Authorize access to read and write data into the metrics bucket IBM Cloud Logs IBM Cloud Object Storage
Authorize sending logs to a tenant IBM® Cloud Logs Routing IBM Cloud Logs
Authorize access to the IBM Cloud Event Notifications service IBM Cloud Logs IBM Cloud Event Notifications
Authorize access to the IBM® Event Streams for IBM Cloud® service IBM Cloud Logs IBM® Event Streams for IBM Cloud®

For more information, see Using authorizations to grant access between services.

Permissions to manage authorizations

You must have access to the target service to manage authorization between services.

The autorization that you define for the IBM Cloud Logs service requires that you have Administrator role for the target service.

The following table outlines the permissions that are needed on the target service to be able to define an authorization:

Actions on the target service that are required to manage authorizations
Action Administrator Operator Editor Viewer
View all authorizations that are configured in the account Checkmark icon
Create authorizations Checkmark icon
Delete authorizations Checkmark icon

Users can only see authorizations that they configure in the account.

Creating an authorization

Choose one of the following options to create a S2S authorization:

Removing an authorization

Choose one of the following options to remove a S2S authorization: