Auditing user access policies

If you are the account owner or have the Editor role or higher on the user management account management service, you can export an access policiy report for each user in your account. The access policy report lists all of the access policies that the user is assigned to as well as the access policies of the access groups that the user is a memeber of.

Auditing user's access policies ensures that you're using the principle of least privilege. The best practice for assigning access is to give the least amount of access that is required. Use the report to determine if the user is assigned to the appropriate access policies, and take the needed action to reduce the number of access policies and inflated access across the account.

Exporting a report

To export the report, complete the following steps:

  1. In the IBM Cloud console, go to Manage > Access(IAM), and select Users.
  2. Click the Actions icon Actions icon > Access report for the user that you want to audit.
  3. Click Download JSON or Download CSV.