Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

How to Use the "Console Access" Feature for Secure User Management in ICSC

The Console Access feature enables Impossible Cloud Storage users to control who can sign in to ICSC.

Overview - The Two Types of Access

When you create an IAM user (sub-user) in Impossible Cloud Storage Console (ICSC), you can grant them two distinct types of access:

  1. Programmatic access: This gives the user an access key ID and a secret key. These keys are used by machines, applications, or scripts (like a backup tool) to authenticate and interact with Impossible Cloud Storage via the API. This is enabled for all users.
  2. Impossible Cloud Storage Console access: This gives the user a Login Profile, which is a username and password that allows them to sign in to ICSC. This is for human-driven tasks and can be disabled.

The “Console Access“ controls the provisioning of Login Profiles for IAM Users. This means that having access to login to ICSC is optional. 

Controlling the login access to ICSC enables even more granular access management to have the least privilege permissions to do their duties. Users without console access permission can still programmatically access Impossible Cloud Storage using the access key and secret key, which can be managed by the root user.

A root user is the primary account in Impossible Cloud Storage with full administrative privileges to manage the storage space and creating new identity and access for the entire organization.

  1. Each organization receives one root user.
  2. The root user has the ability to configure all IAM (Identity and Access Management) features, including creating sub-users, defining groups, and assigning permissions through policies.
  3. The root user have access to all resources within the organization.

Sub-users have restricted access based on the policy that is assigned to them or to their group, while the root user always retains full control over all resources.

How It Works

When creating a user, you can choose to enable/disable console access. The console access is enabled by default, but you can change the console access status during or after user creation.

The user password is optional. The password is only used to login to ICSC. Hence, you do not need to set a password if the console access is disabled.

Best Practice and Tips

A foundational concept in cybersecurity is the Principle of Least Privilege. This principle dictates that any user or application should only be granted the bare minimum permissions required to perform its specific function.

This rule should extend to all types of permissions, including ICSC access. For users or services that only need programmatic access for automated tasks, their console access should be disabled. The login capability should only be enabled when absolutely necessary for a user's designated role, as doing so significantly reduces the system's attack surface and minimizes security risks.

Follow the link to our guide about How to Set Up a Secure Programmatic Access to Impossible Cloud Storage for Backup Applications to learn more.