Skip to Main Content
IBM Cloud - Structured Ideas

This portal is to open public enhancement requests against IBM Cloud and its products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

IBM Cloud Support Center ( – Use this site for any IBM Cloud defect or support need.

Stack Overflow ( – Use this site for IBM Cloud technical Q&A using the tag "ibm-cloud". - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Created by Guest
Created on Jul 14, 2020

IBM Resource Access governance reports

I want to be able to answer a simple question when asked by an Auditor - Who has access to your COS Bucket?

Shockingly there is no way to generate an access report from a resource such as COS to see what service ID's and User ID's have access. If I have 100 users and 100 Service ID's I have to manually click each one and manually try to map user to Access group to access policy. It is unworkable. I do not know how any IBM customers are not screaming about this as it is about as basic requirement as you can get.

Idea priority Urgent
  • Guest
    Jul 17, 2020

    Hi Ben,

    Thank you for coming back on this. I was aware of the export option on the COS instance but that does not tell you (unless I am mistaken) who has access at the bucket level.

    As an example I have 1 COS instance with 20 buckets. Each bucket has different ACL's and permissions set.

    I have users who have direct access to the bucket. I have users and service ID'd that are members of an access group. There are different access policies and they are assigned to different buckets.

    IBM Cloud should have the ability to go to a bucket in COS and easily export or easily tell what users or serviceID's have access to that specific bucket.

    IBM solution is to go to each user and each service ID on a one by one basis and check the access. This is unworkable in an enterprise environment.


  • Guest
    Jul 15, 2020

    Hi Jamie,

    Please take a look at the resource access report capability. The resource access report allows a user to generate a point-in-time report of what identities (users, service ids, access groups) have access to a specific resource in an account. To access this report, you'll navigate to the resource list, select the resource of interest (in this case, a COS instance), and from the actions menu, select "export access report".

    Documentation for this feature is available here:

    Please note, access to this report is governed by access policy. Therefore, only specific users can access this report. Please see required permissions in the documentation.

    Based on your feedback, I believe this feature meets your use case. Please let me know if we still have a gap after you have evaluated this.

    Thank you,

    Ben Lopez

    Offering Manager, Identity and Access Management


    And a couple of screenshots to illustrate my instructions above:

    Resource list:

    Action menu:

    Export Access Report: