This portal is to open public enhancement requests against IBM Cloud and its products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
IBM Cloud Support Center (https://cloud.ibm.com/unifiedsupport/cases/form) – Use this site for any IBM Cloud defect or support need.
Stack Overflow (https://stackoverflow.com/questions/tagged/ibm-cloud) – Use this site for IBM Cloud technical Q&A using the tag "ibm-cloud".
firstname.lastname@example.org - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
Thank you for coming back on this. I was aware of the export option on the COS instance but that does not tell you (unless I am mistaken) who has access at the bucket level.
As an example I have 1 COS instance with 20 buckets. Each bucket has different ACL's and permissions set.
I have users who have direct access to the bucket. I have users and service ID'd that are members of an access group. There are different access policies and they are assigned to different buckets.
IBM Cloud should have the ability to go to a bucket in COS and easily export or easily tell what users or serviceID's have access to that specific bucket.
IBM solution is to go to each user and each service ID on a one by one basis and check the access. This is unworkable in an enterprise environment.
Please take a look at the resource access report capability. The resource access report allows a user to generate a point-in-time report of what identities (users, service ids, access groups) have access to a specific resource in an account. To access this report, you'll navigate to the resource list, select the resource of interest (in this case, a COS instance), and from the actions menu, select "export access report".
Documentation for this feature is available here: https://cloud.ibm.com/docs/account?topic=account-access-report
Please note, access to this report is governed by access policy. Therefore, only specific users can access this report. Please see required permissions in the documentation.
Based on your feedback, I believe this feature meets your use case. Please let me know if we still have a gap after you have evaluated this.
Offering Manager, Identity and Access Management
And a couple of screenshots to illustrate my instructions above:
Resource list: https://cloud.ibm.com/resources
Export Access Report: