Reviewing Access Rights in Your Outscale Account

You can review the access rights of your account and EIM users using OUTSCALE’s UAR (User Access-Rights Review) tool. UAR enables you to get information about the managed and/or inline policies applied to your root account and your EIM users.

Using UAR

Before you begin: Install the UAR tool. See the UAR GitHub repository.

Authentication

UAR requires three mandatory parameters for authentication:

  • your access key ID,

  • the corresponding secret key,

  • the region where your account is.

The credentials used can be those of the root account or an EIM user with wide read access.

You can add these three parameters directly in the command line, following the basic command:

Request sample
uar --osc-access-key ABCDEFGHIJ0123456789 --osc-secret-key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --osc-region eu-west-2

You can also set these parameters as environment variables, so that you do not have to add them to the command every time:

Request sample
export OSC_ACCESS_KEY=ABCDEFGHIJ0123456789
export OSC_SECRET_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
export OSC_REGION=eu-west-2

Basic Command

To review the access rights of your root account and EIM users, use the uar command:

Request sample
uar

The command returns a detailed inventory of all the managed and/or inline policies applied to your account and EIM users. This inventory lists the actions allowed or denied by the policy and the resources concerned by said action. For more information about the contents of an EIM policy, see EIM Policy Elements.

Any action not explicitly allowed is denied (Implicit Deny). If both Allow and Deny exist, the Deny always overrides the Allow (Explicit Deny).

By default, reports are saved in the current directory with the following files:

  • uar_report.csv

  • uar_report.json

  • uar_report.cypher

Options

You can add several elements to the basic command:

  • You can filter the returned information by user ID and/or resource ID.

    Request sample
    uar --osc-user-id 123456789000 --osc-resource-id vol-123456

  • You can customize the output path and file name (default: uar_report).

    Request sample
    uar --report-path /reports/my_custom_report

  • You can limit the number of resources shown in the CLI (default: 10).

    Request sample
    uar --max-resources-display-on-cli 5

Related Pages

Export to PDF