SORACOM Developers

Documents

Default SAM permissions configuration

Overview

Default SAM permissions allow you to apply a default SAM user permission statement to all SAM users in your account. For more information on SAM users and permission statements, refer to the documentation for managing operation access with SAM.

For example, default SAM permissions can be used to:

Usage

Choose “Security” from menu of the user console.

Choose "Security" from the user console

Choose “Default SAM Permission Configuration” from the security’s side-bar menu.

Choose "Default SAM Permission Configuration" from the security

It shows the view of editing the permissions managing rule so please configure that and click the “Save” button.

Configuration view of default SAM permissions

Notice
When configuring default SAM permissions, the applied permissions will take effect the __next__ time each SAM user signs in, and will not be applied to any SAM users that are currently signed in.

Syntax

Please refer to the following documentation about permission statements for configuring access permission:

Permission statements for configuring access permission | SORACOM Developers

The order of permissions rules applying
The “deny” effect always has priority in a permissions rule. Examples are shown below:
  • A SAM user permission statement allows API A while the default SAM permissions denies API A
    • => Access to API A will be denied
  • A SAM user permission statement denies API B while the default SAM permissions allows API B
    • => Access to API B will be denied
  • A SAM user permission statement allows API C and the default SAM permissions also allows API C
    • => Access to API C will be allowed
  • A SAM user permission statement allows API D and default SAM permissions are not configured
    • => Access to API D will be allowed

Default SAM permissions configuration examples are shown below:

Deny access to the Billing API for all SAM users

{
  "statements": [
    {
      "effect": "deny",
      "api": [
        "Billing:*"
      ]
    }
  ]
}

Allow SAM Users to configure their own passwords

{
  "statements": [
    {
      "effect": "allow",
      "api": "User:updateUserPassword",
      "condition": "pathVariable('user_name') == samUserName"
    }
  ]
}

Getting Started

SORACOM Air for Cellular

SORACOM Air for Sigfox

SORACOM Beam

SORACOM Canal/Direct/Door

SORACOM Endorse

SORACOM Funnel

SORACOM Gate

SORACOM Harvest

SORACOM Inventory

SORACOM Junction

SORACOM Krypton

SORACOM Lagoon

Service Detail

Developer Tools

pagetop