Service accounts

To facilitate access control for the use of the CelerData Cloud BYOC API and the CelerData Cloud BYOC provider on Terraform, CelerData Cloud BYOC allows you to access them via service accounts.

Service accounts are independent identities that do not depend on any CelerData members. An application key will be invalid if the member it depends on is removed from the CelerData Cloud BYOC account. As for service accounts, changes in members will not affect their access to the services they are integrated with. You can grant privileges to a service account like any member, allowing fine-grained control over privileges.

NOTE

• Only CelerData members with the Member Management privilege can create service accounts and grant privileges to them.
• Service accounts can only be used for CelerData Cloud BYOC API and CelerData Cloud BYOC provider on Terraform. You cannot log in to the CelerData Cloud BYOC console with a service account.

Create a service account

Follow these steps to create a service account:

1. Sign in to the CelerData Cloud BYOC console.

2. In the left-side navigation pane, choose Access Control > Member.

3. On the Members page, click the Service accounts tab.

4. On the Service accounts tab, click Create a service account.

5. In the Generate secret for service account dialog box, enter a name for the service account, and click Generate now.

6. Copy the Client Secret and Client ID, and click Yes, I have finished it to close the dialog box.

   NOTE

   The Client Secret can be viewed only when the service account is created. Make sure that you copy and save the Client Secret before closing the dialog box.

Assign roles to a service account

1. Sign in to the CelerData Cloud BYOC console.
2. In the left-side navigation pane, choose Access Control > Member.
3. On the Members page, click the Service accounts tab.
4. On the Service accounts tab, click the service account to which you want to assign roles.
5. On the detail page of the service account, click the Granted roles tab.
6. On the Granted roles tab, select the role you want to assign from the Assign new role drop-down list, and click Assign.

Use a service account

The usage of a service account is similar to that of an application key.

• For OpenAPI, you need to integrate the Client Secret and Client ID when you obtain the access token.
• For Terraform, you need to integrate the Client Secret and Client ID when you authenticate into the CelerData Cloud BYOC platform.

View a service account

1. Sign in to the CelerData Cloud BYOC console.
2. In the left-side navigation pane, choose Access Control > Member.
3. On the Members page, click the Service accounts tab.
4. On the Service accounts tab, click the service account you want to view.
5. On the detail page of the service account, view the following information:

Field	Description
Service account name	The name of the service account.
Client ID	A unique identifier generated within your CelerData cloud account to identify the service account.
Created at	The date and time at which the service account was created.
Created by	The CelerData Cloud member who created the service account.

Remove a service account

1. Sign in to the CelerData Cloud BYOC console.
2. In the left-side navigation pane, choose Access Control > Member.
3. On the Members page, click the Service accounts tab.
4. On the Service accounts tab, click the service account you want to remove.
5. On the detail page of the service account, click Remove to remove the service account.
6. In the message that appears, click Confirm.

CAUTION

After you remove a service account, you can no longer use it to access the CelerData Cloud BYOC API or the CelerData Cloud BYOC provider on Terraform.