A RAM role that is authorized in a product portfolio is an end user. After an end user is granted permissions, the end user can access products in the Service Catalog console. A RAM role that is specified when a constraint is created is a launch role. A launch role is used to launch products. The two types of RAM roles are different.
RAM role | Description | References |
---|---|---|
A RAM role that is authorized in a product portfolio | A RAM role that is authorized in a product portfolio is an end user. After an end user is granted permissions, the end user can view all products in the product portfolios on which the end user has permissions in the Service Catalog console. | Grant the end user the permissions to access the product |
A RAM role that is specified when a constraint is created | A RAM role that is specified when a constraint is created is a launch role. A launch
role is used to launch products.
A RAM role that is specified when a constraint is created does not have the permissions to log on to the Service Catalog console, but has the permissions to perform operations on specific cloud services. The administrator can grant end users only the required permissions to perform operations in the Service Catalog console. This reduces security risks and compliance risks. |
Create a launch role and grant permissions to the launch role |