To prevent personal data, such as the username, password, and mobile number, from being accessed by unauthorized entities or individuals, IAM encrypts the data before storing it, controls access to the data, and records all operations performed on the data.
Table 1 lists the personal data collected or generated by IAM.
Type |
Source |
Modifiable |
Mandatory |
|---|---|---|---|
Username |
|
No |
Yes Usernames are used to identify users. |
Password |
|
Yes |
No You can choose between password- and AK/SK-based authentication. |
Email address |
Entered during user creation or credential or email address modification. |
Yes |
No |
Mobile number |
Entered during user creation or credential or mobile number modification. |
Yes |
No |
AK (access key ID)/SK (secret access key) |
Generated during credential setting on the My Credentials page or the IAM console. |
No You cannot modify AK/SK, but you can delete AK/SK and create a new one. |
No AK/SK are used to sign the requests sent to call APIs. |
IAM uses encryption algorithms to encrypt users' sensitive data before storing it.
Personal data is stored in the IAM database after being encrypted. Access to the database is controlled through a whitelist.
IAM records all personal data operations, including adding, modifying, querying, and deleting personal data, and uploads them to Cloud Trace Service (CTS). You can query operation logs at any time.