Update doc to add Permissions required for HPCS operations

[sandeep-at-ibm]

The Doc at https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-manage-access needs more details on the minimum access requirements for various HPCS operations like:

• View the HPCS UI Dashboard on cloud.ibm.com
• Create Keys
• Rotate Keys
• Delete Keys

with the granular roles that have been added to IAM:

[TiffanyLiIBM]

@sandeep-at-ibm - You were referring to the standard plan doc. Please check out the check for UKO instead: https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-uko-manage-access&interface=ui#uko-service-access-roles. The details are in the table shown below. Please let me know whether it solves your problem. Thanks!

[sandeep-at-ibm]

@TiffanyLiIBM The Power Team and the CISO/SOS groups will be using a Standard instance. I think, we need the document - new one if that is going to be the one living - to address the permissions for the Standard instance too.

[TiffanyLiIBM]

@sandeep-at-ibm If it is for the standard plan only, we do have the info in the doc that you referred to: https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-manage-access&interface=ui#service-access-roles.

There are multiple tabs on the table. You can click the ellipsis on the right to switch between tabs.

However, I am confused to see these three roles listed under the standard plan though. They should be specific to the UKO plan: Vault administrator Key custodian - Creator Key custodian - Deployer

@marco - thoughts?

[TiffanyLiIBM]

@sandeep-at-ibm Please let me know whether there are any actions we need to take for this issue. Thanks!

[sandeep-at-ibm]

@TiffanyLiIBM for now I think we are good. Will reopen the issue if required