ZStack Cloud allows you to realize the permission management through the Separation of Three Roles. The permissions of the Super Administrator (admin) is decomposed to the system manager, the security manager, and the security auditor. The system manager is responsible for the resource management; the security manager is responsible for the permission management; and the security auditor is responsible for the audit management. Each role is separated from, restricting and restricted by the other two roles.

The Separation of Three Roles decomposes the permissions of the admin, and makes the Cloud managed by three roles together, which effectively decreases the risks brought by the super power of the admin, and further improves the Cloud security.

ZStack Cloud provides the tenant management feature in a separate module. This module supports the organization structure management, the project-based resource access control, the ticket management, and the independent zone management.

ZStack Cloud provides certificate login feature based on SM algorithm (SM2). If you enable this feature, you need to pass the verification with Ukey before you login to the Cloud, thus ensuring your identity authenticity.

To enable this feature, make sure that you have installed the license of Cryptography Security Compliance, and enabled Certificate Login.

You can enable certificate login for the admin and the tenants. To enable this feature for tenants, make sure that you have installed a license of Tenant Management.