Enterprise Organization vs Identity and Access Management
Enterprise Organization
Business organization: It is applicable to the management of multi-level structures within the enterprise, such as multiple departments, agents and customers. Each subject is an independent account (with independent billing). These independent accounts have organizational hierarchical relationships, and the upper levels can manage the lower-level finance and resources, and control the operation authority of lower-level accounts.
Scenario 1: Company A has multiple subsidiaries, with the same subject, and Company A and its subsidiaries are not only interrelated as a whole associated with each other, but also operate relatively independently.
Scenario description:
- Both Company A and its subsidiaries want to have separate user accounts, which can be used separately on Baidu AI Cloud.
- Company A and its subsidiaries manage resources independently, and Company A has the right to supervise the subsidiaries and to manage the resources of the subsidiaries.
- Company A and its subsidiaries share the same subject, and Company A pays the bills of Company A and its subsidiaries uniformly.
Scenario 2: Agent B has multiple customers, and the agent has the need to manage these customers; meanwhile, the agent and each customer have the need to manage the resources independently;
Scenario description:
- For the sake of security, Agent B wants the customer to have a separate account for use.
- Agent B has the privilege to supervise the use of the customer's resources.
- If Agent B terminates the contract with the customer, Agent B can terminate the authorization of the customer at any time.
Identity and Access Management
identity and access management: It is applicable to different roles within the business organization, and may grant different privileges to the different working staff to use the products, such as read-only, operation and maintenance as well as management, which can be refined to resource level; also, the child user does not need to pay for the costs generated by operation separately. When your enterprise operates the resources collaboratively by multiple users, you are recommended to use identity and access management.
Application scenario: Account A of an enterprise has bought multiple cloud resources (such as: cloud server, object storage BOS, content delivery network CDN, etc.). The enterprise has many employees, including developers, testing personnel, operation and maintenance personnel, etc., as each employee has different job responsibilities, the privilege required is also different; also, the employees do not need to pay for the operation costs separately.
Scenario description:
- Account A of an enterprise may grant different privileges to the different working staff to use the products, such as read-only, operation and maintenance as well as management; meanwhile, it can refine the control privilege to resource level, such as operation privilege of a certain instance of BCC.
- The enterprise employees use the child user account for login and use, and do not need to pay for the operation costs separately.
Difference
| Difference | Enterprise organization | Identity and Access Management |
|---|---|---|
| Resource affiliation | The resources belong to each account, and it belongs to the account that opens/buys. | Resources belong to the master account and not to sub-users. |
| Fund and bill affiliation | Each account in the enterprise organization is the owner of the funds and can issue bills separately. At the same time, the master account can apply for the opening of financial management authority and uniformly pay the bills of all sub-accounts in the organization by means of fund transfer. | The account is the carrier of funds and billing. Sub-users will not issue separate bills. The resource costs incurred by all sub-users under the account are recorded in the master account. |
| Usage Scenarios | It is applicable to the business organizations, and each subject is a separate account (with a separate bill); all of these separate accounts have organizational hierarchy, the upper layer of which can manage the finance and resources of the lower layer, and control the operational privilege of the accounts at the lower layer. | It is applicable to different roles within the business organization, and may grant different privileges to the different working staff to use the products, such as read-only, operation and maintenance as well as management, which can be refined to resource level; also, the child user does not need to pay for the costs generated by operation separately. When your enterprise operates the resources collaboratively by multiple users, you are recommended to use identity and access management. |
| Difference | Company A has multiple subsidiaries, with the same subject, and Company A and its subsidiaries are not only interrelated as a whole associated with each other, but also operate relatively independently. Scenario description: 1. Both Company A and its subsidiaries want to have separate user accounts, which can be used separately on Baidu AI Cloud. 2.A Company A and its subsidiaries manage resources independently, and Company A has the right to supervise the subsidiaries and to manage the resources of the subsidiaries. 3. Company A and its subsidiaries share the same subject, and Company A has the overall financial settlement right, and Company A pays the bills of Company A and its subsidiaries uniformly. |
Account A of an enterprise has bought multiple cloud resources (such as: cloud server, object storage BOS, content delivery network CDN, etc.). The enterprise has many employees, including developers, testing personnel, operation and maintenance personnel, etc., as each employee has different job responsibilities, the privilege required is also different; also, the employees do not need to pay for the operation costs separately. Scenario description: 1. Account A of an enterprise may grant different privileges to the different working staff to use the products, such as read-only, operation and maintenance as well as management; meanwhile, it can refine the control privilege to resource level, such as operation privilege of a certain instance of BCC. The enterprise employees use the child user account for login and use, and do not need to pay for the operation costs separately. |