Home > Storage > ObjectScale and ECS > Product Documentation > ECS IAM Introduction > Introduction
This document provides an overview of ECS IAM functionality. It details the IAM components, such as account management, access management, and the secure token service, and how to grant and restrict access by adding policies to ECS IAM entities.
Note: ECS IAM functionality is supported only for the S3 protocol. ECS IAM policies and settings have no impact when data is accessed through other protocols. Legacy namespaces that use release 3.5 or later are compatible with IAM.
A DSA (https://www.dell.com/support/kbdoc/en-us/000200962) for an ECS IAM security vulnerability has been published to address “an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to gain read access to unauthorized data”. This affects all ECS 3.5.x.x and ECS 3.6.x.x versions. (This is an internal paper: to see the details of this KB, you must request access.)