Help Center/ Identity and Access Management/ User Guide/ User Group Management/ Managing Permissions of a User Group
Updated on 2026-02-06 GMT+08:00
View PDF

Managing Permissions of a User Group

You can modify or delete permissions of a user group on its details page.

Modifying User Group Permissions

You can view or modify user group permissions on the Permissions page of the IAM console.

  • Modifying the permissions of a user group affects the permissions of all users in the user group.
  • Permissions of the default user group admin cannot be modified.
  1. Click a user group (for example, the developer group) to go to the details page, and view the group permissions on the Permissions tab.
  2. Click Delete in the row that contains the role or policy you want to delete.
    Figure 1 Deleting an assigned permission
  3. Click OK.
  4. On the Permissions tab, click Authorize.
    Figure 2 Assigning permissions to a user group
  5. Select desired permissions and a scope, and click OK.
  6. Go back to the Permissions tab to view the modified group permissions.
    Figure 3 Permissions assigned

Revoking Permissions of a User Group

To revoke a policy or role attached to a user group, do the following:

  1. Log in to the IAM console. In the navigation pane, choose User Groups.
  2. Click the name of the user group to go to the group details page.

    Figure 4 Clicking a user group name

  3. On the Permissions tab, click Delete in the row that contains the role or policy you want to delete.

    Figure 5 Revoking permissions

  4. In the displayed dialog box, click OK.

Batch Deleting Permissions of a User Group

To revoke multiple policies or roles attached to a user group, do as follows:

  1. Log in to the IAM console. In the navigation pane, choose User Groups.
  2. Click the name of the user group to go to the group details page.

    Figure 6 Viewing a user group

  3. On the Permissions page, select the roles or policies you want to delete and click Delete above the list.

    Figure 7 Batch deleting permissions

  4. In the displayed dialog box, click OK.

Managing Identity Policy-based Authorization

To view the identity policy-based authorization on the new console, perform the following operations:

  1. Click the name of a user group to go to the details page.
  2. In the Permissions tab, click Check identity policy-based authorization records. You can assign and delete permissions for the user group in the Permissions tab.
    Figure 8 Checking identity policy-based authorization records

    After you click Authorize in the displayed pane on the left, you will go to the new console. You can assign permissions to the user group using identity policies.

Parent topic: User Group Management