Help Center> Identity and Access Management> User Guide> IAM Users> Assigning Permissions to an IAM User
Updated on 2022-06-28 GMT+08:00

Assigning Permissions to an IAM User

IAM users created without being added to any groups do not have permissions. You can assign permissions to these IAM users on the IAM console. After authorization, the users can use cloud resources in your account as specified by their permissions.

Procedure

  1. In the user list, click Authorize in the row that contains the target user.

    Figure 1 Authorizing an IAM user

  2. On the Authorize User page, select an authorization mode and permissions.

    • Inherit permissions from user groups: Add the IAM user to certain groups to inherit their permissions.

      If you select this option, select the user groups to which the user will belong.

      Figure 2 Enterprise project function not enabled
    • Select permissions: Directly assign specific permissions to the IAM user. This option is available only when you have enabled the enterprise project function. For details about how to enable this function, see Enabling the Enterprise Project Function.

      If you select this option, select permissions, click Next in the lower right, and then go to 3.

      Figure 3 Enterprise project function enabled
    • If you add an IAM user to the default group admin, the user becomes an administrator and can perform all operations on all cloud services.
    • If you add a user to multiple user groups, the user inherits the permissions that are assigned to these groups.
    • For details on the system permissions of all cloud services supported by IAM, see System Permissions.
    • If you have enabled enterprise management, you cannot create projects in IAM.

  3. On the Select Scope page, select enterprise projects that the IAM user can access. You do not need to perform this step if you have selected Inherit permissions from user groups.
  4. Click OK.

    You can go to the Permissions > Authorization page and view or modify the permissions of the IAM user.