Overview
User Groups
A user group is a collection of IAM users. User groups allow you to assign permissions to users in the groups, making it easier to manage the permissions for those users.
For example, each account has a preset admin user group by default. This user group has full permissions for all cloud service resources. Any user in the admin user group automatically has the admin group permissions. If a new user joins your organization and requires the admin permissions, you can grant the permissions by adding the user to the admin user group. If a user changes the job responsibilities and no longer needs the admin permissions, you can simply remove the user from the admin group, instead of changing the user's permissions.
To follow the principal of least privilege (PoLP), you are advised to create user groups and grant only the permissions needed for specific tasks to the user groups, rather than directly adding an IAM user to the admin group.
Characteristics of User Groups
- A user group can contain multiple IAM users, and an IAM user can be added to multiple user groups.
- User groups cannot be nested. They can only contain IAM users, not other user groups.
- By default, each account has only one preset admin user group. You can create different user groups for different work functions.
- There are some usage and quantity restrictions on user groups. For example, the number of user groups in an account and the number of IAM users who can be added to a user group are limited. For details, see Notes and Constraints.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
