Creating a User Group and an IAM User

Log in to the IAM console using a master account.
On the IAM console, choose User Groups from the navigation pane, and click Create User Group in the upper right corner.
In the displayed page, enter a user group name.
Return to the user group list and click Authorize in the Operation column.
Select policies or roles and click OK.
Select the service to which the permission applies. Select Optical Character Recognition (OCR) and assign required permissions to the user group.
OCR FullAccess: all permissions, which enables IAM users to subscribe to, unsubscribe from, and use OCR services.

OCR ReadOnlyAccess: the read-only access permission, which enables IAM users to only use but not subscribe to or unsubscribe from OCR services. The master account is required to subscribe to or unsubscribe from OCR services.
Click Next and set the minimum authorization scope for the user group. Click OK.
- All resources: The minimum authorization scope is not set. After authorization, users can use all resources in the account based on their permissions.
- Region-specific projects: After authorization, users can use resources in the selected region projects based on their permissions.
- IAM users can use the resources in the enterprise projects you select, as specified by the permissions. This option is available only when the enterprise project function has been enabled.

Create a user on the IAM console. Click + Create User in the upper right corner and configure basic user information.
Click Next to add the user to the user group.
Click Create.