Help Center> Identity and Access Management> User Guide (Kuala Lumpur Region)> User Guide> User Groups and Authorization> Creating a User Group and Assigning Permissions
Updated on 2022-09-05 GMT+08:00
View PDF

Creating a User Group and Assigning Permissions

As an administrator, you can create user groups, and grant them permissions by attaching policies or roles. Users you add to the user groups inherit permissions of the policies or roles. IAM provides general permissions (such as administrator or read-only permissions) for each cloud service, which you can assign to user groups. Users in the groups can then use cloud services based on the assigned permissions. For details, see Assigning Permissions to an IAM User. For details about the system permissions of all cloud services, see "Permissions".

Prerequisites

Before creating a user group, learn about the following:

  • Understand the basic concepts of permissions.
  • Know "Permissions" provided by IAM.

Creating a User Group

  1. Log in to the IAM console as an administrator.
  2. On the IAM console, choose User Groups from the navigation pane, and click Create User Group in the upper right corner.
  3. On the displayed page, enter a user group name.
  4. Click OK.

    You can create a maximum of 20 user groups. To create more user groups, increase the quota by referring to How Do I Increase My Quota?

Assigning Permissions to a User Group

To assign permissions to a user group, do as follows:

  1. In the user group list, choose Manage Permissions in the row containing the target user group, for example, Developers.
  2. On the Permissions tab page, click Assign Permissions.
  3. Specify the scope. If you select Region-specific projects, select one or more projects in the drop-down list.

    • Global service project: Services deployed without specifying physical regions are called global services, such as Object Storage Service (OBS), and Tag Management Service (TMS). Permissions for these services must be assigned in the global service project.
    • Region-specific projects: Services deployed in specific regions are called project-level services. Permissions for these services need to be assigned in region-specific projects and take effect only for the corresponding regions.
      • All projects: Permissions take effect for both the global service project and region-specific projects, including projects created later.
      • Specific projects: Permissions take effect only for the region-specific projects you select.

  4. Select policies or roles and click OK.