Creating a User Group and Assigning Permissions

As an administrator, you can create user groups, and attach identity policies to assign permissions to the user groups. IAM provides system-defined permissions (such as administrator or read-only permissions) for cloud services. You can directly attach these system-defined identity policies to user groups so that the users in the groups can have permissions defined in the identity policies. For details about the system-defined identity policies of all cloud services, see System-defined Permissions.

Prerequisites

Before creating a user group, learn about the following:

Basic concepts about permissions
For details about the system-defined identity policies of cloud services that use IAM authentication, see System-defined Permissions.

Creating a User Group

Log in to the new IAM console as an administrator.
On the IAM console, choose User Groups from the navigation pane, and click Create User Group in the upper right corner.

Figure 1 Creating a user group
Enter a user group name.
Click OK.

You can create a maximum of 20 user groups. To create more user groups, increase the quota by referring to How Do I Increase My Quota?

Assigning Permissions to a User Group

To assign permissions to a user group, do as follows. If you want to revoke permissions from a user group, see Revoking Permissions of a User Group.

In the user group list, click Authorize in the row that contains the new user group.

Figure 2 Going to the user group authorization page
On the Authorize User Group page, select the permissions to be assigned to the user group.

Figure 3 Selecting permissions
Click OK.

Due to system, cache, and other reasons, the identity policies will be applied several minutes after the authorization is complete.