Identity and Access Management (IAM) provides functions such as user identity authentication, permission assignment, and access control. You can use IAM to securely control users' access to your BMSs.
If you are an enterprise administrator, you are advised to use IAM to create a user and grant permissions to the user. Employees can use the user account to access the system, and you do not need to share your account password or key pair with them. This helps you manage resources efficiently. You can also set account security policies to ensure the security of these user accounts and reduce security risks for your enterprise information.
You can grant refined operation rights to employee accounts to ensure that cloud services are properly used.
A fine-grained authorization policy is a set of permissions. It defines which operations on which cloud resources are allowed. Through a policy, you can customize the permissions to grant to users. After a policy is granted to a user group, users in the group can obtain the rights defined in the policy.
IAM also provides functions such as intra-region resource isolation and entrustment. For details, see Identity and Access Management User Guide.