IAM provides basic functions such as identity authentication and permission management.
You can control user access permissions to different projects and grant different permissions to users in the same project. For example, you can grant some users the permissions to manage OBS, and grant other users the read-only permission on OBS.
You can use IAM to authorize users in just two steps:
With federated identity authentication, users in your identity authentication system can access your resources directly through an SSO.
You can delegate your operation permissions to another cloud service or a third-party account so that the cloud service or users using the account can help you manage resources under your account efficiently.
Users who have been authenticated by IAM can access other services (for example, RDS, CTS, and OBS) in the cloud system based on the permissions they have been granted.
Users can set policies for login verification and passwords, and configure an ACL to improve the security of user information and system data.