Assigning Permissions to an IAM User

IAM users created without being added to any groups do not have permissions. You can assign permissions to these IAM users on the IAM console. After authorization, the users can use cloud resources in your account as specified by their permissions.

An IAM user obtains permissions from the user groups to which the user belongs. After you attach policies or roles to a group and add a user to the group, the user inherits the permissions defined by the policies or roles.

  • If you do not add an IAM user to any group, the user will not have permissions for accessing any cloud services. For details on how to assign permissions to an IAM user, see Creating a User Group and Assigning Permissions and Adding Users to or Removing Users from a User Group.

  • If you have been added to the default group admin, you have administrator permissions and you can perform all operations on all cloud services.

  • For the system-defined permissions of all cloud services supported by IAM, see "Permissions".

  • If you add a user to multiple user groups, the user inherits the permissions that are assigned to all the groups.

Procedure

  1. In the user list, click Authorize in the row that contains the target user.

  2. On the Authorize User page, select an authorization mode and permissions.

    • Inherit permissions from user groups: Add the IAM user to certain groups to inherit their permissions.

      If you select this option, select the user groups to which the user will belong.

    • Select permissions: Directly assign specific permissions to the IAM user

      If you select this option, select the permissions to be assigned and click Next in the lower right corner to select the authorization scope.

    Note

    • If you add an IAM user to the default group admin, the user becomes an administrator and can perform all operations on all cloud services.

    • If you add a user to multiple user groups, the user inherits the permissions that are assigned to all the groups.

    • For the system-defined permissions of all cloud services supported by IAM, see Permissions.

  3. Click OK.

    You can go to the Permissions > Authorization page and view or modify the permissions of the IAM user.