An account is a payment entity and has complete access to all services and resources in the account. To ensure account security, you are advised to create a security administrator to perform routine management tasks.
If a user needs to access resources in your account, you can use the security administrator to create an IAM user and a user group with the minimum permissions, and then add the user to the user group so that the user has the permissions of the user group. The user can use the created IAM user account and their own security credentials (username/password) to access resources in your account based on their permissions, avoiding sharing your account and password with other users and reducing security risks.
The following is an example of how to use IAM.
An account includes three groups of users with different responsibilities. Each responsibility corresponds to a user group: security administrator group (admin), development personnel group, and test personnel group. Each group can contain multiple users, and a user can belong to multiple groups.
Security administrators and users are all IAM users and have different permissions based on the user groups to which they belong. They all have their own security credentials (username/password) to log in to the system.