[IAM] Role

Role is a unit that defines the scope of privileges.

An administrator can create desired roles and assign them to Users who will perform such roles.

The properties set up for a role are as follows:

Role type

Project management privilegethe position to grant roles to users
User• Create your own
• Invited projects and project groups
• Subprojects within the project groups you have privilege to enter
• Invite other users to the project under the project detail page > [Members] tab
• When changing member information, you can shift the type of user’s role
AdminAll projects and project groupsAdd or edit users on the [Admin > Users and permission management > Users] page

Access permission for each page of the Cloudforet service

You can grant different view and manage permissions for each sub menu of each service.

  • View

    View permissions are separately given for each page.

  • Manage

    You can use management features such as create, edit, add, etc. that exist in a selected service menu. (Management features are different for each service/page.)

Reviewing API policy

Policy is an object that defines privilege over a resource when it is attached.

For guidelines on policies, see Policy documents.

Creating roles

(1) Select [Admin > User and permission management > Roles] to enter the role page.

(2) Enter the [Create role] page through the [Create] button at the upper left.


(3) Write a name and description (optional) of the role, and select Role type.


  • The [Name] must be at least 2 characters long.
  • Since [Role type] is an item that cannot be modified once you create it, please make a careful selection.

(4) Set the Page access permission.


(5) To decide what permission to grant to the role that you are creating, select a policy to connect.


For a detailed description on policy connection, see here.

(6) Click the [Create] button to complete role creation.

Viewing roles

You can search for created roles, view them, and review their detailed information.

Getting a list of roles

Roles that have been created can be viewed on the role page.


You can enter a search term to see a list of roles that match your criteria. For a detailed description on advanced search, see here.


Viewing detailed information on roles

When selecting a role in the table of contents, you can check information about the selected role in the [Details] tab below.


Editing roles


(1) Select the role you want to edit from a list of roles, and click the [Edit] button to enter the edit page.


(2) Except for a role type, changes are the same as Create Role.


Deleting roles


(1) Enter the role page.


You can delete multiple roles at once.

(2) Click the [Delete] button to review the list of roles to be removed.


(3) Click the [OK] button to delete the role.