Manage role
Roles provide differential access rights to users for managing and accessing organizations and projects. Roles are broadly divided into organizational-level and project-level, and multiple roles can be assigned to a user. For example, a user with the Org Admin role can also take on a specific project member role. The role management functions described in this document are only available to users assigned the following IAM roles.
Manage IAM role
Function | Org Owner | Org Admin | Org Reader | Project Admin | Project Member | Project Reader |
---|---|---|---|---|---|---|
Add Organization Role | ✓ | |||||
Delete Organization Role | ✓ | |||||
Transfer Org Owner role | ✓ | |||||
Add project members and roles | ✓ | ✓ | ||||
Change project role | ✓ | ✓ | ||||
Remove project member | ✓ | ✓ | ||||
View project members | ✓ | ✓ | ✓ |
Manage organization-level role
Organization-level roles include Org Owner, Org Admin, Billing Admin, Billing Manager, Billing Viewer, Trail Viewer, and Alert Center Admin.
For billing service-related roles, higher-level roles encompass all the permissions of lower-level roles, but lower-level roles can also be added in addition to higher-level roles. For example, a Billing Manager role, which includes Billing Viewer permissions, can have the Billing Viewer role added.
Meanwhile, the Org Owner role must be held by one user account within the organization. Consequently, in the IAM (organizational-level) user list, the checkbox and the [Add Organization-level Role] and [Delete Organization-level Role] buttons for users with the Org Owner role are disabled. It's not possible to delete or add the Org Owner role; only direct transfer of the role by the Org Owner to another user is possible.
The organization-level roles are as follows:
Types of organization-level roles
Organizational-level role | Description |
---|---|
Org Owner | The user who applied for organization creation - Acquires the roles of Org Admin and Billing Admin |
Org Admin | Registration and deletion of users, adding and deleting user roles, creating and deleting groups, project creation, etc. - Includes Org Reader permissions |
Org Reader | Views organization and project information, user information, IAM role information |
Billing Admin | Manages billing and views invoices - Includes Billing Manager permissions |
Billing Manager | Views estimated charges for all projects - Includes Billing Viewer permissions |
Billing Viewer | Views estimated charges for specified projects |
Trail Viewer | Views organizational level events in Cloud Trail |
Alert Center Admin | Registers and views alerts and dispatch records of organizational events in Alert Center |
Add organization-level role
Org Admin can add organization-level roles to specific users.
-
Select the IAM menu from the KakaoCloud Console.
-
In the Users tab, select the checkbox for the user to whom you want to add roles, and click the [Add Organization-level Role] button.
-
In the popup, select the organizational level role to add, then click the [Next] button.
Category Description User Input Enter user ID if necessary Add Organizational-level Role Select organization-level role to be newly granted to the user
- For more details, see the IAM roles. -
In the popup, check the user ID and the organization-level role to add, then click the [Add] button.
Remove organization-level role
Org Admin can remove organizational level roles from users.
-
Select the IAM menu from the KakaoCloud Console.
-
In the Users tab, select the checkbox for the user whose role you want to remove, and click the [Delete Organization-level Role] button.
-
In the popup, select the checkbox for the role to delete and click the [Next] button.
Category Description User Input Enter user ID if necessary Delete Organization-level Role Select the organization-level role to delete from the user -
In the popup, check the user ID and the organization-level role to delete, then click the [Delete] button.
-
Check the user list to ensure the user's Organization-level Role has been properly removed.
Transfer Org Owner role
Org Owners can delegate the Org Owner role to only one user account, and the roles of Org Owner, Org Admin, and Billing Admin are transferred together. The method for transferring the Org Owner role is as follows.
Transferring the Org Owner role should fundamentally be done through the KakaoCloud Console. If the existing Org Owner leaves without going through the role transfer process or in other unavoidable situations, please write an inquiry at the Helpdesk.
- Select the IAM menu from the KakaoCloud Console.
- In the Users tab, select the [More] icon for your own account > Transfer Org Owner Role.
- In the popup, enter the user ID to whom you're transferring the role, and click the [Transfer Role] button.
- Check the user list to confirm the changed roles.
Manage project-level role
Project level roles, which allow for management or access to projects, consist of Project Admin and Project Member. To manage project roles, members must first be added to the project.
Org Admin or Project Admin are required for project role management. The method for addition and removal differs depending on whether it's an Org Admin or a Project Admin.
Project Role Types
Project Role | Description |
---|---|
Project Admin | Accesses and controls all resources within the project, manages project member roles |
Project Member | Accesses and controls all or some resources within the project, as authorized |
Project Reader | Views resources within the project for which they have permissions |
Add project member and role
The method for adding users as project members differs for Org Admin and Project Admin.
- For Org Admin
- For Project Admin
-
Select the IAM menu from the KakaoCloud Console.
-
Under the Organization > Projects tab, select the project to which you want to add members.
-
In the Project-level role tab, click the [Manage Project-level role] button.
-
In the popup, enter the required information and click the [Next] button.
Category Description User Input Enter the user ID (email address) of the user to whom you're adding a project role
- Users not belonging to the organization cannot be added to projectsProject-level role Select the project role to grant to the user
- For more details, see IAM roles. -
In the popup, check the ID and the project-level role to apply, then click the [Apply] button.
-
Select the IAM menu from the KakaoCloud Console.
-
Under the Project > Project Members tab, click the [Manage Project-level role] button.
-
In the popup, enter the required information and click the [Next] button.
Category Description User ID Enter the user ID (email address) of the user to whom you're adding a project role
- Users not belonging to the organization cannot be added to projectsProject-level role Select the project role to grant to the user
- For more details, see IAM roles. -
In the popup, check the ID and the project-level role to apply, then click the [Apply] button.
Change project-level role
The method for changing project roles among added users differs for Org Admin and Project Admin.
- For Org Admin
- For Project Admin
-
Select the IAM menu from the KakaoCloud Console.
-
Under the Organization > Projects tab, select the project containing the member whose role you want to change.
-
In the Project-level role tab, select the [More] icon for the user > Manage Project-level role.
-
In the popup, select the project level role to apply, then click the [Next] button.
Category Description User ID Enter the user ID (email address) of the user whose project role you're changing
- If necessary, add more inputProject-level role Select the project role to change
- For more details, see IAM roles. -
In the popup, check the ID and the project-level role to apply, then click the [Apply] button.
-
Select the IAM menu from the KakaoCloud Console.
-
Under the Project > Project Members tab, select the [More] icon for the user > Manage Project-level role.
-
In the popup, select the project level role to change, then click the [Next] button.
Category Description User ID Enter the user ID (email address) of the user whose project role you're changing
- If necessary, add more inputProject-level role Select the project role to change
- For more details, see IAM roles. -
In the popup, check the ID and the project-level role to apply, then click the [Apply] button.
Remove member from project
Removing a user from the project member list also deletes the user's project role. The user must have their project role added again to access the project. The method for removing a user from a project differs for Org Admin and Project Admin.
- For Org Admin
- For Project Admin
-
Select the IAM menu from the KakaoCloud Console.
-
Under the Organization > Projects tab, select the project from which you want to remove a member.
-
In the Project-level role tab, click the checkbox for the user to remove, and click the [Remove] button.
-
In the popup, check the ID and click the [Remove] button.
Category Description User ID Enter the user ID (email address) of the user to remove from the project -
Check the Project Members list to confirm the user has been removed.
-
Select the IAM menu from the KakaoCloud Console.
-
Under the Project > Project Members tab, in the Project-level role tab, click the [More] icon for the user > Remove.
-
In the popup, check the ID and click the [Remove] button.
Category Description User ID Enter the user ID (email address) of the user to remove from the project