Manage role

Roles provide differential access rights to users for managing and accessing organizations and projects. Roles are broadly divided into organizational-level and project-level, and multiple roles can be assigned to a user. For example, a user with the Org Admin role can also take on a specific project member role.

The role management described in this document is only available to users assigned the following IAM roles.

Manage IAM role

Function	Org Owner	Org Admin	Org Reader	Project Admin	Project Member	Project Reader
Add organization role		✓
Delete Organization Role		✓
Transfer Org Owner role	✓
Add project members and roles		✓		✓
Change project role		✓		✓
Remove project member		✓		✓
View project members		✓	✓	✓

Manage organization role

Organization roles include Org Owner, Org Admin, Billing Admin, Billing Manager, Billing Viewer, Trail Viewer, and Alert Center Org Manager.
For billing service-related roles, higher-level roles encompass all the permissions of lower-level roles, but lower-level roles can also be added in addition to higher-level roles. For example, a Billing Manager role, which includes Billing Viewer permissions, can have the Billing Viewer role added.
Meanwhile, the Org Owner role must be held by one user account within the organization. Consequently, in the IAM (organizational-level) user list, the checkbox and the [Add Organization-level Role] and [Delete Organization-level Role] buttons for users with the Org Owner role are disabled. It's not possible to delete or add the Org Owner role; only direct transfer of the role by the Org Owner to another user is possible.
The organization roles are as follows:

Types of organization roles

Organizational-level role	Description
Org Owner	The user who applied for organization creation - Acquires the roles of Org Admin and Billing Admin
Org Admin	Registration and deletion of users, adding and deleting user roles, creating and deleting groups, project creation, etc. - Includes Org Reader permissions
Org Reader	Views organization and project information, user information, IAM role information
Billing Admin	Manages billing and views invoices - Includes Billing Manager permissions
Billing Manager	Views estimated cost and bills for all projects - Includes Billing Viewer permissions
Billing Viewer	Views estimated cost and resource usages for all projects
Trail Viewer	Views organizational level events in Cloud Trail
Alert Center Org Manager	Registers and views alerts and dispatch records of organizational events in Alert Center

Add organization role

Org Admin can add organization roles to specific users.

1. Go to KakaoCloud Console > Management > IAM.

2. In the User menu, select a user and click the [More] icon > Add organization role.

3. In the popup, select the role to add and click the [Next] button.

   • For more details, see the IAM role.

4. In the popup, check the information and click the [Add] button.

Remove organization role

Org Admin can remove organizational-level roles from users.

1. Go to KakaoCloud Console > Management > IAM.
2. In the User menu, select a user and click the [Delete organization role] button.
3. In the popup, select the role to delete and click the [Next] button.
4. In the popup, check the information and click the [Delete] button.

Transfer Org Owner role

Org Owners can delegate the Org Owner role to only one user account, and the roles of Org Owner, Org Admin, and Billing Admin are transferred together. The method for transferring the Org Owner role is as follows.

info

Transferring the Org Owner role should fundamentally be done through the KakaoCloud Console. If the existing Org Owner leaves without going through the role transfer process or in other unavoidable situations, please write an inquiry at the Helpdesk.

1. Go to KakaoCloud Console > Management > IAM.
2. In the User menu, select the [More] icon > Transfer Org Owner role.
3. In the popup, enter the user ID to transfer the role, and click the [Transfer role] button.
4. Check the user list to confirm the changed roles.

Manage project role

Project roles, which allow for management or access to projects, consist of Project Admin and Project Member. To manage project roles, members must first be added to the project.

Permissions

Org Admin or Project Admin are required to manage project roles.

Type of project role

Project Role	Description
Project Admin	Accesses and controls all resources within the project, manages project member roles
Project Member	Accesses and controls all or some resources within the project, as authorized
Project Reader	Views resources within the project for which they have permissions

Add project member and role

The method for adding users as project members differs for Org Admin and Project Admin.

For Org Admin

1. Go to KakaoCloud Console > Management > IAM.

2. Click the Project menu and select a project.

3. In the Project role tab, click the [Manage project role] button.

4. In the popup, enter the required information and click the [Next] button.

   Category	Description
   User ID	Enter the user ID (email address) of the user to whom you're adding a project role - Users not belonging to the organization cannot be added to projects
   Project role	Select the project role to grant to the user - For more details, see IAM role.

5. In the popup, check the information and click the [Apply] button.

For Project Admin

1. Go to the KakaoCloud Console > Dashboard > Select project and navigate to the project where you want to add a user.

2. In the selected project, go to Dashboard > Project Management > User.

3. In the User menu, click the [Assign new role] button.

4. On the new role assignment page, enter the required information and click the [Assign] button.

5. Verify the assigned role information by expanding the user list in Dashboard > Project Management > User.

   Item	Description
   User	Enter the user ID (email address) to add a project role - Users not part of the organization cannot be added to the project
   Project role	Select the project role to assign to the user - For detailed permissions by role, refer to IAM roles.

Change project role

The method for changing project roles among added users differs for Org Admin and Project Admin.

For Org Admin

1. Go to KakaoCloud Console > Management > IAM.

2. Go to Project menu, select a project.

3. In the Project role tab, select the [More] icon > Manage project role.

4. Select the project role to apply, then click the [Next] button.

   Category	Description
   User ID	Enter the user ID (email address) of the user whose project role you're changing - If necessary, add more input
   Project role	Select the project role to change - For more details, see IAM role.

5. In the popup, check the ID and the project role to apply, then click the [Apply] button.

For Project Admin

1. Go to KakaoCloud Console > Management > IAM.

2. Go to Project member menu.

3. In the Project role tab, select the [More] icon > Manage Project role.

4. In the popup window, select the project role to change, then click the [Next] button.

   Category	Description
   User ID	Enter the user ID (email address) of the user whose project role you're changing - If necessary, add more input
   Project role	Select the project role to change - For more details, see IAM role.

5. Check the ID and the project role to apply, then click the [Apply] button.

Remove member from project

Removing a user from the project member list also deletes the user's project role. The user must have their project role added again to access the project. The method for removing a user from a project differs for Org Admin and Project Admin.

For Org Admin

1. Go to KakaoCloud Console > Management > IAM.

2. On the Project menu, select a project.

3. In the Project role tab, select a user to remove and click the [Remove] button.

4. In the popup window, check the ID and click the [Remove] button.

   Category	Description
   User ID	Enter the user ID (email address) of the user to remove from the project

5. Check the list to confirm the user has been removed.

For Project Admin

1. Go to KakaoCloud Console > Management > IAM.

2. Go to Project member menu > Project role tab.

3. Click the [More] icon and Remove.

4. In the popup, check the ID and click the [Remove] button.

   Category	Description
   User ID	Enter the user ID (email address) of the user to remove from the project