Manage roles
A role is a unit that grants users permissions to access and control organization and project resources.
KakaoCloud classifies roles into three levels — organization, project, and service — and roles can be assigned to both users and groups.
Role-based access control (RBAC) works by assigning appropriate roles to users or groups and controlling resource access based on the permissions defined within those roles.
Role design principles
IAM roles define the scope of permissions that users or groups have to access resources.
To ensure both security and operational efficiency, the following principles are recommended:
| Principle | Description |
|---|---|
| 1. Least privilege | - Grant users only the minimum permissions required for their work. - Sub-permissions included in higher roles are applied automatically. |
| 2. Group-based management | - Assign common permissions at the group level. - Assign temporary or exceptional permissions individually. - Example: Assign the Project Member role to the Developer group, and the Object Storage Viewer role to the QA group. |
| 3. Project-level separation | - Separate group roles by project to clarify operational responsibility and access scope. - Example: QA group has the Viewer role only in Project A, while the DevOps group has the Manager role only in Project B. |
| 4. Minimize role overlap | - If multiple roles are assigned for the same resource, permissions are cumulative. - Assign overlapping roles only when permission boundaries or clear separation are required. |
If role changes or revocations occur frequently, managing roles via groups rather than individual users is more efficient.
Manage organization ownership
The user who initially creates an organization is automatically designated as the Organization Owner,
and is granted the Organization Admin and Billing Admin roles.
Ownership can be transferred using the following steps:
- Go to the KakaoCloud Console > Management > IAM.
- In the Users menu, locate the user labeled
Ownerand click Transfer ownership.
※ The Transfer ownership button appears only for the current organization owner. - In the Transfer organization ownership popup, enter the user ID of the new owner and click Transfer.
- Verify the updated ownership and roles in the user list.
If ownership cannot be transferred directly (e.g., due to the previous owner leaving the company),
please contact the Helpdesk.
Assign and modify roles
You can assign or modify roles for users or groups through the IAM or Project Management menus.
- Log in to the KakaoCloud Console.
- Go to the menu that matches your permission level:
- If you have organization-level roles (Organization Admin or IAM Organization Admin):
Management > IAM > Users / Groups / Projects - If you have only project-level roles (Project Admin or IAM Project Admin):
Console Dashboard > Project Management > Users / Groups
- If you have organization-level roles (Organization Admin or IAM Organization Admin):
- Select the target user or group, then click Assign new role or Edit roles.
- In the role assignment window:
- Select a role from the left panel and click
>to add. - To remove an existing role, select it in the right panel and click
<.
- Select a role from the left panel and click
- Multiple roles can be assigned to a single user.
Changes take effect immediately after saving. - You can verify the updated role assignments from the IAM Roles tab or in the user list.
Users not registered in the organization cannot be added directly to a project.
Add them to the organization first before assigning project roles.
Remove roles and members
You can remove roles assigned to a user or group, or remove members from an organization or project.
When a member is removed, all their assigned roles and related permissions are revoked.
- Log in to the KakaoCloud Console.
- Go to the menu that matches your permission level:
- If you have organization-level roles (Organization Admin or IAM Organization Admin):
Management > IAM > Users / Groups / Projects - If you have only project-level roles (Project Admin or IAM Project Admin):
Console Dashboard > Project Management > Users / Groups
- If you have organization-level roles (Organization Admin or IAM Organization Admin):
- Select the user or group, then click Remove user or Edit roles.
- If editing roles, click
<next to a role to remove it.
The permission is revoked immediately, and changes take effect after saving. - If removing the user, confirm the action to complete removal.
The user is deleted from the organization or project, and all associated roles are revoked.
If a user belongs to multiple projects, they must be removed individually from each project.