Roles and permissions
Kakao Cloud IAM uses a role-based access control (RBAC) model,
which classifies roles based on the management scope and purpose of resources such as organizations, projects, and services.
Each role type has a different scope and set of permissions, and multiple roles can be combined for more granular access control.
The following table summarizes the scope and key permissions of each major role type.
| Role type | Scope | Key permissions | Examples |
|---|---|---|---|
| Organization role | Organization level | - Manage users, groups, roles, projects, and billing - Control IAM organization resources | Organization admin, Billing admin |
| Project role | Project level | - Create, modify, delete project resources - Control IAM project resources | Project admin, Project reader |
| Service role | Service level | - Create, manage, and operate service-specific resources | Object Storage manager, Pub/Sub publisher |
IAM-related roles are categorized into organization-level and project-level roles,
each governing different sets of IAM resources.
For example, an organization-level IAM admin can manage users, groups, and roles across the entire organization,
while a project-level IAM admin can manage IAM resources only within a specific project.
- Start by assigning an organization or project role, then add service roles if access to specific services or IAM resources is required.
- IAM roles can be combined with other roles, but should always follow the principle of least privilege.
View role details
Click a role type below to view detailed permissions and components.
📄️ Organization roles
Roles for managing organization-level resources, users, and billing-related functions.
📄️ Project roles
Defines permissions for creating, modifying, deleting, and viewing project resources.
📄️ Service roles
Roles used to manage or restrict permissions for specific cloud service resources.