Users & Groups
The Users & Groups feature provides core Identity and Access Management (IAM) capabilities within the IONOS Cloud environment. It is designed to support Role-Based Access control (RBAC) by enabling fine-grained management of user identities, group associations, and resource-level permissions.
This tutorial guides you through creating and managing Users, Groups, and Resources in the Virtual Data Center (VDC) via the User Manager. You can create new users, add them to user groups, and assign privileges to each group. Privileges either limit or increase your access based on the user role. The User Manager lets you control user access to specific areas of your VDC.
A user is an individual who can log in to IONOS Cloud. Each user can have different roles based on the privileges assigned. The assigned privileges determine the tasks the user is allowed to perform. For example, administrators can assign roles, manage access tokens, enforce MFA, and track user activity across services. For more information about creating users, see Create a user.
User access control
A new VDC in the Data Center Designer (DCD) is manageable by contract owners. To assign resource management capabilities to other members in VDC, you can add users and groups and grant them appropriate privileges to work with the data center resources.
Together, these components form the foundation for secure multi-user access control, secured access, and operational efficiency in IONOS Cloud.
Create a user
In the DCD, go to Menu > Management > Users & Groups.
Select Create in the Users tab.
Enter the user's First Name, Last Name, Email, and Password.
Select Create to confirm.

Result: A user is successfully created and listed in the Users list.
Create a group
The creation of groups is useful when you need to assign specific duties to the members of a group. You can create a group and add members to this group. You can then assign privileges to the entire group.
In the Groups tab, select Create.
Enter a Group Name.
Select Create to confirm.
Result: The group is now created and visible in the Groups list. You can now assign permissions, users, and resources to your group.

Assign privileges to a group
In the Groups tab, select a group from the Groups list.
In the Privileges tab, select checkboxes next to the privilege name.
Result: The group has the required privileges now.

Add users to a group
Users are added to your new group on an individual basis. Once you have created a new member, you must assign them to the group.
In the Groups tab, select the required group.
In the Members tab, add users from the Add User drop-down list.

Result: The users are now assigned to the group. These users have privileges and access rights to the resources corresponding to their group.
Remove a user from the group
Users can be removed from your group on an individual basis.
Select the Members tab.
Click Remove User.

Result: This user is now removed from the group.
Assign resources to a group
In the Groups tab, select the required group.
Select the Resources of Group tab.
Click Grant Access and select the resource to be assigned to the group from the drop-down list.

Result: The group now has the newly assigned resources. You have enabled read access for the selected resource.
Enable or disable access for a resource
Group resource sharing is crucial for managing access and permissions within IONOS Cloud. The primary purpose of assigning a resource to a group in IONOS Cloud is to manage and restrict actions that users (non-administrators) can perform on those resources. Specifically, the actions controlled by group membership are as follows:
Access
Description
View
Adding the resource to the list enables users in the specific group to see the resources.
Edit
Allows users in the group to manage the resource.
Share
Share the resource between the groups of your contract and only those to which you belong. The users belonging to the group with which you share the resource gain view permissions.
Note:
Users created using the IONOS Cloud API
/um/users
endpoint have limited permissions.Resources created by the contract owner are, by default, not visible to users.
Users cannot see or interact with resources created under the contract owner without being part of a shared group.
Administrators or contract owners can enable resource access to users by selecting the appropriate checkboxes:
Edit: Select the checkbox to allow users in the respective group to edit or manage the resources.
Share: Select the checkbox to share the resource between the groups of your contract, and only those to which you belong. The users of the group gain view permissions.
To restrict access, select the required resource and clear either the Edit or Share checkboxes or directly click Revoke Access to revoke both permissions.

Add group to a resource
In the Resources tab, select a resource from the list.
In the Visible to Groups tab, click Add Group.
Select a group from the drop-down list.

Result: This group can now access the allocated resource.
Last updated
Was this helpful?