# Users & Groups
The **Users & Groups** feature provides core Identity and Access Management (IAM) capabilities within the IONOS Cloud environment. It is designed to support Role-Based Access control (RBAC) by enabling fine-grained management of user identities, group associations, and resource-level permissions.
This tutorial guides you through creating and managing Users, Groups, and Resources in the [Virtual Data Center (VDC)](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#virtual-data-center-vdc) using the **User Manager**. You can create new users, add them to user groups, and assign privileges to each group. Privileges either limit or increase your access based on the user role. The **User Manager** lets you control user access to specific areas of your VDC.
{% tabs %}
{% tab title="Users" %}
A user is an individual who can log in to IONOS Cloud. Each user can have different roles based on the privileges assigned. The assigned privileges determine the tasks the user is allowed to perform. For example, administrators can assign roles, manage access tokens, enforce MFA, and track user activity across services. For more information about creating users, see [Create a user](#create-a-user).
#### User access control
A new VDC in the Data Center Designer (DCD) is manageable by contract owners. To assign resource management capabilities to other members in VDC, you can add users and groups and grant them appropriate privileges to work with the data center resources.
{% hint style="info" %}
**Prerequisites:** Make sure you have the appropriate privileges. Only contract administrators and owners can manage users within a VDC.
{% endhint %}
{% endtab %}
{% tab title="Groups" %}
A group is a logical collections of users used to streamline permission assignments. Groups enable scalable access control by allowing roles to be applied collectively rather than individually. This is especially effective in large or dynamic teams.
#### Benefits of user group assignment
When assigning a user to a group, whether you are a contract owner or an administrator, you can:
* [Create a new user](#create-a-user) within DCD and [assign the user to a group](#add-users-to-a-group).
* Assign [privileges to the group](#assign-privileges-to-a-group), so users of the group can access and manage products.
* Manage the resources that members of the group can access. Example: [VDCs](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#virtual-data-center-vdc), [Images](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#image), [Snapshots](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#snapshot), or IP blocks.
{% hint style="info" %}
**Note:** Administrators are not required to be added to groups, as they automatically have access to all resources associated with the contract.
{% endhint %}
{% endtab %}
{% tab title="Resources" %}
It encompasses all resources available to users or groups. Access permissions can be granted or restricted at the group or individual user level. The DCD also facilitates efficient resource management and visibility into the resources available to specific users or groups. Users, such as administrators or contract owners, with create permissions can create resources, which become editable, or sharable to non-administrator users in a group only when the resource is associated with the group. For more information about resource sharing, see \[Enable or disable access for a resource]\(#enable-or-disable-access-for-a-resource).
{% endtab %}
{% endtabs %}
Together, these components form the foundation for secure multi-user access control, secured access, and operational efficiency in IONOS Cloud.
## Create a user
1. In the **DCD**, go to **Menu** > **Management** > **Users & Groups**.
2. Select **Create** in the **Users** tab.
3. Enter the user's **First Name**, **Last Name**, **Email**, and **Password**.
{% hint style="info" %}
**Note:** — The email address of the new user must be unique.
— The password must adhere to the contract's password policy. For more information, see [Manage Password Policy](/cloud/set-up-ionos-cloud/management/identity-access-management/password-policy-management.md).
{% endhint %}
4. Select **Create** to confirm.
{% hint style="success" %}
**Result:** A user is successfully created and listed in the **Users** list.
{% endhint %}
## Create a group
Groups facilitate the assignment of specific duties to members. You can create a group, add members to it and assign privileges to the entire group to manage permissions efficiently.
1. In the **Groups** tab, select **Create**.
2. Enter a **Group Name**.
3. Select **Create** to confirm.
{% hint style="success" %}
**Result:** The group is now created and visible in the **Groups** list. You can now assign permissions, users, and resources to your group.
{% endhint %}
### Assign privileges to a group
1. In the **Groups** tab, select a group from the Groups list.
2. In the **Privileges** tab, select checkboxes next to the privilege name.
{% hint style="info" %}
**Note:** Saving your selections is not required. This action automatically grants or revokes privileges.
{% endhint %}
{% hint style="success" %}
**Result:** The group has the required privileges now.
{% endhint %}
{% hint style="info" %}
**Note:** To remove the privileges for a group, clear the checkbox next to the privilege name.
{% endhint %}
### Add users to a group
Users are added to your new group on an individual basis. Once you have created a new member, you must assign them to the group.
1. In the **Groups** tab, select the required group.
2. In the **Members** tab, add users from the **Add User** drop-down list.
{% hint style="success" %}
**Result:** The users are now assigned to the group. These users have privileges and access rights to the resources corresponding to their group.
{% endhint %}
#### Remove a user from the group
Users can be removed from your group on an individual basis.
1. Select the **Members** tab.
2. Click **Remove User**.
{% hint style="success" %}
**Result:** This user is now removed from the group.
{% endhint %}
### Assign resources to a group
1. In the **Groups** tab, select the required group.
2. Select the **Resources of Group** tab.
3. Click **Grant Access** and select the resource to be assigned to the group from the drop-down list.
{% hint style="success" %}
**Result:** The group now has the newly assigned resources. You have enabled **read** access for the selected resource.
{% endhint %}
### Enable or disable access for a resource
Group resource sharing is crucial for managing access and permissions within IONOS Cloud. The primary purpose of assigning a resource to a group in IONOS Cloud is to manage and restrict actions that users (non-administrators) can perform on those resources. Specifically, the actions controlled by group membership are as follows:
| **Access** | **Description** |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **View** | Adding the resource to the list enables users in the specific group to see the resources. |
| **Edit** | Allows users in the group to manage the resource. |
| **Share** | Share the resource between the groups of your contract and only those to which you belong. The users belonging to the group with which you share the resource gain view permissions. |
{% hint style="success" %}
**Note:**
* Users created using the IONOS Cloud API `/um/users` [endpoint](https://api.ionos.com/docs/cloud/v6/#tag/User-management/operation/umUsersGet) have limited permissions.
* Resources created by the contract owner are, by default, not visible to users.
* Users cannot see or interact with resources created under the contract owner without being part of a shared group.
{% endhint %}
Administrators or contract owners can enable resource access to users by selecting the appropriate checkboxes:
* **Edit:** Select the checkbox to allow users in the respective group to edit or manage the resources.
* **Share:** Select the checkbox to share the resource between the groups of your contract, and only those to which you belong. The users of the group gain view permissions.
To restrict access, select the required resource and clear either the **Edit** or **Share** checkboxes or directly click **Revoke Access** to revoke both permissions.
## Add group to a resource
1. In the **Resources** tab, select a resource from the list.
2. In the **Visible to Groups** tab, click **Add Group**.
3. Select a group from the drop-down list.
{% hint style="success" %}
**Result:** This group can now access the allocated resource.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/user-management.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.