# Set User Privileges
Only contract owners, administrators, and users with valid access rights can view, use, or edit resources in a [VDC](https://docs.ionos.com/support/general-information/glossary-of-terms#vdc). These access rights are assigned to groups and are inherited by group members.
## Set access rights and ownership
A resource creator, by default, is the owner of the resource and can specify access rights to it. The **Security** tab of the respective resource displays its ownership details. The following table displays the access rights necessary to access and use a resource:
| **Access rights** | **Users can** |
| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Read** | view and use the resource, but they cannot modify it. Read access is automatically granted as soon as a user is assigned to a group that has this access right. |
| **Edit** | modify and delete the resource. |
| **Share** | share a resource, including their access rights, with the groups to which they belong. |
## Set restrictions using 2-factor authentication
In addition to enabling access to a resource, you can also activate the [2-factor authentication](/cloud/~/revisions/AMiYziCllTKB2y2lmONY/getting-started/basic-tutorials/account-settings.md#set-up-2-factor-authentication) for your data centers and snapshots. Only users authorized with the 2-factor authentication can access the data centers and snapshots and unauthorized users cannot view or access the resources, even if they belong to an authorized group.
Depending on their role, users can set access rights at the resource level and via the **User Manager**.
## Manage access rights at the resource level
{% hint style="info" %}
**Prerequisites:** Only contract owners, administrators, or users with relevant access rights can share the required resource. Other user types have read-only access and cannot provision changes.
{% endhint %}
To manage access rights at the resource level, follow these steps:
1. Log in to the DCD with your username and password.
2. Open the data center:
* Images: **Menu** > **Resource Manager** > **Image Manager** > **Image**.
* Snapshots: **Menu** > **Resource Manager** > **Image Manager** > **Snapshot**.
* IP addresses: **Menu** > **Resource Manager** > **IP Manager**.
* Kubernetes Cluster: **Menu** > **Resource Manager** > **Kubernetes Manager**.
3. Select the required resource in the **Resources** tab.
4. Select **Security** > **Visible to Groups**.
5. From the **+ Add Group** drop-down list, select the required groups to enable access.
6. Select **Read** to allow users to see and use the resource. However, they cannot modify the respective resource.
7. *(**Optional**)* Select further permissions (**Edit**, **Share**). You may only share those permissions that you have.
{% hint style="info" %}
**Note:**
* To restrict or disable access, you can clear the respective checkbox or click **Remove Group**. Remember that, clicking **Remove Group** disables access for all members of the selected group.
* *(**Optional**)* To protect a resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with a 2-factor authentication, select the **2-Factor Protected** checkbox.
{% endhint %}
### Set access rights via the User Manager
Contract owners and administrators can set the access rights and also limit who else can access a resource by defining its permissions in the **User Manager**.
To set access rights via the **User Manager**, follow these steps:
1. Log in to the DCD with your username and password.
2. Go to the **Menu** > **Management** > **Users & Groups**.
3. Select the required resource in the **Resources** tab.
4. Select the **Visible to Groups** tab.
5. From the **+ Add Group** list, add the required groups to enable access.
6. *(**Optional**)* Select **Edit** to enable write access or **Share** to enable resource sharing.
{% hint style="info" %}
**Note:**
* To revoke the permission, you can clear the respective checkbox or click **Remove Group**. Remember that, clicking **Remove Group** disables access for all members of the selected group.
* *(**Optional**)* To protect a resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with a 2-factor authentication, select the **2-Factor Protected** checkbox.
{% endhint %}
### Assigning resources to a group
To assign resources to a group, follow these steps:
1. Log in to the DCD with your username and password.
2. Go to the **Menu** > **Management** > **Users & Groups**.
3. Select the required group in the **Groups** tab.
4. Select the **Resources of Group** tab.
5. Select the required resource by clicking on **+ Grant Access**. This enables read access to the selected resource.
6. *(**Optional**)* Select **Edit** to enable write access or **Share** to enable resource sharing.
{% hint style="info" %}
**Note:** To disable access, you can clear the respective checkbox or click **Revoke Access**.
{% endhint %}
For more information about creating and managing the groups, see [Manage User Access](/cloud/~/revisions/AMiYziCllTKB2y2lmONY/getting-started/basic-tutorials/manage-user-access.md).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ionos.com/cloud/~/revisions/AMiYziCllTKB2y2lmONY/storage-and-backup/block-storage/resource-access-control.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.