# Set User Privileges Managed Kubernetes has a group privilege called **Create Kubernetes Clusters**. The privilege must be enabled for a group so that the group members inherit this privilege through group privilege settings. Once the privilege is granted, contract users can create, update, and delete Kubernetes clusters using **Managed Kubernetes**. {% hint style="info" %} **Prerequisite:** Make sure you have one or more **Groups** in the **User Manager**. To create one, see [Create a group](https://docs.ionos.com/sections-test/guides/set-up-ionos-cloud/management/identity-access-management/user-management#create-a-group). {% endhint %} To set user privileges to create Kubernetes clusters, follow these steps: 1. In the DCD, go to **Menu** > **Management** > **Users & Groups**. 2. Select the **Groups** tab in the **User Manager** window. 3. Select the target group name from the **Groups** list. 4. Select the **Create Kubernetes Clusters** checkbox in the **Privileges** tab. ![Set Create Kubernetes Clusters privilege](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-2aa2712cf7d2afe784b3679e99611ca53cf318dc%2Fset-user-privileges-1.png?alt=media) {% hint style="success" %} **Result:** The **Create Kubernetes Clusters** privilege is granted to all the members in the selected group. {% endhint %} ## Revoke user privileges You can revoke a user's **Create Kubernetes Clusters** privilege by removing the user from all the groups that have this privilege enabled. {% hint style="warning" %} **Warning:** You can revoke a user from this privilege by disabling **Create Kubernetes Clusters** for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege. {% endhint %} To revoke this privilege from a contract administrator, disable the administrator option on the user account. On performing this action, the contract administrator gets the role of a contract user and the privileges that were set up for the user before being an administrator will then be in effect.