# Users & Groups

The **Users & Groups** feature provides core Identity and Access Management (IAM) capabilities within the IONOS Cloud environment. It is designed to support Role-Based Access control (RBAC) by enabling fine-grained management of user identities, group associations, and resource-level permissions.

This tutorial guides you through creating and managing Users, Groups, and Resources in the [<mark style="color:blue;">Virtual Data Center (VDC)</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#virtual-data-center-vdc) via the **User Manager**. You can create new users, add them to user groups, and assign privileges to each group. Privileges either limit or increase your access based on the user role. The **User Manager** lets you control user access to specific areas of your VDC.

{% tabs %}
{% tab title="Users" %}
A user is an individual who can log in to IONOS Cloud. Each user can have different roles based on the privileges assigned. The assigned privileges determine the tasks the user is allowed to perform. For example, administrators can assign roles, manage access tokens, enforce MFA, and track user activity across services. For more information about creating users, see \[<mark style="color:blue;">Create a user</mark>]\(#create-a-user).

#### User access control

A new VDC in the Data Center Designer (DCD) is manageable by contract owners. To assign resource management capabilities to other members in VDC, you can add users and groups and grant them appropriate privileges to work with the data center resources.

{% hint style="info" %}
**Prerequisites:** Make sure you have the appropriate privileges. Only contract administrators and owners can manage users within a VDC.
{% endhint %}
{% endtab %}

{% tab title="Groups" %}
A group is a logical collections of users used to streamline permission assignments. Groups enable scalable access control by allowing roles to be applied collectively rather than individually. This is especially effective in large or dynamic teams.

#### Benefits of user group assignment

When assigning a user to a group, whether you are a contract owner or an administrator, you can:

* [<mark style="color:blue;">Create a new user</mark>](#create-a-user) within DCD and [<mark style="color:blue;">assign the user to a group</mark>](#add-users-to-a-group).
* Assign [<mark style="color:blue;">privileges to the group</mark>](#assign-privileges-to-a-group), so users of the group can access and manage products.
* Manage the resources that members of the group can access. Example: [<mark style="color:blue;">VDCs</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#virtual-data-center-vdc), [<mark style="color:blue;">Images</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#image), [<mark style="color:blue;">Snapshots</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#snapshot), or IP blocks.

**Note:** Administrators do not need to be managed in groups, as they automatically have access to all resources associated with the contract.
{% endtab %}
{% endtabs %}

It encompasses all resources accessible to users or groups. Access permissions can be granted or restricted at the group or individual user level. The DCD also facilitates efficient resource management and visibility into the resources accessible to specific users or groups. Users, such as administrators or contract owners, with create permissions can create resources, which become editable or sharable to non-administrator users in a group only when the resource is associated with the group. For more information about resource sharing, see \[<mark style="color:blue;">Enable or disable access for a resource</mark>]\(#enable-or-disable-access-for-a-resource).

Together, these components form the foundation for secure multi-user access control, secured access, and operational efficiency in IONOS Cloud.

## Create a user

1. In the **DCD**, go to **Menu** > **Management** > **Users & Groups**.
2. Select **Create** in the **Users** tab.
3. Enter the user's **First Name**, **Last Name**, **Email**, and **Password**.

**Note:** — The email address of the new user must be unique.

— The password must adhere to the contract's password policy. For more information, see [<mark style="color:blue;">Manage Password Policy</mark>](https://docs.ionos.com/sections-test/guides/set-up-ionos-cloud/management/identity-access-management/password-policy-management).

4. Select **Create** to confirm.

![Creating a new user in VDC](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-9208a75d464a3a4f2104ead251c21644451a830d%2Fcreate-user.png?alt=media)

{% hint style="success" %}
**Result:** A user is successfully created and listed in the **Users** list.
{% endhint %}

\## Create a group

The creation of groups is useful when you need to assign specific duties to the members of a group. You can create a group and add members to this group. You can then assign privileges to the entire group.

1. In the **Groups** tab, select **Create**.
2. Enter a **Group Name**.
3. Select **Create** to confirm.

**Result:** The group is now created and visible in the **Groups** list. You can now assign permissions, users, and resources to your group.

!\[User groups can be created directly from the Groups tab in the User Manager]\(../../images/management/user-management/create-group.png)

### Assign privileges to a group

1. In the **Groups** tab, select a group from the Groups list.
2. In the **Privileges** tab, select checkboxes next to the privilege name.

{% hint style="info" %}
**Note:** You do not need to save your selections. This action automatically grants or removes privileges.
{% endhint %}

{% hint style="success" %}
**Result:** The group has the required privileges now.
{% endhint %}

!\[Assigning privileges to the group]\(../../images/management/user-management/group-privileges.png)

{% hint style="info" %}
**Note:** To remove the privileges for a group, clear the checkbox next to the privilege name.
{% endhint %}

### Add users to a group

Users are added to your new group on an individual basis. Once you have created a new member, you must assign them to the group.

1. In the **Groups** tab, select the required group.
2. In the **Members** tab, add users from the **Add User** drop-down list.

![Choose a user from the drop-down list and add them to the highlighted group as a member](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-ae4f9ae785cd219f744fa6535e38efd50c7efc87%2Fadd-users.png?alt=media)

{% hint style="success" %}
**Result:** The users are now assigned to the group. These users have privileges and access rights to the resources corresponding to their group.
{% endhint %}

\#### Remove a user from the group

Users can be removed from your group on an individual basis.

1. Select the **Members** tab.
2. Click **Remove User**.

![Remove a user from the group](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-16ee1ea4135d22fff58720d0604f72acc7a0b265%2Fremove-user.png?alt=media)

{% hint style="success" %}
**Result:** This user is now removed from the group.
{% endhint %}

### Assign resources to a group

1. In the **Groups** tab, select the required group.
2. Select the **Resources of Group** tab.
3. Click **Grant Access** and select the resource to be assigned to the group from the drop-down list.

![Select a resource from the Resources of a Group tab to assign to a group of users](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-be345b721d41bd48dbc9f1bc880b8e2ca65ec6e8%2Fassign-resource.png?alt=media)

{% hint style="success" %}
**Result:** The group now has the newly assigned resources. You have enabled **read** access for the selected resource.
{% endhint %}

### Enable or disable access for a resource

Group resource sharing is crucial for managing access and permissions within IONOS Cloud. The primary purpose of assigning a resource to a group in IONOS Cloud is to manage and restrict actions that users (non-administrators) can perform on those resources. Specifically, the actions controlled by group membership are as follows:

| **Access** | **Description**                                                                                                                                                                      |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **View**   | Adding the resource to the list enables users in the specific group to see the resources.                                                                                            |
| **Edit**   | Allows users in the group to manage the resource.                                                                                                                                    |
| **Share**  | Share the resource between the groups of your contract and only those to which you belong. The users belonging to the group with which you share the resource gain view permissions. |

{% hint style="success" %}
**Note:**

* Users created using the IONOS Cloud API `/um/users` [<mark style="color:blue;">endpoint</mark>](https://api.ionos.com/docs/cloud/v6/#tag/User-management/operation/umUsersGet) have limited permissions.
* Resources created by the contract owner are, by default, not visible to users.
* Users cannot see or interact with resources created under the contract owner without being part of a shared group.
  {% endhint %}

Administrators or contract owners can enable resource access to users by selecting the appropriate checkboxes:

* **Edit:** Select the checkbox to allow users in the respective group to edit or manage the resources.
* **Share:** Select the checkbox to share the resource between the groups of your contract, and only those to which you belong. The users of the group gain view permissions.

To restrict access, select the required resource and clear either the **Edit** or **Share** checkboxes or directly click **Revoke Access** to revoke both permissions.

![Enable or disable access for the resources of a group](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-f470d0df8767738bf7655580ea65b59e3d01f93f%2Frevoke-access.png?alt=media)

## Add group to a resource

1. In the **Resources** tab, select a resource from the list.
2. In the **Visible to Groups** tab, click **Add Group**.
3. Select a group from the drop-down list.

![Select the resource you wish to make available to a user group. The group members can now exercise their chosen privileges.](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-abcc859930e563388710d111af08219f3e6e647d%2Fadd-group-resource.png?alt=media)

{% hint style="success" %}
**Result:** This group can now access the allocated resource.
{% endhint %}