The main features provided by IAM include: fine-grained permission management, secure access, batch management of user permissions through user groups, and delegation of resource management to other accounts or eSurfing Cloud services.
Fine-grained Permission Management
With IAM, you can allocate different resources within your account to create IAM users as needed, enabling fine-grained permission management. For example, you can grant user Charlie permissions to manage the VPCs in Project B, while restricting user James to only view VPC data in Project B.
Figure: Permission Management Model
Secure Access
With IAM, you can generate identity credentials for users or applications, eliminating the need to share your account password with others. The system will securely grant access to resources in your account based on the permission details carried in these credentials.
Batch Managing User Permissions Through the User Group
With IAM, you don't need to authorize each user individually. Simply organize user groups, assign permissions to the groups, and then add users to the corresponding groups—users will automatically inherit the group's permissions. If a user's permissions need to be modified, just remove them from one group or add them to another, enabling efficient permission management.
Delegating Other Accounts or Cloud Services to Manage Resources
With the delegation feature, you can assign your operational permissions to more specialized and efficient accounts or eSurfing Cloud services. These trusted entities can then perform routine tasks on your behalf within the scope of the granted permissions.