Master & Sub-account and Authorization Management
With the help of enterprise project services, multiple users can use eSurfing Cloud accounts with corresponding permissions for access control, and platform capabilities are available for eSurfing Cloud resource management that matches the multi-level organization and project structure. Users created by an eSurfing Cloud account in "Master & Sub-Account and Authorization Management" are cloud service users with independent identity credentials (passwords and access keys), and they use resources under granted permissions. Sub-users do not own resources and are not charged independently. IAM sub-users' permissions and resources are controlled and paid by their parent accounts. For more information, see Master & Sub-account and Authorization Management - User Guide.
Access Control
You can create a user group and assign policies or roles to the user group. Users in the user group are granted the permissions of the user group. Users can also grant permission to themselves. This process is called authorization. After authorization, users can operate cloud services based on the granted permissions. For details, see IAM Sub-account/User Group/Policy and Enterprise Project.