A user is an identity for access control, created by an account or a user with permissions. After a user is granted a policy, they can log into the console or use the Access Key to invoke the API to access cloud resources.
The account (also known as the main account) can be regarded as a special user (known as the root user), which is the owner of the Cloud as a Service resource and the main body of resource measurement and resource billing. The main account has all permissions under the account by default.

Create user #

Click on the account avatar in the upper right corner, select "Access Control" in the drop-down menu, enter the access control, and click the New User button on the " User Manage**New User button on the " User Management **" page. We provide a variety of creation methods, including custom creation and invitation of third-party account creation forms.

Custom creation #

1. Fill in the user name and other basic information.
2. For login settings, you can choose whether to access programmatically through a key or log in to the console through a password.
3. Add a permission policy for a user or to a user group.

Invitation mobile phone number #

1. Fill in the invitee's mobile phone number and other information.
2. Add permissions policies in advance for invited users.
3. After submission, an invitation text message will be sent for the mobile phone number, and the invitee can complete the creation after clicking the text message link to supplement the information.

Invite Ocean Engine account #

1. Set the number of users per invitation.
2. Add permissions policies in advance for invited users.
3. Complete the submission, send the generated link to the invitee, and the invitee clicks the link and completes the binding of the Ocean Engine account to complete the creation.

Manage users #

In the user management page , by clicking **user name **or **management **in the operation column, enter the corresponding user management page, where you can edit user basic information, authorize users, and set user access methods.

• Login settings: Set whether sub-users can log in to the console. After opening the console to log in, you need to set a password. And can set sub-user login protection and operation protection rules, binding the MFA device.

• Modify the secure mobile phone or secure mailbox: After changing the secure mobile phone or secure mailbox, a verification text message or email will be sent to the corresponding mobile phone or mailbox. The new mobile phone or mailbox will not take effect until the verification link is clicked. During this period, child users will still use their old mobile phone number or email address for security verification. Please note that the verification link will expire after 24 hours. Please remind the corresponding user to complete the verification in time. If the verification link fails, the user needs to re-verify his secure mobile phone or email in the account management/security settings.

• Authorize users: You can choose to add one or more user groups for this user (the user will inherit the permissions of the user group after joining the user group), or you can directly add one or more policies for the user.