The page has been translated by Gen AI.

Role

Users can create a role with separate permissions and switch from their own account to another role to access the Account.

Create Role

To create a role, follow the steps below.

Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
On the Service Home page, click the Role menu. Navigate to the Role List page.
On the Role List page, click the Create Role button. You will be taken to the Create Role page.

On the Role Creation page, enter the information required to create a role, then click the Create button.

Please enter Basic Information Input.

Category

Category	Whether required	Detailed description
Role Name	Required	Enter the role name using English letters, numbers, and special characters (`+=-_@,.`) within 64 characters
description	Selection	Enter a description of the role within 1,000 characters.
Maximum session duration	Required	Enter the session time allowed for the user when switching roles in the console Select duration: 1 hour, 2 hours, 4 hours, 8 hours, 12 hours Enter duration: can be entered in seconds from 3,200 seconds (1 hour) to 43,200 seconds (12 hours)

Whether required

Detailed description

Role Name

Required

Enter the role name

using English letters, numbers, and special characters (+=-_@,.) within 64 characters

description Selection Enter a description of the role within 1,000 characters.

Maximum session duration

Required

Enter the session time allowed for the user when switching roles in the console

Select duration: 1 hour, 2 hours, 4 hours, 8 hours, 12 hours

Enter duration: can be entered in seconds from 3,200 seconds (1 hour) to 43,200 seconds (12 hours)

Table. Role Creation Basic Information Items

Connect performing entity.

Category	Required status	Detailed description
Category	Required	Select the execution entity Current Account, Other Account, User SRN, Credential Provider, Service
Value	Required	Enter the Value for the principal Current Account: display the current Account ID Other Account: enter the Account ID to use this role User SRN: enter the SRN of the user registered in the Console Credential Provider: select the credential provider name Service: API Gateway, Config Inspection can be selected
Add	Select	Button to add an executor Up to 20 connections can be added

Category

Required status

Detailed description

Category

Required

Select the execution entity

Current Account, Other Account, User SRN, Credential Provider, Service

Value

Required

Enter the Value for the principal

Current Account: display the current Account ID

Other Account: enter the Account ID to use this role

User SRN: enter the SRN of the user registered in the Console

Credential Provider: select the credential provider name

Service: API Gateway, Config Inspection can be selected

Add

Select

Button to add an executor

Up to 20 connections can be added

Table. Role creation execution subject connection items

Connect the policy.

Category	Required	Detailed description
policy	Required	Select the policy to attach to the role When you select the checkbox, the selected policy name is displayed at the top of the list You can cancel the policy by clicking the X button next to the policy name added at the top of the list, or by unchecking the checkbox in the policy list If there is no policy to attach, you can first register a new policy by clicking the Create Policy item at the bottom of the policy list After creating the policy, refresh the policy list and then you can select the created policy For detailed information on policy creation, refer to 정책 생성하기

Category

Required

Detailed description

policy

Required

Select the policy to attach to the role

When you select the checkbox, the selected policy name is displayed at the top of the list
You can cancel the policy by clicking the X button next to the policy name added at the top of the list, or by unchecking the checkbox in the policy list

If there is no policy to attach, you can first register a new policy by clicking the Create Policy item at the bottom of the policy list
- After creating the policy, refresh the policy list and then you can select the created policy
- For detailed information on policy creation, refer to 정책 생성하기

Table. Role creation policy mapping items

Please enter Additional Information.
Category
Required status
Detailed description
tag Select Tags to add to the role
tags can be added up to a maximum of 50 per resource
Table. Role creation additional information items

When the popup notifying role creation opens, click the Confirm button.

Category	Required status	Detailed description
tag	Select	Tags to add to the role tags can be added up to a maximum of 50 per resource

View role details

On the Role List page, you can view and edit the detailed information of the selected role.

To view detailed information about the role, follow these steps.

Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
On the Service Home page, click the Role menu. You will be taken to the Role List page.
On the Role List page, click the credential provider you want to view. You will be taken to the Credential Provider Details page.
- Role Details page displays basic information and consists of Basic Information, Responsible Entity, Policy, Tag tabs.

Basic Information

You can view and edit the basic information of the role.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource name In the role, it means the role name
Resource ID	Unique Resource ID
constructor	User who created the service
Creation date	Service creation timestamp
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
Role Name	Role name
description	Description of the role proof provider Edit Click the button to modify the description
Maximum session duration	Role session duration allowed for IAM users who assume a role in the Console Click the Edit button to change the duration Select duration: 1 hour, 2 hours, 4 hours, 8 hours, 12 hours Duration input: can input in seconds from 3,200 seconds (1 hour) to 43,200 seconds (12 hours)

Table. Role Details - Basic Information Tab Items

Executing entity

You can identify and manage the entity that performs the role.

Category	Detailed description
Category	Executor name
Value	Value for the executing entity
Edit performer	Button to edit the performer When the button is clicked, navigate to the Performer Connection page For more details about performer connection, see Manage Performer

Category

Detailed description

Category

Executor name

Value

Value for the executing entity

Edit performer

Button to edit the performer

When the button is clicked, navigate to the Performer Connection page

For more details about performer connection, see Manage Performer

Table. Role Details – Responsible Party Tab Items

Policy

Category	Detailed description
Disconnect	Detach the selected policy from the role Enable when a policy is selected from the policy list
Policy connection	Connect a new policy to a role When the button is clicked, navigate to the Policy Connection page For more details about policy connection, see Policy Connection reference
Policy Name	Policy name Click the policy name to view the policy detail page
type	Types of policies
description	Explanation of the policy
Modification date and time	Date and time of the last policy modification

Table. Role Details - Policy Tab Items

Category	Detailed description
Tag list	Tag list You can view the Key and Value information of tags Up to 50 tags can be added per resource When entering a tag, you can search and select from the list of previously created Keys and Values

Manage Roles

You can change a role’s basic information, as well as edit or delete its principal, attached policies, and tag information.

Edit Basic Information

You can modify the maximum session duration and description in the role details. To edit the basic information, follow these steps.

Click the All Services > Management > IAM menu. Navigate to the Service Home page of Identity and Access Management (IAM).
On the Service Home page, click the Role menu. You will be taken to the Role List page.
Role List page, click the user role name to edit its basic information. Role Details page will be opened.
After confirming the basic information to edit on the Role Details page, click the Edit button.
- Maximum Session Duration: You can set the role session duration allowed for IAM users who switch roles in the Console. When you click the Edit button, the Edit Maximum Session Duration popup opens.
- Description: You can edit the description of the role. Edit button click opens the Edit Description popup window.
After editing the content to be changed in the popup window, click the Confirm button.

Managing the execution entity

You can add, modify, or delete the role’s performer.

To manage the role’s performer, follow these steps.

Click the All Services > Management > IAM menu. Navigate to the Service Home page of Identity and Access Management (IAM).
On the Service Home page, click the Role menu. You will be taken to the Role List page.
On the Role List page, click the user name to edit the performer. You will be taken to the Role Details page.
Click the Performer tab on the Role Details page. Navigate to the Performer tab.
In the Executor tab, click the Edit Executor button. You will be taken to the Edit Executor page.

Edit Performer page, after editing the performer, click the Complete button. A popup notifying the performer edit will open.

Category	Required	Detailed description
Category	Required	Select the execution entity Current Account, Other Account, User SRN, Credential Provider, Service
Value	Required	Enter the Value for the principal Current Account: Display the current Account ID Other Account: Enter the Account ID to use this role User SRN: Enter the user’s SRN registered in the Console Credential Provider: Select the credential provider name Service: API Gateway, Config Inspection selectable
Add	Select	Button to add a responsible party You can add up to 20 connections You can delete an added responsible party by clicking its X button

Category

Required

Detailed description

Category

Required

Select the execution entity

Current Account, Other Account, User SRN, Credential Provider, Service

Value

Required

Enter the Value for the principal

Current Account: Display the current Account ID

Other Account: Enter the Account ID to use this role

User SRN: Enter the user’s SRN registered in the Console

Credential Provider: Select the credential provider name

Service: API Gateway, Config Inspection selectable

Add

Select

Button to add a responsible party

You can add up to 20 connections

You can delete an added responsible party by clicking its X button

Table. Execution subject modification items

In the popup that notifies you of a performer entity edit, click the Confirm button. You can verify the edited performer in the list on the Performer tab.

Manage Policies

You can attach a policy to a role or detach an attached policy.

Connect Policy

You can attach policies to a role.

To attach a policy to a role, follow these steps.

All Services > Management > IAM menu, click it. Navigate to the Service Home page of Identity and Access Management (IAM).
On the Service Home page, click the Role menu. You will be taken to the Role List page.
On the Role List page, click the role name to which you want to attach a policy. You will be taken to the User Details page.
On the Role Details page, click the Policy tab. Go to the Policy tab.
In the Policy tab, click the Policy Connection button. You will be taken to the Policy Connection page.

After selecting the policy to attach to the role, click the Complete button. A popup notifying the policy attachment will appear.

Category	Detailed description
Linked policy	Display policies attached to the role
policy	Select a policy to attach to the role from the list of policies registered in the Account When you select the checkbox, the selected policy name appears at the top of the list You can remove the policy by clicking the X button added at the top of the list or by unchecking the checkbox in the policy list If there is no policy to attach, you can first create a new policy by clicking the Create Policy item at the bottom of the policy list After creating the policy, refresh the policy list and then you can select the newly created policy For details on creating policies, see Create Policy reference

Category

Detailed description

Linked policy

Display policies attached to the role

policy

Select a policy to attach to the role from the list of policies registered in the Account

When you select the checkbox, the selected policy name appears at the top of the list

You can remove the policy by clicking the X button added at the top of the list or by unchecking the checkbox in the policy list

If there is no policy to attach, you can first create a new policy by clicking the Create Policy item at the bottom of the policy list
- After creating the policy, refresh the policy list and then you can select the newly created policy
- For details on creating policies, see Create Policy reference

Table. Policy Connection Details

Click the Confirm button in the popup that notifies you of the policy connection. You can view the connected policies in the list on the Policy tab.

Disconnect Policy

You can detach policies attached to a user.

To detach the policy linked to a user, follow these steps.

Click the All Services > Management > IAM menu. Navigate to the Service Home page of Identity and Access Management (IAM).
Service Home page, click the Role menu. You will be taken to the Role List page.
On the Role List page, click the role name to detach the policy connection. You will be taken to the Role Details page.
On the Role Details page, click the Policy tab. You will be taken to the Policy tab.
After selecting the policy to disconnect from the policy list, click the Disconnect button. A popup notifying the disconnection will appear.
After reviewing the policy information that will be disconnected, click the Confirm button. The policy connection will be terminated.

Managing Tags

You can add, edit, or delete tags for a role.

Follow the steps below to manage role tags.

Click the All Services > Management > IAM menu. Navigate to the Service Home page of Identity and Access Management (IAM).
On the Service Home page, click the Role menu. You will be taken to the Role List page.
On the Role List page, click the role name to edit tag information. You will be taken to the Role Details page.
On the Role Details page, click the Tag tab. You will be taken to the Tag tab.
On the Tag tab, click the Edit Tag button.
After adding or editing a tag, click the Save button. A popup notifying the tag edit will open.
- You can modify the Key and Value of an already registered tag.
- Click the Add Tag button to add a new tag.
- Click the X button in front of the added tag to delete that tag.
Click the Confirm button. You can view the edited tag information in the list.

Switch role

To switch roles in the Samsung Cloud Platform Console, follow these steps.

Click the profile-shaped button at the top right of the Console. The My Menu popup window opens.
In the My menu popup, click the role switch button. The role switch popup opens.

Role Switch After entering the role switch information in the popup window, click the Confirm button.

Category	required or not	Detailed description
Account ID	Required	Enter the Account ID the user wants to assume via role switching.
Role Name	Required	Enter the role name the user wants to switch to.
alias	Select	Name to use when a user enters through role switching
Color	Required	Select the color to use as the Account background when entering a role No selection: Apply the existing Account background color

Table. Role transition information items

When the popup notifying a role change opens, click the Confirm button.

Check role

You can view the switched role information by clicking the profile-shaped button at the top right of the console.

Provided features	explanation
Account ID	Account ID logged in to Samsung Cloud Platform Console
Role Name	Alias set when switching roles When an ID Center user accesses with a role, display as Permission Set Name Display session expiration time at the bottom
Time zone	User-set time zone Example: Asia/Seoul (GMT +09:00) Click Edit Time Zone to modify
Account	Account information For more details, refer to Account
Cost Management	You can view usage and billing details, payment history, and cost analysis, and manage Credit, budget, Account, and payment methods For more information, see Cost Management
Login user information	IAM user name after role assumption and the user’s Account ID
Switch to my account	Switch to the IAM user account and go to the Console Home page After switching roles, display
Role Switching	Can switch to another role For more details, see Switch Role
Logout	Log out from Samsung Cloud Platform Console

Table: My Info item when switching roles

Delete role

To delete a role, follow these steps.

Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
Service Home page, click the Role menu. You will be taken to the Role List page.
On the Role List page, click the role name to delete. Navigate to the Role Details page.
On the Role Details page, click the Delete Role button.
The role is deleted, and you are redirected to the Role List page.

To delete multiple roles at once, follow these steps.

Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
On the Service Home page, click the Role menu. You will be taken to the Role List page.
Check the roles to delete from the role list.
Verify the selected role and click the Delete Role button.
The selected role is deleted and the Role List page is refreshed.

Policy

Credential Providers