IAM Overview

Identity and Access Management (IAM) controls who can sign in to your organization and what each person is allowed to do. ZSoftly Public Cloud uses Role-Based Access Control (RBAC): instead of granting permissions to people one by one, you define roles that bundle a set of permissions, then assign a role to each user.

The model

Concept	What it is
Account owner	The primary account holder. Has full access and manages users, roles, and organization-wide settings.
User	A person you invite into your organization. Each user is assigned one role.
Role	A named bundle of permissions (e.g. an Accountant role with billing-only access).
Permission	The ability to perform a specific action or access a specific feature.
Project scope	An optional restriction limiting a user to specific Projects.

How it works

The account owner creates roles with exactly the permissions a job needs. For example, an Accountant role might carry billing permissions only, while a Developer role carries compute and networking permissions.
The owner invites users and assigns each one a role, so they get only the access that role grants.
Access can be scoped to specific Projects, so a user only sees and manages the resources in the Projects they’re authorized for. This pairs RBAC (what actions) with Projects (which resources).

Every account ships with three built-in roles: Owner, Service Administrator, and Service Viewer. You define your own under Roles & Permissions, which also has the full permissions catalog.

Where to manage IAM

All IAM settings live under the Profile area in the portal’s left-hand menu:

Users: invite, edit, re-invite, and deactivate people in your organization.
Roles & Permissions: create custom roles and assign permissions.
Account Security: two-factor authentication and password management.

For personal settings (your own details, theme, time zone, activity logs, login history), see Profile Setup.