Functional description
This page provides detailed information about all components of the evroc IAM service. For a high-level overview, see the IAM overview.
The evroc IAM service lets you organize your cloud resources and control who can access them. You can create projects to group resources, and use permission sets to grant users access.
Organizations
An organization is the top-level entity in your evroc account. It represents your company or team and provides a unified way to manage access, billing, and policies across your environment.
All projects and users belonging to an organization exist within this entity.
Projects
Projects are isolated containers for your cloud resources. Use projects to organize resources by team, environment, application, or any structure that fits your needs.
Each project has:
- Its own set of resources (VMs, storage, networking)
- Independent permission sets for access control
- Isolated billing and quota tracking
Permission sets
Permission sets grant users access to resources within a project. Each permission set links a user (identified by email) to a set of permissions.
Currently, the IAM service supports only admin permissions, which grant full access to manage resources and users within a project.