Functional description
This page provides detailed information about all components of the evroc IAM service. For a high-level overview, see the IAM overview.
The evroc IAM service lets you organize your cloud resources and control who can access them. You can create projects to group resources, and use permission sets to grant users access.
Organizations
An organization is the top-level entity in your evroc account. It represents your company or team and provides a unified way to manage access, billing, and policies across your environment.
Every evroc account belongs to exactly one organization. All projects and users exist within this organization.
Projects
Projects are isolated containers for your cloud resources. Use projects to organize resources by team, environment, application, or any structure that fits your needs.
Each project has:
- Its own set of resources (VMs, storage, networking)
- Independent permission sets for access control
- Isolated billing and quota tracking
Permission sets
Permission sets grant users access to resources within a project. Each permission set links a user (identified by email) to a set of permissions.
The IAM service supports admin permissions, which grant full access to manage resources and users within a project.