# Managing Users

When accessing the Impossible Cloud Storage Console as a root user, you can create sub-users to give other people access to the console.

The U**sers** tab serves as the single-source-of-truth for all users registered in your organization. You can **add, filter,** and **delete users** (sub-users) as well as edit the assigned rights, including assigning group memberships, tags, inline policies, access keys, and console access.

{% hint style="info" %}
The **Users** tab is only available for root users - and accordingly also conducting any of the above actions.
{% endhint %}

## Creating a User

To add users, follow these instructions:

1. Navigate to the **Users** tab on the left-pane.
2. Click on the **Add User** button on the top-right of the console.

* Fill in the required **email**
* **(optional)** Fill in **password** to give them access to the console.

{% hint style="warning" %}
Filling in password for sub-users is only applicable when you want to enable console access for the user. The email and password you set up in this section will be used to login to ICSC.

Read our knowledge base article about [How to Use Console Access for Secure Access Management](https://kb.impossiblecloud.com/en/how-to-use-the-console-access-feature-in-icsc) to learn more.
{% endhint %}

* **Inform the recipient** about the account details.

## Deleting a User

To delete users, follow these instructions:

1. Navigate to the **Users** tab on the left-pane.
2. Click on the **delete icon** next to the user.
3. **Confirm** the deletion.

## Managing Users as a Root User

The **root user** has full administrative control, including the ability to manage access and permissions for all sub-users in the account. This includes assigning permissions, managing access keys, and updating user metadata such as tags.

Permissions for sub-users can be managed in two ways:

* **Group-Based Policies**: Sub-users assigned to one or more groups will automatically inherit the permissions defined by the policies attached to those groups.
* **Inline Policies**: Alternatively, policies can be assigned directly to individual users through inline policies. This allows for more granular permission control when group-based management is not sufficient.

Additionally, the root user can also **create or delete access keys** for any sub-user. This facilitates easier key rotation and credential management without requiring direct login access to the sub-user's account.

To manage a sub-user’s settings:

1. Navigate to the **Users** tab in the Console.
2. Click on the desired sub-user to open their management panel.
3. Use the available tabs — **Groups**, **Tags**, **Access Keys**, and **Inline Policies** — to manage each aspect of the sub-user's configuration.

These tools give the root user fine-grained control over user permissions and credentials, helping enforce security and compliance standards efficiently.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.impossiblecloud.com/impossible-cloud-help/security/identity-access-management-iam/managing-users.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.