# Role Management

Like users, roles are a type of IAM (Identity and Access Management) identity. An IAM role is a virtual user with no fixed identity authentication key; it can only be used normally when assumed by a trusted entity user.

### Creating a Role

<!-- image-todo -->
![img](https://cdn.udelivrs.com/2025/04/78bc9d636a53c5ee86eb85af219e6fb8_1745749477579.png)<br>

### Authorizing a Role

<!-- image-todo -->
![img](https://cdn.udelivrs.com/2025/04/1c8b955e3d2c4ea15f8c4e476f5d7515_1745749477577.png)<br>

### Using a Role

An IAM user with permission to assume an IAM role can use their access key to call the AssumeRole API, obtain a security token (STS Token) for a specific IAM role, and then use this security token to access SCloud. For more details, refer to [sts](/docs/uproject/sts).