# Manage User Roles & Permissions Managing user roles, permissions, and objects in **IAM (Identity and Access Management)** allows administrators to precisely control **what each user can access and perform** within ONEWEB applications. These operations are restricted to **Admin users** to ensure centralized governance and compliance. *** ### Prerequisites Before managing roles and permissions, ensure that: * You are logged in with **Admin privileges** * The user account has already been created * Required roles, permissions, and objects exist in the system *** ### Access User Role Management #### Step 1: Open User Profile 1. Go to **IAM** from the **Settings** section in ONEWEB 2. Open the **Admin** menu 3. Select **User Profile** 4. Click the **Expand** button on the user you want to manage

*** ### Adding Roles to a User #### Step 1: Open Role Assignment Click **Add Roles** on the selected user.

*** #### Step 2: Select Roles 1. Select one or more roles from the list 2. Selected roles will appear on the right side 3. Click **Confirm Add Roles**

*** #### Step 3: Verify Role Assignment The assigned roles will now be listed under the user’s profile.

*** ### Removing Roles from a User #### Step 1: Select Role to Remove 1. Select the role you want to remove 2. Click **Remove Roles**

*** #### Step 2: Confirm Removal * Click **Delete UserRoles** to confirm * Or click **Undo** to cancel

*** ### Adding Permissions or Objects Directly to a User > **Note:**\ > Assigning permissions/objects directly to a user should be used **only for exceptions**.\ > Role‑based assignment is the recommended approach. #### Step 1: Open Permission/Object Assignment Click **Add Permission/Object**.

*** #### Step 2: Select Permission or Object 1. Select the required **Permission** and/or **Object** 2. Selected items will appear on the right side 3. Click **Confirm Add Object/Permission**

*** #### Step 3: Verify Assignment The added Permission/Object will appear under the user profile.

*** ### Removing Permission/Object from a User #### Step 1: Select Permission/Object Select the Permission or Object and click **Remove Permission/Object**.

*** #### Step 2: Confirm Removal * Click **Delete Object/Permission** * Or **Undo** to cancel

*** ### Best Practices * Prefer **role‑based assignment** over direct permissions * Use direct object/permission assignment only when necessary * Review user access periodically * Apply **least‑privilege principle** * Document role design for audit and compliance *** ### Summary Managing user roles, permissions, and objects through IAM ensures **secure, auditable, and compliant access control** in ONEWEB. Key points: * Roles define access scope * Permissions control operations * Objects define protected resources * Users inherit access primarily through roles This structured approach supports **enterprise‑grade security governance** on the ONEWEB platform. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onewebstack.com/building-apps/security-and-compliance/authorization-and-access-control/managing-access-control-with-iam/manage-user-roles-and-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.