> For the complete documentation index, see [llms.txt](https://docs.vngcloud.vn/vng-cloud-document/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vngcloud.vn/vng-cloud-document/identity-and-access-management-iam/ung-dung-pho-bien/phan-quyen-truy-cap-vao-tai-nguyen-cu-the.md). # Access control to specific resources When you need to assign specific permissions on each resource, you need to create a Policy and specify the Resource correctly. In this tutorial, we will guide you to assign permissions on each server of vServer, for example when you have 2 servers: web1-server, db-server, **and you want User: System1 to have full rights on all Resources of vServer. , but only full rights on Resource:server are web1-server, not allowing operations on the important server db-server** . The model will look like below:

To set up IAM according to the above model, we will have the following steps: **Step 1** : Create User: System1 if you do not have a User Account (note that if you already have User: System1, make sure User: System1 does not have any rights or does not have rights that overlap with the instructions) **Step 2** : Get the ID information of the server web1-server **Step 3** : Create a Policy with the name vServerFullAccessWebServers that allows access to all resources of vServer, but only full rights on web1-server **Step 4** : Attach Policy: vServerFullAccessWebServers to User: System1 **Step 5** : Log in and check the rights of User: System1 Detailed steps are as follows **Step 1: Create User: System1 if you do not have a User Account (note that if you already have User: System1, make sure User: System1 does not have any rights or does not have rights that overlap with the instructions)** Create a User Account by accessing the User Account tab on the IAM management page here [,](https://iam.console.vngcloud.vn/user-accounts) clicking **Create a User Account,** filling in Username and Password information, then clicking **Create User Account**

After successfully creating a User Account, it will be listed on the User Account page as below

**Step 2: Get the ID information of the server web1-server** Visit the server management page here [to](https://hcm-3.console.vngcloud.vn/vserver/v-server/cloud-server) get server ID information, click **Copy ID** at server web1-server to get the ID, save it for use in the next steps.

**Step 3: Create a Policy with the name vServerFullAccessWebServers that allows access to all resources of vServer, but only full rights on web1-server** To create a Policy, go to the Policy tab on the IAM page here [,](https://iam.console.vngcloud.vn/policies) click **Create a Policy** , **name** the Policy: vServerFullAccessWebServers and click **Next step**

Select **Product** : **vserver** and **Actions** : **All vserver actions** to select all vServer actions

Then in the **Resource section,** click on **the Resource arrow** to select Resource information, select **Any** for other Resource types, and **Resource: server** , click **Add a server** to add specific servers that are allowed to operate.

The popup displays you **fill in the server ID information of web1-server** , click **Add** to add.

At this point you will see Resouce information: the server already has the server ID of web1-server. If you want to add more server IDs, continue clicking Add a server to add. Then click **Create Policy** to create the Policy

**Step 4: Attach Policy: vServerFullAccessWebServers to User: System1** After successfully creating Policy: vServerFullAccessWebServers, you proceed to attach this Policy to User: System1, you can do it in User Account or Policy, here we will guide in Policy, **click on the name of the Policy** to go to the details page. Policy details:

**Select the Policy usage tab** and **click Attach** to add User: System1

**Select User: System1** and **click Add**

After adding User: System1 to Policy: vServerFullAccessWebServer, you will see information like below

**Step 5** : Log in and check the rights of User: System1 Now you can log in to User: System1 to check permissions Access vServer here [,](https://hcm-3.console.vngcloud.vn/vserver/v-server/cloud-server) without logging into any account you will be redirected to the sign-in page, select " **Sign-in With IAM User Account** "

Fill in the root user email account information that User: System1 was previously created, IAM username and password information of User: System1, click **Sign-in with IAM User Account**

You will now see that User: System1 will have full rights on server web1-server and other resources of vServer. Accessed web1-server's detail page successfully

Successfully shutdown web1-server:

Accessing db-server details page failed:

Failed to shutdown db-server:

So you have completed decentralizing User: System1 with full rights on all Resources of vServer, but only granting full rights on Resource: server: web1-server, not allowing operations on the important server, db. -server --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.vngcloud.vn/vng-cloud-document/identity-and-access-management-iam/ung-dung-pho-bien/phan-quyen-truy-cap-vao-tai-nguyen-cu-the.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.