# Access control to specific resources When you need to assign specific permissions on each resource, you need to create a Policy and specify the Resource correctly. In this tutorial, we will guide you to assign permissions on each server of vServer, for example when you have 2 servers: web1-server, db-server, **and you want User: System1 to have full rights on all Resources of vServer. , but only full rights on Resource:server are web1-server, not allowing operations on the important server db-server** . The model will look like below:

To set up IAM according to the above model, we will have the following steps: **Step 1** : Create User: System1 if you do not have a User Account (note that if you already have User: System1, make sure User: System1 does not have any rights or does not have rights that overlap with the instructions) **Step 2** : Get the ID information of the server web1-server **Step 3** : Create a Policy with the name vServerFullAccessWebServers that allows access to all resources of vServer, but only full rights on web1-server **Step 4** : Attach Policy: vServerFullAccessWebServers to User: System1 **Step 5** : Log in and check the rights of User: System1 Detailed steps are as follows **Step 1: Create User: System1 if you do not have a User Account (note that if you already have User: System1, make sure User: System1 does not have any rights or does not have rights that overlap with the instructions)** Create a User Account by accessing the User Account tab on the IAM management page here [,](https://iam.console.vngcloud.vn/user-accounts) clicking **Create a User Account,** filling in Username and Password information, then clicking **Create User Account**

After successfully creating a User Account, it will be listed on the User Account page as below

**Step 2: Get the ID information of the server web1-server** Visit the server management page here [to](https://hcm-3.console.vngcloud.vn/vserver/v-server/cloud-server) get server ID information, click **Copy ID** at server web1-server to get the ID, save it for use in the next steps.

**Step 3: Create a Policy with the name vServerFullAccessWebServers that allows access to all resources of vServer, but only full rights on web1-server** To create a Policy, go to the Policy tab on the IAM page here [,](https://iam.console.vngcloud.vn/policies) click **Create a Policy** , **name** the Policy: vServerFullAccessWebServers and click **Next step**

Select **Product** : **vserver** and **Actions** : **All vserver actions** to select all vServer actions

Then in the **Resource section,** click on **the Resource arrow** to select Resource information, select **Any** for other Resource types, and **Resource: server** , click **Add a server** to add specific servers that are allowed to operate.

The popup displays you **fill in the server ID information of web1-server** , click **Add** to add.

At this point you will see Resouce information: the server already has the server ID of web1-server. If you want to add more server IDs, continue clicking Add a server to add. Then click **Create Policy** to create the Policy

**Step 4: Attach Policy: vServerFullAccessWebServers to User: System1** After successfully creating Policy: vServerFullAccessWebServers, you proceed to attach this Policy to User: System1, you can do it in User Account or Policy, here we will guide in Policy, **click on the name of the Policy** to go to the details page. Policy details:

**Select the Policy usage tab** and **click Attach** to add User: System1

**Select User: System1** and **click Add**

After adding User: System1 to Policy: vServerFullAccessWebServer, you will see information like below

**Step 5** : Log in and check the rights of User: System1 Now you can log in to User: System1 to check permissions Access vServer here [,](https://hcm-3.console.vngcloud.vn/vserver/v-server/cloud-server) without logging into any account you will be redirected to the sign-in page, select " **Sign-in With IAM User Account** "

Fill in the root user email account information that User: System1 was previously created, IAM username and password information of User: System1, click **Sign-in with IAM User Account**

You will now see that User: System1 will have full rights on server web1-server and other resources of vServer. Accessed web1-server's detail page successfully

Successfully shutdown web1-server:

Accessing db-server details page failed:

Failed to shutdown db-server:

So you have completed decentralizing User: System1 with full rights on all Resources of vServer, but only granting full rights on Resource: server: web1-server, not allowing operations on the important server, db. -server