# Access Management

On region HAN02, you can use 4 types of accounts to access vStorage. Details of these 4 types include:

* **Root User Account:** Is the first account [created](https://register.vngcloud.vn/signup) to access GreenNode with full access to all resource services on GreenNode.
* **IAM User Account, Service Account:** Is an account created from the single Root user account with access rights depending on the access policy set from the Root user account.

<figure><img src="/files/yih2IAiPRxweF2wPq4un" alt=""><figcaption></figcaption></figure>

* **S3 keys:** Is a pair of s3 keys with access key and secret key integrated by vStorage for compatibility with S3 client tools such as s3cmd, s3 SDK,...

<figure><img src="/files/RGAjxZg3IvCgCdbmFvON" alt=""><figcaption></figcaption></figure>

Refer to the table below to get an overview of how accounts work on vStorage:

<table data-full-width="true"><thead><tr><th width="194">Account type</th><th>Access Channel</th><th>Place of Origin</th><th>Default Permission</th><th>Working with project</th><th>Làm việc với bucket</th></tr></thead><tbody><tr><td>Root User Account</td><td>vStorage Portal</td><td>Initialize for the first time when using the service on GreenNode</td><td>Full rights on project and bucket</td><td>Yes</td><td>Yes</td></tr><tr><td>IAM User Account</td><td>vStorage Portal</td><td>IAM Portal</td><td>No access to any resources yet</td><td>Yes, permissions via IAM Policy</td><td>Yes, permissions via Bucket Policy</td></tr><tr><td>Service Account</td><td>vStorage API</td><td>IAM Portal</td><td>No access to any resources yet</td><td>Yes, permissions via IAM Policy</td><td>Yes, permissions via Bucket Policy</td></tr><tr><td>S3 keys</td><td>3rd party software</td><td>vStorage Portal</td><td>Depends on account creation</td><td>No</td><td>Yes, permissions depend on the type of user that created the S3 key</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vngcloud.vn/vng-cloud-document/vstorage/object-storage/object-storage-han02/access-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.