# Create Policies for IAM User Account To create a policy for accessing vStorage resources, follow the steps below: 1. Log in to [https://iam.console.vngcloud.vn/](https://iam.console.vngcloud.vn/]\(https://iam.console.vngcloud.vn/\)) using your Root User Account. 2. Select the **Policy** directory. 3. Choose **Create a Policy.** 4. Enter a **Name** and **Description** for the Policy. 5. Select **Next step**. 6. Choose the **Product** as **vstorage-hcm03**. 7. Select **Actions**: 1. Choose **Allow permissions** (system default): The system will always enable permissions, meaning it allows the selected actions. If you disable this mode, the system will deny (reverse) the corresponding permissions. 1. **Allow permissions**: Allow access based on the selected actions. 2. **Deny permissions**: Deny access based on the selected actions. 2. Choose **All vstorage-hcm03 actions** if you want to create a policy with permissions for all actions on vStorage. For details on the meaning of each action, refer to the vStorage Features, Resources, and Access Rights. 8. Select **Resources**: 1. Choose **All resources** to allow the selected permissions to access all resources on your SSO account. 2. Choose **Specify resources**: Select a specific project, container, or object you want to grant access to. You can enter information for each type of resource in the following ways: 1. **Enter \*** to select all resources. 2. **Enter the specific ID** of the project, the name of the container, or the name of the object for precise access. 3. **Enter a prefix** if you want to specify a set of projects, containers, or objects starting with the declared prefix. 3. You can also choose Any to allow access to all projects, containers, and objects in your SSO account. 4. Select Request conditions: Enter specific conditions for the policy if needed. After completing the above 8 steps, the policy for vStorage has been created. Next, assign it to an IAM User Account following the instructions in Linking IAM User Account with the Corresponding Policy. In addition to creating specific policies as outlined above, we also provide you with a set of default policies with diverse permissions. You can use these default policies and directly link them to your IAM User Account. For more information on the list of default policies, please refer to the [Features, vStorage Resources, and Access Permissions](https://docs.vngcloud.vn/display/VSEN/Features%2C+vStorage+Resources%2C+and+Access+Permissions). \\ --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vngcloud.vn/vng-cloud-document/vstorage/object-storage/vstorage-hcm03/identity-and-access-management/managing-vstorage-access-account/iam-user-account/create-policies-for-iam-user-account.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.