Enterprise Organization vs Identity and Access Management

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
All documents
menu
No results found, please re-enter

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
  • Document center
  • arrow
  • IAMIAM
  • arrow
  • Product Description
  • arrow
  • Enterprise Organization vs Identity and Access Management
Table of contents on this page
  • Organization
  • Multi-User Access Control
  • Differences

Enterprise Organization vs Identity and Access Management

Updated at:2025-10-27

Organization

Enterprise organization: Refers to relationships between enterprise organizations, agents, and clients where each operates as an independent account (with separate billing). These standalone accounts often have hierarchical structures, allowing upper levels to manage finances and resources of lower levels and control operational permissions for subordinate accounts.

Scenario 1: Company A operates multiple subsidiaries under one corporate entity. While these subsidiaries maintain operational independence, they are still interconnected as part of the same organization.

Scenario description:

  • Both Company A and its subsidiaries want separate usage accounts that can be independently deployed on Baidu AI Cloud.
  • Company A and its subsidiaries manage resources separately, with Company A holding supervisory authority over the subsidiaries and the option to oversee their resources.
  • As a unified entity, Company A centrally handles all payments, including those for its subsidiaries.

Scenario 2: Agent B serves multiple customers requiring both centralized client management and independent resource administration between agent and individual clients

Scenario description:

  • For security reasons, Agent B prefers customers to maintain independent accounts.
  • Agent B has oversight permissions to monitor the resource usage of their customers.
  • If the contract between Agent B and a customer ends, Agent B has the authority to revoke customer permissions at any time.

Multi-User Access Control

Multi-user Access Control: Intended for different roles within an enterprise, granting specific permissions (e.g., read-only, operations, administrative) to employees, down to resource-level detail, without requiring IAM users to incur separate operational costs. When your enterprise requires collaborative resource operations, it is recommended to use Identity and Access Management.

Use Case: Enterprise Account A has purchased multiple cloud resources (e.g., Baidu Cloud Compute (BCC), Baidu Object Storage (BOS), Content Delivery Network (CDN)). The company employs many staff members, including developers, testers, and operations personnel. Each role requires different permissions according to their responsibilities, eliminating the need for separate operational payments.

Scenario description:

  • Enterprise Account A can grant staff different permissions for products (e.g., read-only, operations, management) and apply refined controls at the resource level (e.g., permissions for specific BCC instance operations).
  • Enterprise employees log in and use resources through IAM user accounts without requiring additional operational payments.

Differences

Differences Organization Multi-User Access Control
Resource ownership Resources are owned by the account that initiates or purchases them. Resources are associated with the primary account rather than individual IAM users.
Fund and bill attribution Each account within an enterprise organization manages its own funds and generates its own bills. The master account can request financial management privileges to centrally settle all sub-account bills through fund transfers. The account acts as the holder for funds and billing. IAM users do not receive separate bills. All costs incurred by IAM users under the account are reflected in the root account.
Application scenarios This applies to enterprise organizations where each entity operates as an independent account with separate billing. These accounts have hierarchical relationships, where higher levels can manage the resources, finances, and permissions of subordinate accounts. Designed for different roles within an enterprise, this allows specific permissions (e.g., read-only, operational, administrative) to be assigned to employees at a granular resource level. IAM users do not need to pay separately for their actions. For multi-user collaboration in resource operations within your enterprise, it is recommended to use Identity and Access Management.
Differences Company A has multiple subsidiaries under the same entity. While operationally independent, they remain interconnected as a unified whole.
Scenario description:
1. Both Company A and its subsidiaries desire separate usage accounts that can be independently deployed on Baidu AI Cloud.
2. Company A and its subsidiaries manage resources independently, with Company A retaining supervisory authority over subsidiaries and the ability to manage their resources.
3. Company A and its subsidiaries are under the same entity, Company A holds consolidated financial settlement authority, and pays all bills for itself and subsidiaries in a centralized manner.		 Account A under an enterprise has purchased multiple cloud resources (e.g., Baidu Cloud Compute (BCC), Baidu AI Cloud Object Storage (BOS), Content Delivery Network (CDN)). The enterprise has many employees, including developers, testers, operations personnel, etc. Since the job responsibilities of each employee are different, their required permissions also vary, without needing to separately pay for operational costs.
Scenario description:
1. Account A of an enterprise can assign different product permissions to staff (e.g., read-only, operations, management) and refine control to resource levels (e.g., BCC instance operation permissions).
Enterprise employees use IAM user accounts for login and usage without needing to separately pay for operational costs.

Previous
System Restrictions
Next
Product pricing