Create role

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
All documents
menu
No results found, please re-enter

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
  • Document center
  • arrow
  • IAMIAM
  • arrow
  • Operation guide
  • arrow
  • Role Management
  • arrow
  • Create role
Table of contents on this page
  • Prerequisites
  • Operation steps

Create role

Updated at:2025-10-27

IAM roles allow you to grant access to Baidu AI Cloud resources. Using IAM roles, you can provide specific permissions to IAM users in your account or establish trust relationships with other cloud accounts. This enables IAM users in those accounts to access your cloud resources through the IAM roles you create. For instance, you can authorize third-party cloud accounts to use data in your Baidu Object Storage (BOS) buckets.

Upon establishment of the trust relationship, users, services or applications in the trusted account can use _AssumeRole_ API in Baidu AI Cloud [Security Token Service (STS)](IAM/API Reference/STS-Related Interfaces.md) to operate and assume the role. This operation provides temporary security credentials to trusted users or services to access your cloud resources.
For concepts related to IAM roles, please refer to [Role-related Concepts](IAM/Operation guide/Role Management/Related concepts.md).

This section describes the steps to create a role via the console.

Prerequisites

Before creating a role in the console, you must:

  1. Possess an activated Baidu AI Cloud account. Please refer to [Register](UserGuide/Register an account.md) for instructions on how to register and activate a cloud account
  2. Have system administrator-level permissions for this account.

Operation steps

Please follow the steps below to create your role in the console:

  1. Sign in to Baidu AI Cloud Console, hover over the profile icon in the upper-right corner, and select Identity and Access Management;
  2. In the left navigation bar, select Role Management, and then click Create New Role button;
  3. Enter the role name, description and other basic information. Note: The role name must be unique in an account, and is case-insensitive, namely TESTROLE and testrole are treated as the same role;
  4. Select Role Carrier. You may select Current Cloud Account, indicating this role has been created in the current cloud account and only supports access by IAM users or services in this account. If you select Other Cloud Accounts, this role is created in another cloud account, requiring you to enter the Account ID of that cloud account (accessible via User Center - User ID). A single role can trust up to 10 other cloud accounts simultaneously;
  5. Grant permissions to a role. Select an appropriate system policy or custom policy in the Policy Management to grant the role. If existing policies are unsuitable, create a new custom policy. Please refer to [Permission Policy](IAM/Operation guide/Permission Policies/Permission Policy Overview.md). You may skip authorization setup for the role initially;
  6. Click Complete.

The process of creating a new role in the Baidu AI Cloud account is now complete.

Note Completing the above steps only constitutes the first half of the required configuration. You must also grant the policy permission _STSAssumeRoleAccess_ to individual users in the trusted account. For detailed steps, please refer to [Use Role](IAM/Operation guide/Role Management/Using Roles.md).

Previous
Common scenarios
Next
FAQs