Group membership administration roles
The IamGroupAdmin role can be assigned to a user or a group on the scope of a group to allow them to manage membership of that group.
- The IamGroupAdmin role grants a user or a group the permission to add users to or remove users from a group. The role does not grant permission to manage roles and resources for the group.
- In order for a user with the IamGroupAdmin to add or remove users from a group, the user must also have the IamUser or IamViewer role that allows listing IAM users and groups within the organization.