There are two types of authorization in Redpanda Cloud:
User authorizations, managed by Kafka ACLs, grant users permission to perform specific types of operations on specific resources (such as topics, groups, clusters, or transactional IDs).
When deploying an agent as part of BYOC cluster provisioning, Redpanda Cloud automatically assigns IAM policies to that agent. The IAM policy permissions granted to the agent provide it the authorization required to fully manage Redpanda Cloud clusters in AWS or GCP.
IAM policies do not apply or act as deployment permissions, and there are no explicit user actions associated with IAM policies. Rather, IAM policy permissions apply to Redpanda Cloud agents only, and serve to provide Redpanda agents access to AWS and GCP clusters so Redpanda brokers can communicate with them.