# Ground Truth Security and Permissions Use the topics on this page to learn about Ground Truth security features and how to configure Amazon Identity and Access Management (IAM) permissions to allow a user or role to create a labeling job. Additionally, learn how to create an *execution role*. An execution role is the role that you specify when you create a labeling job. This role is used to start your labeling job. If you are a new user and want to get started quickly, or if you do not require granular permissions, see [Use IAM Managed Policies with Ground Truth](sms-security-permissions-get-started.md). For more information about IAM users and roles, see [Identities (Users, Groups, and Roles)](https://docs.amazonaws.cn/IAM/latest/UserGuide/id.html) in the IAM User Guide. To learn more about using IAM with SageMaker AI, see [Amazon Identity and Access Management for Amazon SageMaker AI](security-iam.md). **Topics** + [CORS Requirement for Input Image Data](sms-cors-update.md) + [Assign IAM Permissions to Use Ground Truth](sms-security-permission.md) + [Using Amazon SageMaker Ground Truth in an Amazon Virtual Private Cloud](sms-vpc.md) + [Output Data and Storage Volume Encryption](sms-security.md) + [Workforce Authentication and Restrictions](sms-security-workforce-authentication.md)