An AWS account has full permission to perform all actions on the Amazon Glacier Vault that are part of the account. However, the AWS Identity and Access Management (IAM) users don’t have any permission by default. You can control access by setting vault-level access policies using the AWS IAM service.
With AWS IAM you can create a policy for a specific user or group. This guide shows you how to set an access level policy for a vault.