Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Getting Started with User Permission Management on Alibaba Cloud

Getting Started with User Permission Management on Alibaba Cloud

Follow the steps in this article to learn how to create and manage users by using Alibaba Cloud Resource Access Management (RAM) service.

By Anthony Merrington, Technical Support Engineer at Alibaba Cloud

Alibaba Cloud Resource Access Management (RAM) allows you to create and manage the Alibaba Cloud access permissions for employees, systems, applications, and other identities. RAM is supported on resources including ECS instances, networking services, database services, security, analytics, and more. In my last blog, I introduced the concept of RAM identities and gave an introduction to some of RAM's capabilities. This time, I'll show you how to get started by creating a RAM user with some specific permissions.

First, a few additional things it's useful to know:

  • In RAM, permissions are specified by a statement within a "RAM policy", which allows or denies access to a specific Alibaba Cloud resource.
  • A policy defines a set of permissions that are described based on the policy structure and syntax. A policy can accurately describe the authorized resource sets, authorized operation sets, and authorization conditions. You can attach one or more policies to RAM users, RAM user groups, or RAM roles.
  • A RAM user has no permissions by default. Therefore, a new RAM user can manage resources only after the RAM user is granted the required permissions.

So now you're up to speed, let's get started and create some RAM users! You can follow the steps below on the Alibaba Cloud console to try RAM out for yourself.

Prerequisites

Before you get started, make sure that you have an Alibaba Cloud account. To create an account, visit the account registration page.

Step 1: Create a RAM user

Follow these steps to create a RAM user:

1. Visit the official website of Alibaba Cloud.

2. Click Log In in the upper-right corner.

1

3. Log on using your Alibaba Cloud account (root account).

2

4. Click Console in the upper-right corner to open the management console.

3

5. Click the menu icon in the upper-left corner to open the product list.

6. Click Products, type ram in the search box, and then click Resource Access Management.

4

7. On the left-side navigation pane, click Identifies >> Users, and then click Create User.

5

8. Complete the details as follows:

6

9. Click OK.

7

 This action may require email verification. When you are prompted, check the inbox of your registered email address and enter the verification code to continue.

10. Click Back to return to the RAM user list.

11. On the left-side navigation pane, click Overview.

12. On the Account Management pane, make a note of the RAM user logon URL.

8

Step 2: Log on as a RAM user

To log on as a RAM user, follow these steps:

1. Open the URL that you obtained previously for RAM console logon.

2. Type the logon name of the RAM user to the left of the prefilled domain name, and then click Next.

9

3. Enter the password for the RAM user, and then click Log on.

10

Step 3: Grant permissions to the new RAM user

We can now grant permissions to the RAM user on the Users page:

1. Log on to the RAM console by using your Alibaba Cloud account (the same account you logged into in Step 1 to create the RAM user).

2. In the left-side navigation pane, click Users under Identities.

3. In the User Logon Name/Display Name column, find the RAM user.

4. Click Add Permissions in the Actions column. On the page that appears, the Principal field is automatically filled in.

11

5. Keep the default setting for the Authorization, and make sure the Principal is set as the RAM user you created in step 1. In the Policy Name column, select the policies that you want to attach to the RAM user. In this example we add the AliyunOSSFullAccess policy to give the RAM user full permissions on OSS resources.

12

6. Click OK.

7. Click Complete.

Step 4: Check the RAM user permissions

Finally, let's check that full OSS permissions have been granted to our RAM user:

1. Log on to the RAM console with an Alibaba Cloud account.

2. In the left-side navigation pane, click Users under Identities.

3. In the User Logon Name/Display Name column, click the username of the target RAM user.

4. Click the Permissions tab.

13

5. On the Individual tab, view the permissions that are granted to the RAM user. Check that the AliyunOSSFullAccess policy is listed.

Learn More

To learn more about RAM, I recommend the following resources:

Security Resource Access Management User Permissions IAM Identity Management
0 0 0
Share on

Read previous post:

Controlling User Permissions in the Cloud Era

Read next post:

Bring Resilience to Your Business Applications with a Cross-Zone Deployment

ClouderLouder

9 posts | 4 followers

You may also like

Comments

ClouderLouder

9 posts | 4 followers

Related Products

More Posts by ClouderLouder

See All