Apsara Video SDK:Authorize a RAM user to use the console

Create a RAM user and grant permissions to the RAM user

1. Log on to the RAM console by using your Alibaba Cloud account.

2. In the left-side navigation pane, choose Identities > Users.

3. On the Users page, click Create User and configure the basic information.

   Configure the Logon Name and Display Name parameters in the User Account Information section, and set the Access Mode parameter to Console Access. Then, configure the parameters that are described in the following table.

   Parameter	Description
   Set Logon Password	The password that is used by the RAM user to log on to the console. After you set the password, keep it properly and notify the corresponding RAM user so that the RAM user can log on to the console.
   Password Reset	Specifies whether the RAM user needs to reset the password at the next logon.
   Enable MFA	Specifies whether the multi-factor authentication (MFA) feature is required for RAM users. If you select Required, the RAM user must configure MFA during the logon.

4. Click OK and complete the verification by using your mobile number.

5. On the Users page, find the RAM user that you create and click Add Permissions in the Actions column.

6. In the Grant Permission panel, grant permissions to the RAM user.

   1. Configure the Resource Scope parameter.

      • Account: The permissions granted to the RAM user take effect within the current Alibaba Cloud account.

      • ResourceGroup: The permissions granted to the RAM user take effect in a specific resource group. If you set the Resource Scope parameter to ResourceGroup, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group.

   2. Configure the Principal parameter to specify a principal.

      The principal is the RAM user to whom you want to grant permissions.

   3. Select policies in the Policy section.

      Select System Policy from the drop-down list and select the policies that are described in the following table.

      Note

      Grant the RAM user the permissions on ApsaraVideo Live or ApsaraVideo VOD (VOD) and the permissions on orders based on your business requirements. Otherwise, you may fail to create and manage licenses in the VOD or ApsaraVideo Live console, and an error message such as "Forbidden.NoPermission" may be reported.

      Policy	Description
      AliyunBSSOrderAccess	Grants the permissions to view orders, pay for orders, and cancel orders in the Billing Management console.
      AliyunVODReadOnlyAccess	Grants the read-only permissions on VOD.
      AliyunVODFullAccess	Grants the management permissions on VOD.
      AliyunLiveReadOnlyAccess	Grants the read-only permissions on ApsaraVideo Live.
      AliyunLiveFullAccess	Grants the management permissions on ApsaraVideo Live.

   4. Click Grant permissions. The permissions are granted to the RAM user.

Grant permissions to an existing RAM user

1. Log on to the RAM console by using your Alibaba Cloud account.

2. In the left-side navigation pane, choose Identities > Users.

3. Find the RAM user to which you want to grant permissions in the User Logon Name/Display Name column, and click the name of the RAM user.

4. In the Console Logon Management section of the Authentication tab, click Enable Console Logon.

5. In the Modify Logon Settings panel, modify the logon configuration. The following table describes the parameters.

   Parameter	Description
   Console Password Logon	Select Enabled to allow a RAM user to log on to the console.
   Set Logon Password	The password that is used by the RAM user to log on to the console. After you set the password, keep it properly and notify the corresponding RAM user so that the RAM user can log on to the console.
   Password Reset	Specifies whether the RAM user needs to reset the password at the next logon.
   Enable MFA	Specifies whether the MFA feature is required for RAM users. If you select Required, the RAM user must configure MFA during the logon.

6. Click OK and complete the verification by using your mobile number.

7. On the Users page, find the RAM user that you create and click Add Permissions in the Actions column.

8. In the Grant Permission panel, grant permissions to the RAM user.

   1. Configure the Resource Scope parameter.

      • Account: The permissions granted to the RAM user take effect within the current Alibaba Cloud account.

      • ResourceGroup: The permissions granted to the RAM user take effect in a specific resource group. If you set the Resource Scope parameter to ResourceGroup, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group.

   2. Configure the Principal parameter to specify a principal.

      The principal is the RAM user to whom you want to grant permissions.

   3. Select policies in the Policy section.

      Select System Policy from the drop-down list and select the policies that are described in the following table.

      Note

      Grant the RAM user the permissions on ApsaraVideo Live or ApsaraVideo VOD (VOD) and the permissions on orders based on your business requirements. Otherwise, you may fail to create and manage licenses in the VOD or ApsaraVideo Live console, and an error message such as "Forbidden.NoPermission" may be reported.

      Policy	Description
      AliyunBSSOrderAccess	Grants the permissions to view orders, pay for orders, and cancel orders in the Billing Management console.
      AliyunVODReadOnlyAccess	Grants the read-only permissions on VOD.
      AliyunVODFullAccess	Grants the management permissions on VOD.
      AliyunLiveReadOnlyAccess	Grants the read-only permissions on ApsaraVideo Live.
      AliyunLiveFullAccess	Grants the management permissions on ApsaraVideo Live.

   4. Click Grant permissions. The permissions are granted to the RAM user.

References

RAM User Management

FAQ

What do I do if I am prompted that I do not have the required permissions?