All Products
Search
Document Center

Data Management:Integration by using ROS

Last Updated:Oct 14, 2024

This topic describes how to add a user in Data Management (DMS) as a Resource Access Management (RAM) user by using Resource Orchestration Service (ROS).

Create a RAM user and grant permissions to the RAM user

  1. Create a RAM user.

    1. Go to the Users page in the RAM console and click Create User.

    2. Enter dms_test in the Logon Name field and select OpenAPI Access for the Access Mode parameter.

    3. Click OK. Record the UID of the RAM user.

  2. Grant permissions to the RAM user.

    1. Go to the Users page, find the RAM user that you created, and then click Add Permissions in the Actions column.

    2. In the Policy section of the Grant Permission panel, enter AliyunDMSFullAccess in the search box and select the policy. Repeat this step to select the AliyunROSFullAccess policy.

      Note

      In this example, the AliyunDMSFullAccess policy is attached to the RAM user to authorize the RAM user to manage DMS resources.

      In actual projects, you can select policies as needed or customize more fine-grained policies. For more information, see Identity management.

    3. Click Grant permissions.

Procedure

  1. Log on to the ROS console. In the top navigation bar, select a region in the region drop-down list.

  2. In the left-side navigation pane, choose Deployment > Stacks. On the Stacks page, click Create Stack and select Use ROS.

    • Specify Template: Select Select an Existing Template.

    • Template Import Method: Select Enter Template Content.

  3. In the Template Content section, click the ROS tab and enter code in the JSON or YAML format.

    For more information about the parameters in the template, see ALIYUN::DMS::User.

    YAML format

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters:
     Status:
      Type: String
      Description: UserStatus
     Uid:
      Type: String
      Description: UserAliYunUid
     UserName:
      Type: String
      Description: UserNickName
     RoleNames:
      Type: Json
      Description: UserRole
     Mobile:
      Type: String
      Description: UserMobile
     Tid:
      Type: String
      Description: ''
    Resources:
     DMSEnterpriseUser:
      Type: 'ALIYUN::DMS::User'
      Properties:
       Status:
        Ref: Status
       Uid:
        Ref: Uid
       UserName:
        Ref: UserName
       RoleNames:
        Ref: RoleNames
       Mobile:
        Ref: Mobile
       Tid:
        Ref: Tid
    Outputs:
     Uid:
      Description: UserAliYunUid
      Value:
       'Fn::GetAtt':
        - DMSEnterpriseUser
        - Uid
     UserName:
      Description: UserNickName
      Value:
       'Fn::GetAtt':
        - DMSEnterpriseUser
        - UserName
     RoleNames:
      Description: UserRole
      Value:
       'Fn::GetAtt':
        - DMSEnterpriseUser
        - RoleNames
     UserId:
      Description: UserId
      Value:
       'Fn::GetAtt':
        - DMSEnterpriseUser
        - UserId
     RoleIds:
      Description: UserRoleId
      Value:
       'Fn::GetAtt':
        - DMSEnterpriseUser
        - RoleIds
     Mobile:
      Description: UserMobile
      Value:
       'Fn::GetAtt':
        - DMSEnterpriseUser
        - Mobile
     ParentUid:
      Description: ParentAliYunUid
      Value:
       'Fn::GetAtt':
        - DMSEnterpriseUser
        - ParentUid

    JSON format

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
        "Status": {
          "Type": "String",
          "Description": "UserStatus"
        },
        "Uid": {
          "Type": "String",
          "Description": "UserAliYunUid"
        },
        "UserName": {
          "Type": "String",
          "Description": "UserNickName"
        },
        "RoleNames": {
          "Type": "Json",
          "Description": "UserRole"
        },
        "Mobile": {
          "Type": "String",
          "Description": "UserMobile"
        },
        "Tid": {
          "Type": "String",
          "Description": ""
        }
      },
      "Resources": {
        "DMSEnterpriseUser": {
          "Type": "ALIYUN::DMS::User",
          "Properties": {
            "Status": {
              "Ref": "Status"
            },
            "Uid": {
              "Ref": "Uid"
            },
            "UserName": {
              "Ref": "UserName"
            },
            "RoleNames": {
              "Ref": "RoleNames"
            },
            "Mobile": {
              "Ref": "Mobile"
            },
            "Tid": {
              "Ref": "Tid"
            }
          }
        }
      },
      "Outputs": {
        "Uid": {
          "Description": "UserAliYunUid",
          "Value": {
            "Fn::GetAtt": [
              "DMSEnterpriseUser",
              "Uid"
            ]
          }
        },
        "UserName": {
          "Description": "UserNickName",
          "Value": {
            "Fn::GetAtt": [
              "DMSEnterpriseUser",
              "UserName"
            ]
          }
        },
        "RoleNames": {
          "Description": "UserRole",
          "Value": {
            "Fn::GetAtt": [
              "DMSEnterpriseUser",
              "RoleNames"
            ]
          }
        },
        "UserId": {
          "Description": "UserId",
          "Value": {
            "Fn::GetAtt": [
              "DMSEnterpriseUser",
              "UserId"
            ]
          }
        },
        "RoleIds": {
          "Description": "UserRoleId",
          "Value": {
            "Fn::GetAtt": [
              "DMSEnterpriseUser",
              "RoleIds"
            ]
          }
        },
        "Mobile": {
          "Description": "UserMobile",
          "Value": {
            "Fn::GetAtt": [
              "DMSEnterpriseUser",
              "Mobile"
            ]
          }
        },
        "ParentUid": {
          "Description": "ParentAliYunUid",
          "Value": {
            "Fn::GetAtt": [
              "DMSEnterpriseUser",
              "ParentUid"
            ]
          }
        }
      }
    }
  4. Click Next. Configure the parameters and click Create.

  5. After the stack is created, you can view the status of the stack and the outputs on the Stack Information and Outputs tabs of the stack details page.

  6. After the stack is created, you can view the added user by calling an API operation, using an SDK, or in the DMS console. For more information about how to view users in the DMS console, see Manage users.