All Products
Search

This Product

    Data Security Center:Authorize a RAM user to access DSC

    Document Center

    Data Security Center:Authorize a RAM user to access DSC

    Last Updated:Aug 05, 2024

    Before a Resource Access Management (RAM) user can access or manage the Data Security Center (DSC) console, you must authorize the RAM user to access DSC. This topic describes how to authorize a RAM user to manage or access the DSC console.

    Prerequisites

    A RAM user is created. For more information about how to create a RAM user, see Create a RAM user.

    Grant permissions to a RAM user

    1. Log on to the RAM console by using an Alibaba Cloud account or a RAM user that has the management permissions.

    2. In the left-side navigation pane, choose Identities > Users.

    3. On the Users page, find the RAM user that you want to manage and click Add Permissions in the Actions column.

    4. In the Add Permissions panel, grant permissions to the RAM user.

      1. Select the authorization scope.

        • Account: The authorization takes effect on the current Alibaba Cloud account.

        • ResourceGroup: The authorization takes effect in a specific resource group.

          Description

          If you select ResourceGroup for Resource Scope, make sure that the cloud service supports resource groups. For more information, see Services that work with Resource Group.

      2. Specify the principal.

        The principal is the RAM user to which you want to grant permissions.

      3. Select policies and click Grant permissions.

        Select policies based on the permissions required by the RAM user.

        Policy

        Description

        AliyunYundunSDDPFullAccess

        Provides the highest permissions to manage DSC. You can modify or delete the configurations of DSC.

        AliyunYundunSDDPReadOnlyAccess

        Provides the read-only permissions on DSC.

        AliyunYundunSDDPDataManager

        Provides the permissions to manage data domains in DSC.

        After the policy is attached to the RAM user, the information about the RAM user is synchronized to the DSC console. After you configure the scope of data domains that the RAM user can manage, the RAM user can view and manage data domain assets within the scope.

        image

        If system policies cannot meet your requirements, you can configure a custom policy. For more information, see Create custom policies.

    Log on to the DSC console by using a RAM user

    1. In the left-side navigation pane of the RAM console, click Overview.

    2. On the Overview tab, obtain the value of Login URL in the Basic Information section.

    3. Click the logon link to the RAM user. Use the username of the RAM user and click Next. Enter the credentials of the RAM user to log on to the Alibaba Cloud Management Console.

    4. Access DSC.

    References