All Products
Search

This Product

    Hologres:Manage instances using Alibaba Cloud resource groups

    Document Center

    Hologres:Manage instances using Alibaba Cloud resource groups

    Last Updated:Feb 04, 2026

    Hologres supports Alibaba Cloud resource groups to help you manage your instances with greater granularity. This topic describes best practices for managing Hologres instances using resource groups.

    Background information

    Company A has three departments, and each department uses various cloud resources. The company uses a single Alibaba Cloud account that contains multiple Hologres instances.

    Company A has the following requirements:

    • Independent management: Each department administrator must be able to independently manage their department's members and access permissions.

    • Cost allocation by department: The finance department needs to allocate costs and generate bills for each department.

    Company A considers the following solutions:

    • Multiple-account solution

      • Meets the requirement for independent management: Company A can create three Alibaba Cloud accounts, one for each department. Each account's administrator can then independently manage members and their access permissions.

      • Meets the requirement for cost allocation: Each Alibaba Cloud account has its own bill. Alibaba Cloud's consolidated billing feature can be used to create a single bill and invoice for the entire company.

    • Single-account with resource tagging solution

      • Fails to meet the requirement for independent management: Tagging resources can simulate department groups. However, it does not allow department administrators to independently manage their members and access permissions.

      • Meets the requirement for cost allocation: Resources can be tagged by department, and these tags can be used for cost allocation.

    • Resource group management solution

      • Meets the requirement for independent management: Each resource group can have its own administrator who can independently manage members and their access permissions.

      • Meets the requirement for cost allocation: The billing management feature supports cost allocation by resource group.

    Limits

    Due to Alibaba Cloud limitations, you cannot use resource groups to control permissions for the following operations performed by Resource Access Management (RAM) users: purchasing, upgrading or downgrading, renewing, and converting pay-as-you-go instances to subscription instances. If a RAM user needs to perform these operations, grant the AliyunBSSOrderAccess permission for all resources to that RAM user.

    Resource group management solution configuration steps

    1. Create RAM users.

      Create three RAM users. The following are examples. For more information, see Create a RAM user.

      • Alice@secloud.onaliyun.com

      • Bob@secloud.onaliyun.com

      • Charlie@secloud.onaliyun.com

      Note

      The following steps use the RAM user Alice as an example to show how to configure a department administrator.

    2. Log on to the Resource Management console.

    3. On the Resource Groups page, click Create Resource Group.

      For more information about resource group operations, see Manage resource groups.

    4. In the Create Resource Group panel, enter a Resource Group Identifier and a Resource Group Name, and then click OK.

      Note

      Create three resource groups named BU1, BU2, and BU3.

    5. Configure permissions.

      The following steps show how to grant the RAM user Alice permissions to view and manage Hologres instances in the BU1 resource group.

      1. In the Actions column of the BU1 resource group, click Access Control.

      2. On the Access Control tab, click Grant Permission.

      3. In the Grant Permission panel, configure the following parameters.

        Parameter

        Description

        Authorization Scope

        Select Specified Resource Groups and select BU1.

        Principal

        Enter Alice@secloud.onaliyun.com.

        Select Permissions

        Under System Policy, select AliyunHologresFullAccess and AliyunBSSOrderAccess. For more information about RAM access policies, see Grant permissions to a RAM user.

      4. Click OK, and then click Complete to finish configuring permissions.

        Alice now has permission to view and manage Hologres instances in the BU1 resource group. She can purchase, delete, stop, renew, and upgrade or downgrade instances within this resource group.

        Note

        To set Bob and Charlie as administrators for the BU2 and BU3 resource groups, repeat these steps.

    Results

    Alice, Bob, and Charlie are now the Hologres administrators for the BU1, BU2, and BU3 resource groups, respectively. After they log on to the Hologres console with their RAM accounts, they can view their assigned resource groups. They can also purchase and manage Hologres instances within those groups, including upgrading or downgrading, renewing, stopping, and deleting instances.

    Cost allocation for resource groups

    For more information about cost allocation for resource groups, see Use resource groups to allocate costs for ECS instances.