After you create a Resource Access Management (RAM) user, you must authorize the RAM user to manage services in Alibaba Cloud Model Studio in the RAM console and the Model Studio console.
Create a RAM user
For more information about how to create a RAM user, see Create a RAM user.
Authorize the RAM user in the RAM console
Log on to the RAM console.
In the left-side navigation pane, click Users. On the Users page, find the RAM user that you want to authorize.
Click the name of the RAM user in the User Logon Name/Display Name column. On the page that appears, click the Permissions tab and then click Grant Permission. In the Grant Permission panel, select System Policy from the drop-down list in the Policy section. In the search box, search for AliyunSFMFullAccess. Select AliyunSFMFullAccess and then click Grant permissions.
Authorize the RAM user in the Model Studio console
Log on to the Model Studio console with your Alibaba Cloud account. In the left-side navigation pane, choose System Management > Permission Management > User Management. On the User Management page, click Add user.
Select the RAM user to whom you want to grant the permissions, specify a username, and then click Next.
Select Admin from the Role drop-down list and click Complete.
Authorize a sub-workspace to call, train, and deploy models
Models can be directly used in the default workspace. However, authorization is required to use models in sub-workspaces.
For more information, see the Authorize a sub-workspace to call, train, and deploy models section in the Use workspaces topic.
Custom permission policy for knowledge indexes
You can use a custom permission policy to grant RAM users the minimum set of permissions on knowledge indexes.
Procedure
1. Log on to the RAM console with an administrator account.
2. In the left-side navigation pane, choose . On the Policies page, click Create Policy. On the page that appears, select Alibaba Cloud Model Studio as the Service. In the section, select the following actions. You can enter the names of the actions in the search box to search for the actions.
GetIndexJobStatus: Queries the status of an indexing job.
CreateIndex: Creates an indexing job.
SubmitIndexJob: Submits an indexing job.
3. Click Next to edit policy information. On the page that appears, specify a name and description for the policy. Then, click OK.
4. To authorize a RAM user, click Grant Permission or click Grants in the left-side navigation pane.
5. In the Grant Permission panel, select the RAM user in the Principal section and then select the custom policy that you created in the policy section. Click Grant permissions.