The first time you access a third-party application with an Alibaba Cloud account or a Resource Access Management (RAM) user, permissions must be granted to the third-party application.
Prerequisites
An Alibaba Cloud account or a RAM user who has administrative rights is created to perform the authorization operations in this topic. A RAM user who has administrative rights is a RAM user who is attached the AliyunRAMFullAccess policy.
Confirm the authorization
The first time you access a third-party application, you must confirm the authorization scopes, including the required and optional scopes. Then, click Authorize to grant the permissions to the third-party application.
After an Alibaba Cloud account or a RAM user who has administrative rights confirm to grant the permissions to the third-party application, all RAM users of the Alibaba Cloud account do not need to grant the permissions to the third-party application.
When you access the third-party application after the permissions are granted to the application, the application obtains your identity and permission information. If the granted permissions include cloud service-related permissions, the third-party application can assume your identity to access Alibaba Cloud resources.
Required scope
The required OAuth scope that is configured by the third-party application. The required scope contains the data or the permissions that the third-party application must obtain. The required scope is automatically selected and cannot be cleared. If you do not want the application to obtain the data or the permissions, reject the authorization. If the use of the third-party application is affected after the authorization is rejected, contact the provider of the third-party application.
Optional scope
The optional OAuth scope that is configured by the third-party application. The optional scope contains the data or the permissions that the third-party application want to obtain. You can determine whether to grant the permissions to the application and what permissions to grant based on your business requirements.
View the authorization
After permissions are granted to a third-party application, you can view the application name, application ID, authorization time, and authorization scope of the third-party application in the RAM console.
Log on to the RAM console.
In the left-side navigation pane, choose .
On the Third-party Applications tab, view the permissions on a third-party application.
Revoke the authorization
If you no longer want to grant the permissions to the third-party application, revoke the authorization.
Log on to the RAM console.
In the left-side navigation pane, choose .
On the Third-party Applications tab, find the third-party application that you want to manage and click Delete in the Actions column.
Click OK.
Re-grant the authorization
If you want to change the authorization scope, you can revoke the authorization. Then, access the third-party application and perform the authorization again. For more information, see Revoke the authorization.