All Products
Search
Document Center

Resource Management:Use a resource directory to quickly establish a structure for the accounts and resources of an enterprise

Last Updated:Nov 08, 2024

Resource Directory allows you to quickly establish an organizational structure based on your business requirements and consolidate the accounts of your enterprise into this structure to form a hierarchy for the resources of your enterprise.

Step 1: Enable a resource directory

The Alibaba Cloud account you use to enable a resource directory has passed enterprise verification. An account that has passed only individual real-name verification cannot be used to enable a resource directory.

By default, an Alibaba Cloud account that is used to enable a resource directory is the management account of the resource directory. The management account has all administrative permissions on the resource directory and can be used to manage all members in the resource directory and the resources of the members. We recommend that you use an Alibaba Cloud account only as the management account of a resource directory and do not use the account to deploy your business. This prevents management issues caused by the excessive responsibilities of the management account.

When you use an Alibaba Cloud account to enable a resource directory, the system checks whether the account has passed enterprise verification, whether the account has resources, and whether the account is configured with security information, such as a mobile phone number or an email address. If the account meets requirements, the system then recommends one of the following methods for you to enable a resource directory based on the check results:

  • Use the current logon account to enable a resource directory

    If your account has passed enterprise verification, is configured with security information, and does not have resources, you can use this method to enable a resource directory.

  • Use a new account to enable a resource directory

    If your account has passed enterprise verification but is not configured with security information or has resources, you can use this method to enable a resource directory. If you use this method, you must create an Alibaba Cloud account and use this account as the management account of the resource directory. The new account inherits the enterprise verification information of the current logon account. The current logon account becomes a member of the resource directory.

    Warning

    After the current logon account becomes a member of the resource directory, you can remove the current logon account from the resource directory by using only the new account.

To use the current logon account to enable a resource directory, perform the following steps:

  1. Log on to the Resource Management console.

  2. In the left-side navigation pane, choose Resource Directory > Overview.

  3. On the page that appears, click Enable Resource Directory.

  4. In the Confirm Management Account section of the page that appears, select Current Account.

  5. Click Enable.

  6. In the Security Verification dialog box, enter the verification code that is sent to the mobile phone number or email address bound to the current logon account and click OK.

    After you enable the resource directory, the system creates the Root folder and uses the current logon account as the management account of the resource directory.

    In addition, the system creates a service-linked role named AliyunServiceRoleForResourceDirectory within the management account. This role is used to grant access permissions on the resource directory to trusted services that are integrated with the Resource Directory service. For more information about service-linked roles, see RAM roles in a resource directory.

Step 2: Create folders

A folder is an organizational unit in a resource directory. A folder may indicate a branch, a line of business, or a project of your enterprise. Each folder can contain members and subfolders, which forms a tree-shaped organizational structure.

Procedure

  1. Log on to the Resource Management console.

  2. In the left-side navigation pane, choose Resource Directory > Overview.

  3. Click the Organization tab.

  4. In the left-side navigation tree, click the name of a folder. In the right-side section that appears, click Create Folder.

    A subfolder will be created in the folder.

  5. In the Create Folder panel, configure Folder Name.

    Note

    The name you specify must be unique in the current resource directory.

  6. Click OK.

Step 3: Create members or invite Alibaba Cloud accounts

A member can be a resource account or cloud account. Members that are created in a resource directory are resource accounts. A resource account is used to isolate the resources of a project or application on Alibaba Cloud from other resources. You can invite existing Alibaba Cloud accounts to join your resource directory. After the owners of the Alibaba Cloud accounts accept the invitations, the accounts become the members of the resource directory. These members are cloud accounts.

Create a member

Procedure

  1. Log on to the Resource Management console.

  2. In the left-side navigation pane, choose Resource Directory > Create Member.

  3. On the Create Member page, configure the parameters.

    • Alibaba Cloud Account Name: the name of the member. The name must be unique in the current resource directory. The name must be 2 to 50 characters in length and can contain letters, digits, and the following special characters: underscores (_), periods (.), and hyphens (-). The name must start and end with a letter or digit and cannot contain consecutive special characters.

    • Display Name: the display name of the member. The display name must be 2 to 50 characters in length and can contain letters, digits, and the following special characters: underscores (_), periods (.), and hyphens (-).

    • Settlement: the payment method of the member.

      • Use Management Account for Settlement of New Member: If you select this option, the management account of the resource directory is used as the billing account of the member that is being created.

      • Use Existing Member for Settlement of New Member: If you select this option, you must select an existing member from the panel that appears. This member is used as the billing account of the member that is being created.

        Note

        A member that does not have the payment capability cannot be selected. For information about how to determine whether a member has the payment capability, see Trusteeship overview.

      • Use New Member Itself for Settlement: If you select this option, the member that is being created is used as its billing account.

    • Tag: This parameter is optional. You can add tags to the member. This way, you can manage the member based on the tags.

  4. Click OK.

Invite an Alibaba Cloud account

Procedure

  1. Log on to the Resource Management console.

  2. In the left-side navigation pane, choose Resource Directory > Invite Member.

  3. On the Invite Member page, click Invite Member.

  4. In the Invite Member dialog box, configure the following parameters:

    • Account ID or Logon Email Address: the ID or email address of the Alibaba Cloud account that you want to invite. This parameter is required.

      If you want to enter the email address of an Alibaba Cloud account, you must enter the email address that you specified when you created the account. You can enter multiple account IDs or email addresses. Separate the account IDs or email addresses with commas (,).

    • Remarks: the remarks of the invitation. This parameter is optional.

      You need to enter appropriate remarks. The remarks help the invitee confirm the credibility of the invitation and quickly complete the invitation process.

    • Tag: the tags that you want to add to the account. This parameter is optional.

    • Owned By (Folder): the folder to which the account belongs. This parameter is optional. By default, the account belongs to the Root folder. You can click Modify to place the account in another folder.

  5. Read the risk warning and select the check box.

  6. Click OK.

    Note
    • If you enter an email address for an invitation, the system sends a confirmation email to the email address.

    • If you enter an account ID for an invitation, the system sends a confirmation email to the email address that is associated with the account.

    • If you enter an account ID for an invitation but no email address is associated with the account, the invitee can log on to the Resource Management console to view and process the invitation.

After the owner of the Alibaba Cloud account you invite receives an invitation, the owner can view the information about the invitation in the Resource Management console or in an email. Then, the owner can choose to accept or reject the invitation. For more information, see Process an invitation.