All Products
Search
Document Center

:Enable a resource directory

Last Updated:Nov 10, 2023

The Resource Management service allows you to consolidate all your Alibaba Cloud accounts into a resource directory and move the accounts to desired folders to form a hierarchy. This way, you can manage the accounts and the resources within the accounts in a unified manner. You must enable a resource directory before you can use the resource directory.

Prerequisites

The Alibaba Cloud account you use to enable a resource directory has passed enterprise verification. An account that has passed only individual real-name verification cannot be used to enable a resource directory.

Methods used to enable a resource directory

By default, an Alibaba Cloud account that is used to enable a resource directory is the management account of the resource directory. The management account has all administrative permissions on the resource directory and can be used to manage all members in the resource directory and the resources of the members. We recommend that you use an Alibaba Cloud account only as the management account of a resource directory and do not use the account to deploy your business. This prevents management issues caused by the excessive responsibilities of the management account.

When you use an Alibaba Cloud account to enable a resource directory, the system checks whether the account has passed enterprise verification, whether the account has resources, and whether the account is configured with security information, such as a mobile phone number or an email address. If the account meets requirements, the system then recommends one of the following methods for you to enable a resource directory based on the check results:

  • Use the current logon account to enable a resource directory

    If your account has passed enterprise verification, is configured with security information, and does not have resources, you can use this method to enable a resource directory.

  • Use a new account to enable a resource directory

    If your account has passed enterprise verification but is not configured with security information or has resources, you can use this method to enable a resource directory. If you use this method, you must create an Alibaba Cloud account and use this account as the management account of the resource directory. The new account inherits the enterprise verification information of the current logon account. The current logon account becomes a member of the resource directory.

    Warning

    After the current logon account becomes a member of the resource directory, you can remove the current logon account from the resource directory by using only the new account.

Use the current logon account to enable a resource directory

  1. Log on to the Resource Management console.

  2. In the left-side navigation pane, choose Resource Directory > Overview.

  3. On the page that appears, click Enable Resource Directory.

  4. In the Confirm Management Account section of the page that appears, select Current Account.

  5. Click Enable.

  6. In the Security Verification dialog box, enter the verification code that is sent to the mobile phone number or email address bound to the current logon account and click OK.

    After you enable the resource directory, the system creates the Root folder and uses the current logon account as the management account of the resource directory.

    In addition, the system creates a service-linked role named AliyunServiceRoleForResourceDirectory within the management account. This role is used to grant access permissions on the resource directory to trusted services that are integrated with the Resource Directory service. For more information about service-linked roles, see RAM roles in a resource directory.

Use a new account to enable a resource directory

  1. Log on to the Resource Management console.

  2. In the left-side navigation pane, choose Resource Directory > Overview.

  3. On the page that appears, click Enable Resource Directory.

  4. In the Confirm Management Account section of the page that appears, select New Account.

  5. Enter a custom account name in the Account Name field.

  6. Bind a mobile phone number to the new account for security purposes.

    The mobile phone number that is bound to the current logon account is automatically displayed. You can click Modify to bind another mobile phone number to the new account for security purposes.

  7. Click Enable.

  8. In the Security Verification dialog box, enter the verification code that is sent to the mobile phone number you specify in Step 6 and click OK.

    After you enable the resource directory, the system creates the Root folder and uses the new account as the management account of the resource directory. The current logon account becomes a member of the resource directory.

    In addition, the system creates a service-linked role named AliyunServiceRoleForResourceDirectory within the management account. This role is used to grant access permissions on the resource directory to trusted services that are integrated with the Resource Directory service. For more information about service-linked roles, see RAM roles in a resource directory.

    Important

    You must specify a password for the management account on the password resetting page by using the mobile phone number that you specify in Step 6. Then, you can use the management account to log on to the Resource Management console and manage your resource directory.