After you receive an invitation, you can view the information about the invitation in the Resource Management console, in your email, or from an internal message. Then, you can accept or reject the invitation.
Prerequisites
The invited Alibaba Cloud account is not the management account or a member of a resource directory. One Alibaba Cloud account can belong to only one resource directory.
The invited Alibaba Cloud account has passed enterprise real-name verification, and the enterprise real-name information of the Alibaba Cloud account is the same as that of the management account of the related resource directory. Otherwise, the Alibaba Cloud account cannot join the resource directory.
If you want to use a RAM user to process the invitation, the policy with the minimum required permissions is attached to the RAM user. The following code provides the policy document:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "resourcemanager:GetResourceDirectory", "resourcemanager:ListHandshakesForAccount", "resourcemanager:GetHandshake", "resourcemanager:AcceptHandshake", "resourcemanager:DeclineHandshake" ], "Resource": "*" } ] }
For more information, see Create a custom policy and Grant permissions to a RAM user.
Background information
Before you accept the invitation, carefully read the following information and make sure that you are familiar with the risks that may arise. After you accept the invitation, the following situations occur:
Your Alibaba Cloud account becomes a member of the cloud account type in the resource directory, and the name of your Alibaba Cloud account is used as the display name of the member in the resource directory.
The management account of the resource directory has all permissions on your Alibaba Cloud account, and you cannot remove your Alibaba Cloud account from the resource directory.
For security or compliance purposes, the management account of the resource directory can be used to attach one or more access control policies to your Alibaba Cloud account to determine the Alibaba Cloud services and API operations that you can access by using the Alibaba Cloud account.
The management account of the resource directory or a delegated administrator account of a trusted service can be used to perform specific administrative operations on your Alibaba Cloud account in the trusted service. For example, the management account or a delegated administrator account of the trusted service ActionTrail can be used to view the log data of your Alibaba Cloud account in ActionTrail, and the management account or a delegated administrator account of the trusted service Resource Orchestration Service (ROS) can be used to quickly deploy cloud resources for your Alibaba Cloud account in ROS. For more information, see Overview.
The management account of the resource directory can be used to switch the member from a cloud account to a resource account.
Accept an invitation
Log on to the Resource Management console.
In the left-side navigation pane, choose .
On the page that appears, click View Invitation.
On the page that appears, find the invitation that you want to accept and click Process Invitation in the Actions column.
In the Process Invitation dialog box, carefully read the invitation information, select the risk warning check box, and then click Accept Invitation.
After your account joins the resource directory, you can view the information about the resource directory on the Settings page.
Reject an invitation
Log on to the Resource Management console.
In the left-side navigation pane, choose .
On the page that appears, click View Invitation.
On the page that appears, find the invitation that you want to reject and click Process Invitation in the Actions column.
In the Process Invitation dialog box, click Reject Invitation.
In the Reject Invitation dialog box, click Reject Invitation.