In the Resource Access Management (RAM) console, the administrator or end users can be granted the permissions to access and perform operations on the Service Catalog console. In the Service Catalog console, end users can be granted the permissions to view the product list. Authorization must be complete in both the RAM console and the Service Catalog console to manage products.
Authorization method | Scenario | Authorization purpose | Usage note | References |
---|---|---|---|---|
Authorization in the RAM console | Authorize RAM users or RAM roles in the RAM console to allow the RAM users or RAM roles to use Service Catalog. | Grant the administrator or end users the read-only permissions or read and write permissions on the Service Catalog console. | The permissions that are granted in the RAM console do not include the permissions
to view or use products in the Service Catalog console.
Authorize the administrator in the RAM console only if the administrator is a RAM user or a RAM role. If the administrator is an Alibaba Cloud account, the administrator has the required permissions to manage all Alibaba Cloud resources. Authorization in the RAM console is not required. To prevent security risks caused by excessive permissions, a RAM user or a RAM role is recommended to be used as the administrator. |
|
Authorization in the Service Catalog console | Authorize end users in the Service Catalog console to allow the end users to view products. | Grant end users the required permissions to view the product list. | The administrator must grant end users permissions on the Portfolio management page in the Service Catalog console. | Grant the end user the permissions to access the product |