Before an end user can manage products, the administrator must grant the required permissions to the end user to allow the end user to access the Service Catalog console or perform operations in the console. An end user can be a Resource Access Management (RAM) user or a RAM role. In this topic, a RAM user is used.

Prerequisites

A RAM user is created by the administrator. For more information, see Create a RAM user.

Procedure

  1. Log on to the RAM console as the administrator.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
  4. In the Add Permissions panel, set the Authorized Scope parameter to Alibaba Cloud Account and select one or more policies.
    • System Policy: the system policy. Select the AliyunServiceCatalogEndUserFullAccess policy in the Authorization Policy Name column.
      Note If the end user is attached the AliyunServiceCatalogEndUserFullAccess policy, the end user is granted the management permissions on Service Catalog. If the end user wants to launch products and manage product instances in the Service Catalog console, attach the AliyunServiceCatalogEndUserFullAccess policy to the end user.
    • Custom Policy: the custom policies. To specify custom policies, select the required policies in the Authorization Policy Name column.

      For information about how to create a custom policy, see Create a custom policy.

  5. Click OK.
  6. Click Complete.