Document Center
all-products-head
This Product
This Product
All Products
Resource Access Management
Resource Access Management
All Products
Product Overview
Announcements and Updates
Product Introduction
Billing
Show more
Show less
Getting Started
Create a RAM user as an account administrator
Create a RAM user and grant permissions to the RAM user
Create a RAM user group and grant permissions to the group
Create a RAM role and attach the required policies to the role
Show more
Show less
User Guide
RAM User Management
RAM User Group Management
RAM Role Management
Policy Management
SSO Management
OAuth Management
AccessKey Pair Management
Security Settings
Access Analyzing
Security
Show more
Show less
Use Cases
Best Practices
Tutorials
Show more
Show less
Developer Reference
API overview
API Reference
SDK Reference
CLI Reference
System Policy Reference
Show more
Show less
Support
FAQ
Permissions on Cloud Services
Show more
Show less
Resource Access Management (RAM) is a service provided by Alibaba Cloud. It allows you to manage user identities and resource access permissions.
RAM console
Getting started
学习路径
Learn to use RAM step by step.
Learn
Product Introduction
What is RAM?
What is STS?
Terms
Limits
Services that work with RAM
Services that work with STS
Start
Getting Started
Configure security policies for RAM users
Create a RAM user
Create a user group
Create a custom policy
Grant permissions to a RAM user
Log on to the Alibaba Cloud Management Console as a RAM user
Use
RAM User Management
Overview of RAM users
Create a RAM user
Grant permissions to a RAM user
Bind an MFA device to a RAM user
Log on to the Alibaba Cloud Management Console as a RAM user
RAM User Group Management
Overview of a RAM user group
Create a user group
Add a RAM user to a RAM user group
Grant permissions to a RAM user group
RAM Role Management
RAM role overview
Service-linked roles
Grant permissions to a RAM role
Assume a RAM role
Policy Management
Policy Management
Create a custom policy
Policy elements
Policy structure and syntax
Policy evaluation process
Overview of sample policies
Policy evaluation process
Policy evaluation process of assuming a RAM role
SSO Management
SSO overview
Scenarios of SSO
Overview of user-based SSO
Overview of role-based SSO by using SAML
Overview of role-based SSO by using OIDC
OAuth Management
OAuth overview
Common scenarios
Manage an OAuth application
AccessKey Pair Management
Create an AccessKey pair
View the information about AccessKey pairs of a RAM user
Rotate AccessKey pairs of RAM users
Practice
Best Practices
Use RAM to ensure security of the Alibaba Cloud resources of your enterprise
Use RAM to manage user permissions and resources
Develop
API Reference
API overview
API Reference (IMS)
API Reference (RAM)
API Reference (STS)
SDK Reference
IMS SDK Reference
RAM SDK Reference
STS SDK Reference
View more frequently asked questions, cases, and solutions.
FAQ about RAM users
FAQ about RAM roles and STS tokens
FAQ about AccessKey pairs
FAQ about MFA
FAQ about SSO
What do I do if I fail to delete my Alibaba Cloud account?
How do I modify the validity period of a logon session or an STS token?
How do I troubleshoot an access denied error?