This topic describes how to use RAM to grant permissions to O&M engineers and manage these permissions.
Prerequisites
An Alibaba Cloud account is created. To create an Alibaba Cloud account, visit the account registration page.
Background information
A company has purchased multiple Alibaba Cloud services and deployed its application systems on the cloud. This results in the following O&M requirements:
- Different O&M owners are responsible for different Alibaba Cloud services.
- Different O&M engineers require different permissions to access and manage Alibaba Cloud resources.
Solution
The company can set an O&M owner, assign different O&M engineers to different O&M requirements, and then attach specified policies to these engineers.

Procedure
This section uses an example to describe how to set a RAM user as the database O&M
owner. In this example, the RAM user is alice@secloud.onaliyun.com
. The RAM user can then manage ApsaraDB for RDS and Data Transmission Service (DTS).
O&M owner | Policy | Description |
---|---|---|
O&M owner | AdministratorAccess | Permissions to manage all Alibaba Cloud resources. |
VM O&M engineer | AliyunECSFullAccess | Permissions to manage Elastic Compute Service (ECS). |
AliyunESSFullAccess | Permissions to manage Auto Scaling (ESS). | |
AliyunSLBFullAccess | Permissions to manage Server Load Balancer (SLB). | |
AliyunNASFullAccess | Permissions to manage Apsara File Storage NAS. | |
AliyunOSSFullAccess | Permissions to manage Object Storage Service (OSS). | |
AliyunOTSFullAccess | Permissions to manage Tablestore. | |
Network O&M engineer | AliyunCDNFullAccess | Permissions to manage Alibaba Cloud CDN. |
AliyunCENFullAccess | Permissions to manage Cloud Enterprise Network (CEN). | |
AliyunCommonBandwidthPackageFullAccess | Permissions to manage EIP Bandwidth Plan. | |
AliyunEIPFullAccess | Permissions to manage Elastic IP Address (EIP). | |
AliyunExpressConnectFullAccess | Permissions to manage Express Connect. | |
AliyunNATGatewayFullAccess | Permissions to manage NAT Gateway. | |
AliyunSCDNFullAccess | Permissions to manage Secure Content Delivery Network (SCDN). | |
AliyunSmartAccessGatewayFullAccess | Permissions to manage Smart Access Gateway. | |
AliyunVPCFullAccess | Permissions to manage Virtual Private Cloud (VPC). | |
AliyunVPNGatewayFullAccess | Permissions to manage VPN Gateway. | |
Database O&M engineer | AliyunRDSFullAccess | Permissions to manage ApsaraDB for RDS. |
AliyunDTSFullAccess | Permissions to manage Data Transmission Service (DTS). | |
Security O&M engineer | AliyunYundunFullAccess | Permissions to manage Alibaba Cloud Security. |
Monitoring O&M engineer | AliyunActionTrailFullAccess | Permissions to manage ActionTrail. |
AliyunARMSFullAccess | Permissions to manage Application Real-Time Monitoring Service (ARMS). | |
AliyunCloudMonitorFullAccess | Permissions to manage Cloud Monitor. | |
ReadOnlyAccess | Permissions to read all Alibaba Cloud resources. This policy is optional. | |
AliyunSupportFullAccess | Permissions to manage Ticket Management. |