After a member account is created in or joins a resource directory, you can use a RAM user, a RAM role, or the root user to access the member account. For security purposes, we recommend that you use a RAM user or RAM role for access.

(Recommended) Use a RAM user to access a member account

You can create a RAM user and attach the AdministratorAccess policy to the RAM user. Then, use the RAM user to access member accounts quickly and manage them based on permissions.

  1. Create a RAM user.
  2. Attach the AdministratorAccess policy to the RAM user.

    For more information, see Grant permissions to a RAM user.

  3. Use the RAM user to log on to the Resource Management console.
  4. In the left-side navigation pane, choose Resource Directory > Overview.
  5. In the navigation tree of the Resource Directory page, find the folder to which the member account you want to access belongs and click the folder name.
  6. Move the pointer over the name of the member account and click Logon Account.

    After that, the RAM user acts as the member account. Then, you can perform the following operations:

    • Purchase Alibaba Cloud resources as needed.
    • Log on to the RAM console, create multiple RAM users for the member account, assign them to different engineers, and grant different permissions to the engineers.

    Tip: If you want to access multiple member accounts at the same time, do not refresh the Resource Directory page in the Resource Management console. After you complete the operations on a member account, move the pointer over the profile picture in the upper-right corner and click Back to Logon Identity. Then, in the Resource Management console, repeat Step 3 to Step 6 to access other member accounts and complete the configuration of users and permissions as required.

Use a RAM role to access a member account

A resource directory automatically creates a RAM role named ResourceDirectoryAccountAccessRole for member accounts. The role has complete administrative permissions on member accounts, and its trusted entity is the master account of the resource directory. You can use a RAM user to assume the RAM role to access member accounts.

  1. Create a RAM user.
  2. Attach the AliyunSTSAssumeRoleAccess policy to the RAM user. This policy allows the RAM user to call the STS AssumeRole API operation.

    For more information, see Grant permissions to a RAM user.

  3. Use the RAM user to assume the RAM role and access a member account.

    For more information about how to use a RAM user to assume a RAM role, see Assume a RAM role.

Use the root user to access a member account

You can use the root user to access only cloud accounts.

Note For security purposes, we recommend that you do not use the root user to access member accounts.
  1. Log on to the Alibaba Cloud Management Console.
    Note If you have logged on to the Alibaba Cloud Management Console by using another account, log out of the console first.
  2. Enter the username and password of your account.
    Note
    • If this account is a new Alibaba Cloud account, you must click Forgot Password? and obtain a new password.
    • If this account is an invited Alibaba Cloud account, directly enter the username and password.
  3. Click Sign In.