You can use a RAM role, a RAM user, or the root user to access a member account. For security purposes, we recommend that you use a RAM role or RAM user for access.

Use a RAM role to access a member account

The system automatically creates a RAM role named ResourceDirectoryAccountAccessRole for each member account in a resource directory. The trusted entity of the role is the master account of the resource directory. You can use the master account or a RAM user of the master account to assume the role of a member account and access the member account.

  1. Create a RAM user Alice by using the master account. For more information, see Create a RAM user.
  2. Authorize the RAM user Alice. For more information, see Grant permissions to a RAM user.

    You must grant the following permissions to the RAM user:

    • AliyunSTSAssumeRoleAccess: the permission to call the AssumeRole operation of Security Token Service (STS)
    • AliyunResourceDirectoryFullAccess: the permission to manage a resource directory
    Note If you want to use Alice as an administrator, you can grant the AdministratorAccess permission to Alice.
  3. Log on to the Resource Management console as the RAM user Alice.
  4. In the left-side navigation pane, choose Resource Directory > Overview.
  5. In the navigation tree of the Resource Directory page, find the folder to which the member account you want to access belongs and click the folder name.
  6. In the Actions column that corresponds to the member account, click Logon Account.

    Then, you can use the RAM user Alice to assume the RAM role ResourceDirectoryAccountAccessRole of the member account and perform the operations that are defined for the RAM role.

Use a RAM user to access a member account

You can create a RAM user for a member account. Then, you can use this RAM user to log on to the Alibaba Cloud Management Console and access the member account.

  1. Create a RAM user Tom for a member account. For more information, see Create a RAM user.
  2. Authorize the RAM user Tom. For more information, see Grant permissions to a RAM user.
    If you want to access all the resources of a member account, grant the AdministratorAccess permission to the RAM user Tom. In other cases, grant permissions to the RAM user Tom based on your business requirements.
  3. Use the RAM user Tom to log on to the Alibaba Cloud Management Console. For more information, see Log on to the console as a RAM user.

Use the root user to access a member account

You can use the root user to log on to the Alibaba Cloud Management Console and access the member account.

Note For security purposes, we recommend that you do not use the root user to access member accounts.
  1. Log on to the Alibaba Cloud Management Console.
    Note If you have logged on to the Alibaba Cloud Management Console by using another account, log off the console first.
  2. Enter the username and password of your account.
    Note
    • If this account is a new Alibaba Cloud account, you must click Forgot Password? and reset the password.
    • If this account is an invited Alibaba Cloud account, directly enter the username and password.
  3. Click Sign In.