You can use a RAM role, a RAM user, or the root user to access members. For security purposes, we recommend that you use a RAM role or RAM user to access members.

Use a RAM role to access a member

The system automatically creates a RAM role named ResourceDirectoryAccountAccessRole for each member in a resource directory. The trusted entity of the role is the management account of the resource directory. You can use the management account or a RAM user of the management account to assume the ResourceDirectoryAccountAccessRole role of a member and access the member.

  1. Create a RAM user by using the management account.
    In this example, the RAM user Alice is created. For more information, see Create a RAM user.
  2. Grant permissions to Alice.

    You must grant the following permissions to Alice:

    • AliyunSTSAssumeRoleAccess: the permission to call the AssumeRole operation of Security Token Service (STS)
    • AliyunResourceDirectoryFullAccess: the permission to manage a resource directory
    Note If you want to use Alice as an administrator, you can grant the AdministratorAccess permission to Alice.

    For more information about how to grant permissions to a RAM user, see Grant permissions to a RAM user.

  3. Use Alice to log on to the Resource Management console.
  4. In the left-side navigation pane, choose Resource Directory > Overview.
  5. Click the Organization or Members tab.
  6. Find the member that you want to access and click Logon Account in the Actions column.

    Then, you can use Alice to assume the RAM role ResourceDirectoryAccountAccessRole of the member and perform the operations that are defined for the RAM role.

Use a RAM user to access a member

You can create a RAM user for a member and use this RAM user to log on to the Alibaba Cloud Management Console and access the member.

  1. Use a RAM user that belongs to the management account to assume the related RAM role and access a member.
    For more information, see Use a RAM role to access a member.
  2. Create a RAM user for the member.
    In this example, the RAM user Tom is created. For more information, see Create a RAM user.
  3. Grant permissions to Tom.
    If you want to access all the resources of a member, grant the AdministratorAccess permission to Tom. In other cases, grant permissions to Tom based on your business requirements. For more information, see Grant permissions to a RAM user.
  4. Use Tom to log on to the Alibaba Cloud Management Console.
    For more information, see Log on to the console as a RAM user.

Use the root user to access a member

You can use the root user to log on to the Alibaba Cloud Management Console and access the member.

Note For security purposes, we recommend that you do not use the root user to access members.
  1. Log on to the Alibaba Cloud Management Console.
    Note If you have logged on to the Alibaba Cloud Management Console by using another account, log off from the console first.
  2. Enter the username and password of your account.
  3. Click Sign In.