You can use a RAM role, a RAM user, or the root user to access a member account. For
security purposes, we recommend that you use a RAM role or RAM user for access.
Use a RAM role to access a member account
The system automatically creates a RAM role named ResourceDirectoryAccountAccessRole
for each member account in a resource directory. The trusted entity of the role is
the master account of the resource directory. You can use the master account or a
RAM user of the master account to assume the role of a member account and access the
member account.
- Create a RAM user Alice by using the master account. For more information, see Create a RAM user.
- Authorize the RAM user Alice. For more information, see Grant permissions to a RAM user.
You must grant the following permissions to the RAM user:
- AliyunSTSAssumeRoleAccess: the permission to call the AssumeRole operation of Security
Token Service (STS)
- AliyunResourceDirectoryFullAccess: the permission to manage a resource directory
Note If you want to use Alice as an administrator, you can grant the AdministratorAccess
permission to Alice.
- Log on to the Resource Management console as the RAM user Alice.
- In the left-side navigation pane, choose .
- In the navigation tree of the Resource Directory page, find the folder to which the member account you want to access belongs and
click the folder name.
- In the Actions column that corresponds to the member account, click Logon Account.
Then, you can use the RAM user Alice to assume the RAM role ResourceDirectoryAccountAccessRole
of the member account and perform the operations that are defined for the RAM role.
Use a RAM user to access a member account
You can create a RAM user for a member account. Then, you can use this RAM user to
log on to the Alibaba Cloud Management Console and access the member account.
- Create a RAM user Tom for a member account. For more information, see Create a RAM user.
- Authorize the RAM user Tom. For more information, see Grant permissions to a RAM user.
If you want to access all the resources of a member account, grant the AdministratorAccess
permission to the RAM user Tom. In other cases, grant permissions to the RAM user
Tom based on your business requirements.
- Use the RAM user Tom to log on to the Alibaba Cloud Management Console. For more information,
see Log on to the console as a RAM user.
Use the root user to access a member account
You can use the root user to log on to the Alibaba Cloud Management Console and access
the member account.
Note For security purposes, we recommend that you do not use the root user to access member
accounts.
- Log on to the Alibaba Cloud Management Console.
Note If you have logged on to the Alibaba Cloud Management Console by using another account,
log off the console first.
- Enter the username and password of your account.
Note
- If this account is a new Alibaba Cloud account, you must click Forgot Password? and reset the password.
- If this account is an invited Alibaba Cloud account, directly enter the username and
password.
- Click Sign In.