You can grant permissions to a RAM role that you have created for a trusted Alibaba Cloud account, Alibaba Cloud service, or identity provider (IdP). This topic describes how to grant permissions to a RAM role.

Note You cannot grant permissions to a service linked role because the policy that is attached to the role is predefined by the linked cloud service. For more information about service linked roles, see Service linked roles.

Method 1

You can grant permissions to a RAM role by clicking Add Permissions on the RAM Roles page.

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click RAM Roles.
  3. On the RAM Roles page, find the RAM role in the RAM Role Name column.
  4. In the Actions column, click Add Permissions. In the Add Permissions pane, the Principal field is automatically provided.
  5. In the Authorization Policy Name column, click the policies that you want to attach to the RAM role.
    Note In the Selected section, you can click the cross sign ( ×) next to a policy to remove the policy.
  6. Click OK.
  7. Click Complete.

Method 2

You can grant permissions to a RAM role by clicking Input and Attach on the RAM Roles page.

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click RAM Roles.
  3. On the RAM Roles page, find the RAM role in the RAM Role Name column.
  4. In the Actions column, click Input and Attach.
  5. In the Add Permissions pane, select System Policy or Custom Policy for the Type parameter.
  6. Enter a policy name.
  7. Click OK.
  8. Click Close.

Method 3

You can grant permissions to a RAM role on the Grants page.

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click Grants under Permissions.
  3. On the Grants page, click Grant Permission.
  4. In the Add Permissions pane, enter a RAM role name in the Principle field, and then select the RAM role from the auto-complete results.
  5. In the Authorization Policy Name column, select the policies that you want to attach to the RAM role.
    Note In the Selected section, you can click the cross sign ( ×) next to a policy to remove the policy.
  6. Click OK.
  7. Click Complete.