This topic describes how to create and authorize a Resource Access Management (RAM) user. You can use your Alibaba Cloud account to access your PolarDB resources. If you want to share the resources under your Alibaba Cloud account with other users, you must create and authorize RAM users. After the authorization, the RAM users can access the specified resources.

Prerequisites

Log on to the Alibaba Cloud Management Console by using an Alibaba Cloud account or as a RAM user.

Create a RAM user

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. Click Create User.
    Note To create multiple RAM users at a time, click Add User.
  4. Specify the Logon Name and Display Name parameters.
  5. Under Access Mode, select Console Password Logon.
  6. Under Console Password Logon, select Automatically Generate Default Password or Custom Logon Password.
  7. Under Password Reset, select Required at Next Logon or Not Required.
  8. Under Multi-factor Authentication, select Not Required.
  9. Click OK.

Grant permissions to a RAM user on the Grants page

  1. In the left-side navigation pane, click Grants under Permissions.
  2. Click Grant Permission.
  3. Under Principal, enter the username, and click the target RAM user.
  4. In the Authorization Policy Name column on the left side of the Add Permissions panel, click the policies that you want to attach to the RAM user.

    The following table describes the policies that you can attach to the RAM user.

    Policy Description
    AliyunPolarDBReadOnlyAccess Provides read-only access to PolarDB.
    AliyunPolarDBFullAccess Provides full access to PolarDB.
    Note To remove a selected policy, click the Icon icon for the policy in the Selected section on the right side of the Add Permissions panel.
  5. Click OK.
  6. Click Finished.

Grant permissions to a RAM user on the Users page

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, find the target RAM user.
  3. Click Add Permissions. On the page that appears, the principal is automatically filled in.
  4. In the Authorization Policy Name column on the left side of the Add Permissions panel, click the policies that you want to attach to the RAM user.

    The following table describes the policies that you can attach to the RAM user.

    Policy Description
    AliyunPolardbReadOnlyAccess Provides read-only access to PolarDB.
    AliyunPolardbFullAccess Provides full access to PolarDB.
    Note To remove a selected policy, click the Icon icon for the policy in the Selected section on the right side of the Add Permissions panel.
  5. Click OK.
  6. Click Finished.

Log on as a RAM user

Prerequisites: The preceding authorization steps are completed.

You can log on as a RAM user by using the following Uniform Resource Locators (URLs):

  • Common logon address: RAM User Logon

    If you use the common logon address, you must manually enter the name of the RAM user and the enterprise alias. The format is RAM username@enterprise alias.

  • Dedicated logon address: You can view the logon address that is dedicated to the RAM user in the RAM console.

    ram

    If you use the dedicated logon address, the system automatically enters your enterprise alias. You need to enter only the name of the RAM user.

More actions

You can also add a RAM user to a group, assign roles to a RAM user, and authorize a user group or roles. For more information, see RAM User Guide.