This topic describes how to set security policies for RAM users of your Alibaba Cloud account to better manage RAM user permissions.

Procedure

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click Settings under Identities.
  3. On the Security Settings tab, click Update RAM User Security Settings. In the dialog box that appears, configure the following parameters:
    • Save MFA Logon Status for 7 Days: specifies whether to allow RAM users to keep the multi-factor authentication (MFA) devices logged on for seven days. By default, this parameter is set to Not Allowed.
    • Manage Passwords: specifies whether to allow RAM users to change their passwords.
    • Manage AccessKey: specifies whether to allow RAM users to change their AccessKey pairs.
    • Manage MFA Devices: specifies whether to allow RAM users to enable and disable MFA devices.
    • Logon Session Valid For: specifies the validity period of a logon session. The validity period is measured in hours.
    • Logon Address Mask: specifies the IP addresses that can be used for password logon or single sign-on (SSO). By default, this parameter is unspecified, which indicates that logon from all IP addresses is allowed. If you use the password or SSO to log on to the Alibaba Cloud console, you can initiate access requests only from the IP addresses that are specified by the subnet masks. However, you can use AccessKey pairs to call API operations to access Alibaba Cloud resources from all IP addresses regardless of the subnet mask setting.
  4. Click OK.
    Note The settings apply to all the RAM users of your Alibaba Cloud account.