You can create RAM user accounts to manage users and their access to Aspara File Storage NAS resources.

Background information

You can create and manage multiple RAM user accounts with a single Alibaba Cloud account. You can grant different permissions for each RAM user account. This allows each RAM user account to have different access permissions on Alibaba Cloud resources. With RAM, you do not need to share an AccessKey with another account. You can assign minimal permissions to each user to reduce your data security risks.

Create a RAM user

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Users, and click Create User.
  3. Configure the user account information.
  4. Select Console Password Logon and Programmatic Access under Access Mode.
  5. Select Custom Logon Password under Console Password, enter a password, and select Required at Next Logon under Password Reset.
  6. Optional. Select Required to Enable MFA under Multi-factor Authentication and click OK.
  7. Save the new account, logon password, AccessKey ID, and AccessKey secret.
    Note We recommend that you save the AccessKey information in a timely manner and keep all details strictly confidential.

Create a user group

If you attempt to create multiple RAM user accounts, you can group RAM user accounts with identical responsibilities into the same group and authorize the group. This makes it easier to manage users and their permissions.

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Groups, and click Create Group.
  3. Enter a group name and display name, and click OK.

Grant permissions to a RAM user or group

By default, a new RAM user or group does not have any permissions. You need to grant permissions to the RAM user or group to ensure that the user or group can access resources by using the console or API operations. The following steps take a RAM user account as an example to grant permissions.

Alibaba Cloud provides two system polices for you to manage access to Aspara File Storage NAS resources. You can grant one of the following policies to a RAM user account as required.
  • AliyunNASFullAccess: This policy grants a RAM user account full access to Aspara File Storage NAS resources.
  • AliyunNASReadOnlyAccess: This policy grants a RAM user account read-only access to Aspara File Storage NAS resources.
Note If these two system policies cannot meet your business requirements, you can create custom policies. For more information, see Create a custom policy.
  1. On the Users page, select a RAM user account to be authorized, and click Add Permissions.
  2. In the Add Permissions dialog box, select the required NAS permission and grant the permission to the RAM user account.
    Authorize a RAM user account