Resource Access Management (RAM) is a permission management system provided by Alibaba Cloud. You can use RAM to create RAM users within the scope of permissions under an Alibaba Cloud account. You can also grant different permissions to different RAM users to allow or reject their access to cloud resources.
Background information
- RAM users are secondary accounts that are created for a specific function. These accounts cannot retain or own resources. All resources belong only to Alibaba Cloud accounts.
- If you use a RAM user to create an AnalyticDB for MySQL cluster, you can only use the RAM user and the corresponding Alibaba Cloud account to access the cluster. If you want other RAM users to access this cluster, you must grant them the required permissions.
Scenarios
If you use an Alibaba Cloud account to create an AnalyticDB for MySQL cluster, the AccessKey pair of your Alibaba Cloud account can only be shared by users in your organization. However, this may cause the following problems:
- If your AccessKey pair is shared by multiple users, the risk of leaks is high.
- You cannot control the operations that specific users can perform on the cluster. For example, they may scale out or restart the cluster.
To avoid the preceding problems, you can create RAM users and grant only specific permissions to each RAM user. Then, users in your organization can access or manage your AnalyticDB for MySQL cluster as RAM users.
Solution
To allow RAM users to access or manage your AnalyticDB for MySQL cluster, you must complete the following steps:
Step 1. Create a RAM user
Step 2. Grant permissions to the RAM user
More actions
You can revoke permissions from a RAM user when the RAM user no longer requires these permissions or when the user leaves your organization. For more information, see Remove permissions from a RAM user and Delete a RAM user.