This topic uses an example policy to demonstrate how to authorize a RAM user to manage AccessKey pairs.

The following policy indicates that the authorized RAM user (alice) can create, delete, and update AccessKey pairs.

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
      "ram:CreateAccessKey",
      "ram:ListAccessKeys",
      "ram:UpdateAccessKey",
      "ram:DeleteAccessKey"
      ],
      "Resource": "acs:ram:*:*:user/alice",
      "Effect": "Allow"
    }
  ]
}
Note For information about how to authorize a RAM user to manage AccessKey pairs through the RAM console, see Set a security policy for RAM users.