All Products
Document Center

Configure RAM users for DAS console embedment

Last Updated: Jun 02, 2020

You can embed the DAS (formerly HDM) console to a user-created O&M platform in password-free access mode. Before you configure embedment, you must create a RAM user and grant permissions. This topic describes how to embed the DAS console.


  1. Log on to the RAM console.

  2. In the left-side navigation pane, click RAM Roles.

  3. Click Create RAM Role. In the Trusted entity type step, select Alibaba Cloud Account and then click Next.Alibaba Cloud account

  4. In the Create RAM Role > Configure Role step, configure the parameters and then click OK.

    RAM Role Name The name of the RAM role. The name must be 1 to 64 characters in length and can contain letters, digits, and hyphens (-). For this example, it is ram-for-das.
    Optional. The description for the RAM role.
    Select Trusted Alibaba Cloud Account Select Current Alibaba Cloud Account.
  5. After the role has been created, click Add Permissions to RAM Role in the Actions column.

  6. In the Add Permissions dialog box that appears, configure the parameters.admin

    1. Set Select Policy to System Policy.

    2. In the System Policy field, enter AliyunHDMReadOnlyAccess.

    3. Click AliyunHDMReadOnlyAccess to add it to the Selected section on the right. Click OK.

  7. After you grant permissions to the RAM user to access DAS, you must create a RAM user to call the AssumeRole operation. See Create a RAM user.

    In the Access Mode section, select Programmatic Access for the RAM user to call the AssumeRole operation.

  8. After you create a RAM user, you must grant the AliyunSTSAssumeRoleAccess policy to the RAM user. For more information, see Grant permissions to a RAM user.AliyunSTSAssumeRoleAccess

  9. After you grant permissions to the RAM user, you can embed the DAS console to a user-created O&M platform. See Console sharing and embedment.