:Authorize RAM users to access resources

Prerequisites

A RAM user is created. For more information about how to create a RAM user, see Create a RAM user.

Procedure

1. Log on to the RAM console by using an Alibaba Cloud account or a RAM user that has administrative rights.

2. In the left-side navigation pane, choose Identities > Users.

3. On the Users page, find the required RAM user and click Add Permissions in the Actions column.

4. In the Add Permissions panel, grant permissions to the RAM user.

   1. Select the authorization scope.

      • Alibaba Cloud Account: The authorization takes effect on the current Alibaba Cloud account.

      • Specific Resource Group: The authorization takes effect on a specific resource group.

        Note

        If you select Specific Resource Group for Authorized Scope, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group.

   2. Specify the principal.

      The principal is the RAM user to which you want to grant permissions.

   3. Select policies.

      RAM supports the following types of policies: system policies and custom policies. You can choose policies based on your business requirements.

      Note

      You can attach a maximum of five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.

5. Click OK.

6. Click Complete.

References

• For information about API operations supported by ApsaraDB for ClickHouse, see List of operations by function.

• For information about the basic elements of a policy, see Policy elements.