If you want to allow some users to use MaxCompute, you must create RAM users and grant them the permissions to create MaxCompute projects. This topic describes how to create RAM users.

Create RAM users

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, click Users under Identities.
  3. Click Create User.
    Note To create multiple RAM users at a time, click Add User.
  4. Specify the Logon Name and Display Name parameters.
  5. Under Access Mode, select Console Password Logon.
  6. Click OK.
Notice After you create a RAM user, take note of the logon username and password of the RAM user and send them to a user who needs to use MaxCompute.

Create AccessKey pairs for RAM users

To ensure that jobs can run in DataWorks, you must use your Alibaba Cloud account to create AccessKey pairs for RAM users.

If you have authorized a RAM user under your Alibaba Cloud account to manage their own AccessKey pairs, the RAM user can create an AccessKey pair in the RAM console.

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, click the username of the target RAM user.
  3. In the User AccessKey Pairs section, click Create AccessKey.
    Note You must enter a verification code if you are creating an AccessKey pair for the first time.
  4. Click OK.
    Note
    • The AccessKey Secret is displayed only once when you first create it. You cannot retrieve the AccessKey Secret if you forget it. We recommend that you save the AccessKey Secret for subsequent use.
    • If the AccessKey pair is disclosed or lost, you must create a new one. Currently, you can create a maximum of two AccessKey pairs.

Authorize RAM users to create MaxCompute projects

RAM users can create MaxCompute projects only after you use your Alibaba Cloud account to grant them the AliyunDataWorksFullAccess permission.

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, find the target RAM user.
  3. Click Add Permissions. On the page that appears, the principal is automatically filled in.
  4. In the Policy Name column, select the target policies by clicking the corresponding rows.
    Note You can click X in the section on the right side of the page to delete the selected policy.
  5. Click OK.
  6. Click Finished.

Assign the credentials of RAM users

Note
  • The RAM users under your Alibaba Cloud account do not own resources and are not independently charged.
  • All the fees generated by the RAM users when they use Alibaba Cloud services must be paid by your Alibaba Cloud account.
  • You must use your Alibaba Cloud account to check the RAM user logon link, as well as the default domain name or domain alias of your Alibaba Cloud account. Then, send them to the users who need to use MaxCompute as RAM users.
To allow a user to use MaxCompute as a RAM user, you must provide the following information for the user:
  • RAM user logon link

    Log on to the RAM console by using your Alibaba Cloud account. In the upper-right corner of the Overview page, copy the RAM user logon link.

  • Default domain name or domain alias of your Alibaba Cloud account

    Log on to the RAM console by using your Alibaba Cloud account. In the left-side navigation pane, click Settings. On the Settings page, click the Advanced tab. View the default domain name and the domain alias.

  • Username and password of the RAM user
  • AccessKey ID and AccessKey secret of the RAM user
You must also make sure that:
  • You have authorized the RAM user to log on to the DataWorks console.
  • You have authorized the RAM user to manage their own AccessKey pair. For more information, see Set security policies for RAM users.

What to do next

After you prepare RAM users, activate MaxCompute. For more information, see Activate MaxCompute.