Resource Access Management (RAM) allows you to create and manage RAM users, such as individuals, systems, and applications. You can manage RAM user permissions to control access to Alibaba Cloud resources. RAM is suitable for scenarios in which multiple users in an enterprise must collaboratively manage cloud resources. RAM allows you to grant permissions to RAM users based on the principle of least privilege. This way, you do not need to share the AccessKey pair of your Alibaba Cloud account. This minimizes security risks. This topic describes how to use RAM in Security Center.
If multiple users in your enterprise collaboratively use cloud resources, grant the users only the required permissions. This avoids threats that may be posed to your assets. We recommend that you follow the principle of least privilege when you grant permissions to the users and check the permissions at regular intervals in the RAM console.
All editions of Security Center support this feature. For more information about the features that each edition supports, see Features.
- Log on to the Security Center console.
- In the left-side navigation pane, click Settings.
- In the Access control section, view and perform operations on the permission policy management, user management, and role management features provided by RAM.
You can perform the following operations:
- Click Manage for Permission policy management to go to the RAM console. In the RAM console, manage all policies within your Alibaba Cloud account. For more information, see Policy management.
- Click Manage for User Management to go to the RAM console. In the RAM console, manage all RAM users within your Alibaba Cloud account. For more information, see RAM user management.
- Click Manage for Role Management to go to the RAM console. In the RAM console, manage all RAM roles within your Alibaba Cloud account. For more information, see RAM role management.