The Resource Directory service allows you to manage the relationships among a number of accounts and resources.
Resource Directory allows you to quickly establish an organizational structure based on your business requirements. Then, you can consolidate the accounts of your enterprise into this structure to form a hierarchy for the resources of your enterprise. This way, you can manage your accounts and resources in a centralized manner. Resource Directory can meet your management requirements for network deployment, settlement, user permissions, security compliance, and log auditing. The following description provides the use scenarios of Resource Directory:
- Business environment-based creation of organizational structures
Your enterprise may have various branches, departments, or projects. Resource Directory allows you to build an organizational structure on the cloud based on your business environment.
- Centralized management of all Alibaba Cloud accounts and resources
If your enterprise has multiple Alibaba Cloud accounts, you can enable a resource directory and place the accounts in it. This way, you can manage the accounts and the resources within them in a centralized manner.
- Centralized management of bills and invoices
After your enterprise accounts are placed in a resource directory, you can use one or more of the accounts for payments to unify settlement. In addition, users that have the required permissions can manage the bills from all the accounts of your enterprise to meet financial management requirements.
- Implementation of permission and compliance requirements
You can set different resource access rules for different accounts and directory structures by using RAM permission policies and Resource Directory management policies. This enables the authorization and management channel between personnel and resources and ensures the security of the resources. Resource Directory management policies are in invitational preview.
- Integration with a variety of enterprise-level Alibaba Cloud applications
Resource Directory is integrated into the Alibaba Cloud finance, compliance auditing, cloud security, and network platforms. This way, you can use the same organizational structure to manage all your enterprise accounts and resources.
|enterprise management account||
An enterprise management account is an account that is used to enable a resource directory and is the super administrator of the resource directory. The enterprise management account has all administrative permissions on the resource directory and the member accounts in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as an enterprise management account. Each resource directory has only one enterprise management account.
To ensure the security of the enterprise management account, we recommend that you use a new Alibaba Cloud account as the enterprise management account. In addition, you can create a RAM user for the enterprise management account and grant administrator permissions to the RAM user. This way, you can use this RAM user to manage the entire resource directory. All the operations in a resource directory must be performed by using its enterprise management account or a RAM user that has the required permissions.
Note An enterprise management account does not belong to a resource directory and is not limited by the management policies of a resource directory.
|Root folder||The Root folder is the parent folder of all the other folders in a resource directory. These folders are organized in a hierarchy that starts from the Root folder.|
|folder||A folder is an organizational unit in a resource directory. A folder may indicate a branch, line of business, or project of an enterprise. Each folder can contain member accounts and subfolders, which forms a tree-shaped organizational structure.|
A member account serves as a container for resources and is also an organizational unit in a resource directory. A member account indicates a project or application. The resources of different member accounts are isolated. You can use an enterprise management account to authorize RAM users, user groups, or roles to access the resources of member accounts.
The following types of member accounts are supported:
|Number of resource directories that you can create by using an Alibaba Cloud account||1||N/A||The member accounts of a resource directory cannot be used to create resource directories.|
|Number of Root folders in a resource directory||1||N/A||None.|
|Number of folders in a resource directory||100||Apply for a quota.||The Root folder is not included.|
|Number of folder levels||5||N/A||The Root folder is not included.|
|Number of member accounts in a resource directory||20||Apply for a quota.||None.|
|Number of valid invitations per day||20||Apply for a quota.||Accepted invitations are not included.|
|Duration of account creation confirmation||24 hours||N/A||None.|
|Duration of account upgrade confirmation||24 hours||N/A||None.|
|Duration of invitation expiration||14 days||N/A||None.|