The Resource Directory service allows you to manage the relationships among a number of accounts and resources.
Resource Directory allows you to quickly establish an organizational structure based on your business requirements and consolidate the accounts of your enterprise into this structure to form a hierarchy for the resources of your enterprise. This way, you can manage your accounts and resources in a centralized manner. Resource Directory can meet your management requirements in aspects such as network deployment, settlement, user permissions, security compliance, and log auditing. The following descriptions provide the use scenarios of Resource Directory:
- Business environment-based creation of organizational structures
Your enterprise may have various branches, departments, or projects. Resource Directory allows you to build an organizational structure on the cloud based on your business environment.
- Centralized management of all Alibaba Cloud accounts and resources
If your enterprise has multiple Alibaba Cloud accounts, you can enable a resource directory and place the accounts in it. This way, you can manage the accounts and the resources within them in a centralized manner.
- Centralized management of bills and invoices
You can create a member in your resource directory and use this member for the settlement of all bills and invoices. After an account joins your resource directory, you can change the payment account of the account to facilitate bill management.
- Implementation of permission and compliance requirements
You can set different resource access rules for different accounts and directory structures by using the permission policies of Resource Access Management (RAM) and the access control policies of Resource Directory. This enables the authorization and management channel between personnel and resources and ensures the security of the resources.
- Integration with a variety of enterprise-level Alibaba Cloud applications
Resource Directory is integrated with the Alibaba Cloud finance, compliance auditing, cloud security, and network platforms. This way, you can use the same organizational structure to manage all your enterprise accounts and resources.
A management account is an account that is used to enable a resource directory and is the super administrator of the resource directory. The management account has all administrative permissions on the resource directory and the members in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as a management account. Each resource directory has only one management account.
To ensure the security of the management account, we recommend that you create an Alibaba Cloud account and use this Alibaba Cloud account as the root user of the management account. Do not use an existing Alibaba Cloud account to enable a resource directory. In addition, you can create a RAM user for the management account, grant administrator permissions to the RAM user, and use this RAM user to manage the entire resource directory. Only the management account of a resource directory or a RAM user that has administrator permissions can be used to perform operations in the resource directory.
Note A management account does not belong to a resource directory and is not limited by the access control policies of a resource directory.
|Root folder||The Root folder is the parent folder of all the other folders in a resource directory. These folders are organized in a hierarchy that starts from the Root folder.|
|folder||A folder is an organizational unit in a resource directory. A folder may indicate a branch, line of business, or project of an enterprise. Each folder can contain members and subfolders, which forms a tree-shaped organizational structure.|
A member serves as a container for resources and is also an organizational unit in a resource directory. A member indicates a project or application. The resources of different members are isolated. You can use a management account to grant the required permissions to a RAM user or RAM role and use this RAM user or RAM role to log on to or access members.
The following types of members are supported:
|RDP||A resource directory path (RDP) indicates the location of a resource entity (folder
or member) in a resource directory. The RDP of a resource entity consists of the ID
of the resource entity, the IDs of all the parent folders of the resource entity,
and the ID of the resource directory to which the resource entity belongs. An RDP
is in one of the following formats:
- Log on to the Resource Management console by using an account that can be used as a management account.
- Enable a resource directory.
For more information, see Enable a resource directory.
- Create folders to build an organizational structure for your enterprise.
For more information, see Create a folder.
- Create members in the resource directory or invite existing Alibaba Cloud accounts
to join the resource directory. Then, move all members to the folders that you created
based on your business requirements.
For more information, see Create a member, Invite an Alibaba Cloud account to join a resource directory, and Move a member.
|Number of resource directories that you can create by using an Alibaba Cloud account||1||N/A||The members of a resource directory cannot be used to create resource directories.|
|Number of Root folders in a resource directory||1||N/A||None.|
|Number of folders in a resource directory||100||Apply for a quota.||The Root folder is not included.|
|Number of folder levels||5||N/A||The Root folder is not included.|
|Number of members in a resource directory||20||Apply for a quota.||None.|
|Number of valid invitations per day||20||Apply for a quota.||Accepted invitations are not included.|
|Duration of account creation confirmation||24 hours||N/A||None.|
|Duration of account upgrade confirmation||24 hours||N/A||None.|
|Duration of invitation expiration||14 days||N/A||None.|