This topic describes the differences between ordinary accounts, member accounts, and management accounts.

The following table describes the differences between ordinary accounts, member accounts, and management accounts.
Item Ordinary account Member account Management account
Account attributes An ordinary account is an independent Alibaba Cloud account that is not included in a resource directory by a management account. A member account is an Alibaba Cloud account that is included in a resource directory by a management account. A management account is an Alibaba Cloud account that enables a resource directory and manages all member accounts.
Console pages On the Overview, Resources, Compliance Package, and Rules pages, you can view the resources, compliance packages, and rules within the current account by default. On the Overview, Resources, Compliance Package, and Rules pages, you can view the Current Account tab and the tab of the account group to which the current account belongs. On the Overview, Resources, Compliance Package, and Rules pages, you can view the Current Account tab and the tabs of all the account groups.
Resources You can view the resources within the current account, and the configuration timeline and compliance timeline of each resource. You can view only the resources within the current account, and the configuration timeline and compliance timeline of each resource. You can view the resources within the current account and the member accounts in all account groups, and the configuration timeline and compliance timeline of each resource.
Compliance packages You can create, modify, delete, or view the compliance packages within the current account. You can also download compliance evaluation reports. If a member account is added to an account group, the Current Account tab and the tab of the account group to which the member account belongs are displayed.
  • On the Current Account tab, you can create, modify, delete, or view the compliance packages within the current account. You can also download compliance evaluation reports. The compliance packages take effect only on the current member account.
  • The compliance packages created by the management account in the account group take effect on the current member account. On the tab of the account group to which the member account belongs, you cannot perform operations on the compliance packages. You can only view compliance packages or compliance evaluation results.
You can create, modify, delete, or view compliance packages within the current account and the member accounts in all account groups. You can also download compliance evaluation reports.
Rules You can create, modify, delete, enable, disable, or view rules. You can also download compliance evaluation reports. If a member account is added to an account group, the Current Account tab and the tab of the account group to which the member account belongs are displayed.
  • On the Current Account tab, you can create, modify, delete, enable, disable, or view rules. You can also download compliance evaluation reports. The rules take effect only on the current member account.
  • The rules created by the management account in the account group take effect on the current member account. On the tab of the account group to which the member account belongs, you cannot perform operations on the rules. You can only view rules or compliance evaluation results.
You can create, modify, delete, enable, disable, or view rules within the current account and the member accounts in all account groups. You can also download compliance evaluation reports.
Account groups You cannot create, modify, delete, or view account groups. You cannot create, modify, delete, or view account groups. This type of account exists only as a member account in an account group. You can create, modify, delete, or view account groups.
Service-linked role for Cloud Config When you grant permissions on Cloud Config, a service-linked role for Cloud Config is automatically created. If no member accounts have created a service-linked role for Cloud Config, a service-linked role is automatically created when the management account creates an account group. All the member accounts in the account group can use the service-linked role. When you grant permissions on Cloud Config, a service-linked role for Cloud Config is automatically created.
Delivery methods of resource data and notification methods of resource events You can customize the delivery methods of resource data and notification methods of resource events for the current account. You cannot modify the delivery methods of resource data and notification methods of resource events for the current account. You must follow the configurations of the management account. You can customize the delivery methods of resource data and notification methods of resource events for the management account and the member accounts in all account groups.