If you need to share the data of a Table Store instance under your Alibaba Cloud account to others but do not want the data to be modified, you can create a RAM user account and grant the read-only permission to the account. This example describes how to separate read and write permissions by granting the permissions to different RAM user accounts.

Create a RAM user account

  1. Log on to the RAM console with an Alibaba Cloud account.
  2. In the left-side navigation pane, click Users to go to the User Management page.
  3. In the upper-right corner of the page, click Create User to open the Create User dialog box.
  4. Specify the required information, and select Automatically generate an Access key for this user. Click OK.
    Note For this example, username ram_test is used.
  5. After you create a RAM user account, an AccessKey pair is generated for the account. Click Save Access Key Information.
    Note After an AccessKey pair is generated, you cannot view the AccessKey pair in the console. You must save your AccessKey pair and keep it confidential.
Note On the User Details page, you can also select Enable Console Logon for the RAM user account.

Grant permissions to a RAM user account

  1. On the User Management page, click ram_test to go to the User Details page of the RAM user account.
  2. In the left-side navigation pane, click User Authorization Policies.
  3. In the upper-right corner of the page, click Edit Authorization Policy.
  4. In the dialog box that appears, search for Table Store permissions. The corresponding permissions are displayed on the left side of the dialog box.
  5. Select permissions. Click > to add the permissions to the right section of the dialog box. Click OK.
    Note For this example, grant AliyunOTS ReadOnlyAccess (read-only permission on Table Store) to ram_test.
Note On the User Details page, you can also select Enable Console Logon for the RAM user account.

Test example

Use the AccessKey pair of the created RAM user account to test whether the account has the permissions to create and delete tables. You must replace the AccessKey pair used in the following example with your own AccessKey pair.
$python ots_console --url https://TableStoreTest.cn-hangzhou.ots.aliyuncs.com --id <yourAccessKeyId> --key <yourAccessKeySecret>

$OTS-TableStoreTest>: ct test pk1:string,pk2:integer readrt:1 writert:1
Fail to create table test.

$OTS-TableStoreTest>: dt test
You will delete the table:test!

press Y (confirm) :Y
Fail to delete table test.
				

The RAM user account ram_test cannot create or delete tables because it has only been granted read permissions. You can follow the preceding steps to create a RAM user account with the read-only permission for your Alibaba Cloud account.