This topic describes how to create a Resource Access Management (RAM) user in the RAM console and how to manage user groups.


  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, click Create User.
  4. On the Create User page, enter a logon name and a display name for the RAM user in the Logon Name and Display Name fields.
    Note You can click Add User to create multiple RAM users at a time.
  5. In the Access Mode section, select an access mode and click OK.
    • Console Password Logon: If you select this access mode, you must complete the logon security settings. These settings include whether to use the default or custom logon password, whether to reset the password at the next logon, and whether to enable multi-factor authentication (MFA).
      Note If you select Custom Logon Password in the Console Password section, you must specify a password. The password must meet the strength requirements that you have specified on the Identities > Settings page. For more information, see Set a password policy for RAM users.
    • Programmatic Access: If you select this access mode, an AccessKey pair is automatically created for the RAM user. The RAM user can call API operations or use the SDK to access Alibaba Cloud resources.
    Note To ensure the security of your Alibaba Cloud account, we recommend that you select only one access mode for the RAM user. This prevents the RAM user from using an AccessKey pair to access Alibaba Cloud resources after the RAM user leaves the organization.

What to do next

After the RAM user is created, you can perform the following operations: