This topic describes how to authorize a Resource Access Management (RAM) user to manage a resource group by using an example policy.

The following policy allows the authorized RAM user to create and delete resource groups in Resource Management. The policy also allows the authorized RAM user to view and modify the basic information about resource groups in Resource Management.

{
    "Statement": [{
        "Action": "ram:*ResourceGroup*",
        "Effect": "Allow",
        "Resource": "*"
    }],
    "Version": "1"
}
Note If you want to authorize a RAM user to perform more group-related operations, such as managing resources in a resource group, granting permissions to a resource group, or migrating resources across resource groups, you must attach other policies to the RAM user. For more information, see Resource Group.