This topic describes some of the common application scenarios of Resource Access Management (RAM).

Application scenario Description
User management and access control Enterprise A has bought several types of Alibaba Cloud resources, such as ECS instances, RDS instances, SLB instances, and OSS buckets for a project. During this project, many employees need to perform operations on these cloud resources, but different employees require different permissions to complete different operations.
Temporary authorization for mobile apps Enterprise A has developed a mobile app, which runs on users' own devices. Enterprise A cannot manage these devices directly and wants to use Alibaba Cloud OSS so that the app can upload data to and download data from OSS.
Cross-account resource authorization and access Account A and Account B are Alibaba Cloud accounts of two different enterprises (Enterprise A and Enterprise B, respectively). Enterprise A has bought various cloud resources (such as ECS instances, RDS instances, SLB instances, and OSS buckets) to support its business. Account A is the resource owner and wants to grant Account B the relevant permissions to perform operations on resources of Account A.
Dynamic identity and permission management of cloud applications An enterprise has bought ECS instances and wants to deploy its applications in ECS. The enterprise wants to allow the applications to access other Alibaba Cloud APIs by using AccessKeys.
Externally authorized account logon Enterprise A has two departments that use Alibaba Cloud resources. Each department has its own Alibaba Cloud account (named A1 and A2). Enterprise A also has its own domain account system, namely Microsoft Active Directory (AD) and Active Directory Federation Services (AD FS).