This topic describes some of the common application scenarios of Resource Access Management (RAM).
|User management and access control||Enterprise A has bought several types of Alibaba Cloud resources, such as ECS instances, RDS instances, SLB instances, and OSS buckets for a project. During this project, many employees need to perform operations on these cloud resources, but different employees require different permissions to complete different operations.|
|Temporary authorization for mobile apps||Enterprise A has developed a mobile app, which runs on users' own devices. Enterprise A cannot manage these devices directly and wants to use Alibaba Cloud OSS so that the app can upload data to and download data from OSS.|
|Cross-account resource authorization and access||Account A and Account B are Alibaba Cloud accounts of two different enterprises (Enterprise A and Enterprise B, respectively). Enterprise A has bought various cloud resources (such as ECS instances, RDS instances, SLB instances, and OSS buckets) to support its business. Account A is the resource owner and wants to grant Account B the relevant permissions to perform operations on resources of Account A.|
|Dynamic identity and permission management of cloud applications||An enterprise has bought ECS instances and wants to deploy its applications in ECS. The enterprise wants to allow the applications to access other Alibaba Cloud APIs by using AccessKeys.|
|Externally authorized account logon||Enterprise A has two departments that use Alibaba Cloud resources. Each department has its own Alibaba Cloud account (named A1 and A2). Enterprise A also has its own domain account system, namely Microsoft Active Directory (AD) and Active Directory Federation Services (AD FS).|