Create a RAM user

Last Updated: Oct 16, 2017

Before you create a RAM user, ensure that you have finished setting up RAM. This document describes how to create a RAM user, and a password or an AccessKey for the user according to access requirements. In addition, you can enable MFA devices for your RAM users.

Create a RAM user

The procedure is as follows.

  1. Log on to the RAM console.

  2. From the left-side navigation pane, click Users.

  3. On the User Management page, click Create User.

  4. On the Create User page, enter a user name (the display name and description are optional) and then click OK.

Create a logon password

To allow a RAM user access to the management console, you create a logon password for the user. The procedure is as follows.

  1. Log on to the RAM console.

  2. From the left-side navigation pane, click Users.

  3. On the User Management page, locate your user (searching by user name is available) and click the user name or the corresponding Manage in the Actions column.

  4. On the User Details page, click Enable Console Logon and set an initial password for the selected user in the dialog box.

    You can also specify that the user must change this password at next logon.

Create an AccessKey

To allow a RAM user to make API requests, you create an AccessKey for the user. The procedure is as follows.

  1. Log on to the RAM console.

  2. From the left-side navigation pane, click Users.

  3. On the User Management page, locate your user (searching by user name is available) and click the user name or the corresponding Manage in the Actions column.

  4. On the User Details page, click Create Access Key.

  5. In the dialog box, click Save Access Key Information to save the AccessKey.

    Note:

    • An AccessKeySecret can only be viewed or downloaded during the AccessKey creation process. For security reasons, you cannot view or download it once the AccessKey has been created.
    • If an AccessKey is lost, you must create a new one. The newly created AccessKey represents the same user identity as the old one. Different AccessKeys for the same RAM user are equivalent.
    • We recommend that you regularly change application AccessKeys to avoid any risk of AccessKey disclosure.

Enable a MFA device

You can enable virtual MFA devices for the created RAM user. The procedure is as follows.

  1. Log on to the RAM console.

  2. From the left-side navigation pane, click Users.

  3. On the User Management page, locate your user (searching by user name is available) and click the user name or the corresponding Manage in the Actions column.

  4. On the User Details page, click Enable VMFA Device.

    Note: Ensure that you have installed an MFA application (for example, Google Authenticator) on a smart device (a smart phone is optimal) before proceeding with the following operation.

  5. On the Enable virtual MFA device page, do one of the followings to associate your MFA application with the RAM user:

    • Scan the generated QR code with the MFA application on your smart phone.
    • Manually enter the information under Manual information retrieval in the MFA application.

    After the association is established, the RAM user account is added into the MFA application and is provided with a dynamic security code (Time-based One-Time Password, TOTP) every 30 seconds.

  6. Enter two successive security codes you obtained from the MFA application into the First security code and Second security code boxes, and click Enable.

Next

After a RAM user is created, you can grant necessary access permissions to the user. For detailed information, see Attach policies to a RAM user.

Thank you! We've received your feedback.