This topic describes basic terms related to ActionTrail to help you better understand and use this service.

Term Description
Alibaba Cloud account The account that has permission to do anything and everything with all the Alibaba Cloud account resources. An Alibaba Cloud account is recorded as root-account in an ActionTrail event log.
RAM user A person or an application under an Alibaba Cloud account. A Resource Access Management (RAM) user is recorded as ram-user in an ActionTrail event log.
Master account

A master account is the account used to enable a resource directory and is the super administrator of the resource directory. The master account has administrative permissions on the resource directory and the member accounts in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as a master account. Each resource directory has only one master account.

Member account

A member account is an Alibaba Cloud account. It serves as a container for resources and is also an organizational unit in a resource directory. A member account indicates a project or application. The resources under different member accounts are isolated.

An account that a master account invites to join a resource directory or creates in a resource directory.

Event A log that is generated when you use the consoles of Alibaba Cloud services, API operations, or developer tools to access and manage cloud services. An event logs information about an operation, including operation time, username, resources, operation type, operation result, and source IP address.
Global service A service that applies to all regions of Alibaba Cloud, for example, RAM. For global services, events are delivered to any trail that includes global services.
Global event An event of a global service. On the History Search page in the ActionTrail console, you can select a region to view all the global events in the region. After you create a trail to deliver events to the specified Object Storage Service (OSS) bucket, global events are logged in the same directory as the events that occur in the home region of the trail.
Trail The configuration that enables delivery of events to the specified OSS bucket or Log Service Logstore for further analysis and archive. Based on the creator and applicable scope, trails are classified into single-account trails and multi-account trails.
Single-account trail A type of trail that you create in the ActionTrail console by using an Alibaba Cloud account to track and record the events of the current account.
Multi-account trail A type of trail that you create in the ActionTrail console by using a master account to track and record the events of all member accounts. A multi-account trail can deliver the events of all member accounts in a resource directory to the specified OSS bucket or Log Service Logstore.
Home region A place where a trail is created.
Shadow trail A type of trail that ActionTrail automatically creates by replicating the configuration of the trail that you create to track events in multiple regions simultaneously. ActionTrail creates a shadow trail in each of the regions to track and record the events in these regions. Shadow trails can only be viewed but cannot be managed.