This topic describes basic terms related to ActionTrail to help you better understand and use this service.
|Alibaba Cloud account||The account that has permission to do anything and everything with all the Alibaba
Cloud account resources. An Alibaba Cloud account is recorded as
|RAM user||A person or an application under an Alibaba Cloud account. A RAM user is recorded
A master account is the account used to enable a resource directory and is the super administrator of the resource directory. The master account has administrative permissions on the resource directory and the member accounts in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as a master account. Each resource directory has only one master account.
A member account is an Alibaba Cloud account. It serves as a container for resources and is also an organizational unit in a resource directory. A member account indicates a project or application. The resources under different member accounts are isolated.
An account that a master account invites to join a resource directory or creates in a resource directory.
|Event||A log that is generated when you use the Alibaba Cloud console, API operations, or developer tools to access and manage cloud services. An event logs information about an operation, including operation time, username, resources, operation type, operation result, and source IP address.|
|Global service||A service that applies to all regions of Alibaba Cloud, for example, Resource Access Management (RAM). For global services, events are delivered to any trail that includes global services.|
|Global event||An event of a global service. On the History Search page in the ActionTrail console, you can select a region to view all the global events in the region. After you create a trail to deliver events to the specified Object Storage Service (OSS) bucket, global events are logged in the same directory as the events that occur in the home region of the trail.|
|Trail||The configuration that enables delivery of events to the specified OSS bucket or Log Service Logstore for further analysis and archive. Based on the creator and applicable scope, trails are classified into single-account trails and multi-account trails.|
|Single-account trail||A type of trail that you create in the ActionTrail console by using an Alibaba Cloud account to track and record the operations logs of the current account.|
|Multi-account trail||A type of trail that you create in the ActionTrail console by using a master account to track and record the operations logs of all member accounts. A multi-account trail can deliver the operations logs of all member accounts in a resource directory to the specified OSS bucket or Log Service Logstore.|
|Region||A place where a trail is created.|
|Shadow trail||A type of trail that ActionTrail automatically creates by replicating the configuration of the trail that you create to track events in multiple regions simultaneously. ActionTrail creates a shadow trail in each of the regions to track and record the operations logs in these regions. Shadow trails can only be viewed but cannot be managed.|