All Products
Search
Document Center

The Beginner's Guide:Create a RAM user and grant permissions to the RAM user

Last Updated:Jun 28, 2023

To ensure the security of your Alibaba Cloud account, we recommend that you create a Resource Access Management (RAM) user and grant the RAM user the permissions to manage all resources within your Alibaba Cloud account after you complete the basic settings for your Alibaba Cloud account.

Context

An Alibaba Cloud account is similar to the root user of the Linux operating system. An Alibaba Cloud account can manage all the resources within the account. If you use your Alibaba Cloud account to perform daily operations, misoperations and account theft may occur, which may cause data leaks or loss. Therefore, we recommend that you use a RAM user that has administrative rights instead of your Alibaba Cloud account when you perform daily operations. The RAM user is referred to as an administrator in the following topics. For more information about RAM users, see Overview of RAM users.

Step 1: Create an administrator

  1. Log on to the RAM console by using your Alibaba Cloud account.

  2. In the left-side navigation pane, choose Identities > Users.

  3. On the Users page, click Create User.

  4. On the Create User page, enter admin in Logon Name and administrator in Display Name.

  5. In the Access Mode section, select Console Access or OpenAPI Access.

    Note

    If you want to perform daily operations by using the Alibaba Cloud Management Console, select Console Access. If you want to perform daily operations by calling operations, select OpenAPI Access.

    • If you select Console Access, perform the following steps:

      1. In the Console Password section, select Custom Logon Password and specify a password that meets the password complexity requirements. We recommend that you specify a password that is easy to remember.

      2. In the Password Reset section, select Not Required.

      3. In the Multi-factor Authentication section, select Not Required.

      4. Click OK.

    • If you select OpenAPI Access, click OK. The system creates an AccessKey pair for the administrator that you want to create.

    • On the Create User page, click Download CSV File to download the logon information about the administrator to your computer.

Important

Make sure that you save the password or AccessKey pair to your computer at the earliest opportunity. You cannot query the password and the AccessKey pair in subsequent operations.

Step 2: Grant permissions to the administrator

  1. In the left-side navigation pane, choose Identities > Users.

  2. Find the administrator that you created in Step 1 from the user list and click Add Permissions in the Actions column.

  3. In the Add Permissions panel, select the AdministratorAccess system policy, retain the default settings for other parameters, and then click OK.