Cloud Shell:Authorize RAM users

Procedure

1. Log on to the RAM console by using your Alibaba Cloud account.

2. In the left-side navigation pane, choose IdentitiesUsers.

3. On the Users page, find the RAM user which you want to authorize, and click Add Permissions in the Actions column.

4. In the Add Permissions panel, grant permissions to the RAM user.

   1. Select the authorization scope.

      • Alibaba Cloud Account: The authorization takes effect on the current Alibaba Cloud account.

      • Specific Resource Group: The authorization takes effect in a specific resource group.

        Note

        If you select Specific Resource Group for Authorized Scope, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group.

   2. Specify the principal.

      The principal is the RAM user to which you want to grant permissions. By default, the current RAM user is specified. You can also specify another RAM user.

   3. Select policies.

      Note

      You can attach a maximum of five policies to a RAM user at a time. If you need to attach more than five policies to a RAM user, perform the operation multiple times.

5. Click OK.

6. Click Complete.

Custom policies

The system policy provided by Cloud Shell is a coarse-grained policy. To achieve fine-grained access control, you can create custom policies.

Before you create custom policies, you must familiarize yourself with the basic structure and syntax of the policies. For more information, see Policy structure and syntax.