You can use RAM users to avoid security risks caused by AccessKey pair and password leaks. This topic describes how to create a RAM user and grant permissions to the user.


Resource Access Management (RAM) is activated.


  1. Log on to the RAM console.
  2. In the left-side navigation pane, click Users. On the Users page, click Create User.
  3. Select Programmatic Access and click OK.
    Create User
  4. Click Copy in the Actions column corresponding to the RAM user to save the user logon name, logon password, and AccessKey pair.
    Note We recommend that you keep the user information confidential for future access purposes.
  5. Go back to the Users page. The RAM user you created appears in the user list.
    When the RAM user is created, it does not have any permissions.
  6. Click Add Permissions in the Actions column corresponding to the RAM user.
    Add Permissions
  7. Select the permissions to grant. In the field below Select Policy, enter vod. Select the policies that are filtered out and click OK.
    Add Permissions

    For the definition of system policies, see the "System policies" section in Overview.

  8. If the RAM user requires permissions such as the console logon permission, you can click the User Logon Name and enable console logon on the Authentication tab.
    Modify permissions