This topic describes the account model, Alibaba Cloud account and Resource Access Management (RAM) user management, and account verification in Realtime Compute.

Account model

Log on to the RAM console to configure your account.

Realtime Compute allows you to log on to the console by using an Alibaba Cloud account or as a RAM user. You can use an Alibaba Cloud account to activate Realtime Compute and create projects, and authorize a RAM user to use the Realtime Compute projects created by the Alibaba Cloud Account.

In Realtime Compute, a project belongs to an Alibaba Cloud account. If a project requires collaboration of multiple persons, you must adopt the Alibaba Cloud account + RAM user model.

Alibaba Cloud account + RAM user model

Realtime Compute uses the Alibaba Cloud account + RAM user model to manage accounts and permissions. To log on to the Realtime Compute console as RAM users, follow these steps:

  1. Initialize RAM.

    You must initialize RAM when you use RAM for the first time. For more information, see Set a password policy for RAM users and Set a security policy for RAM users.

  2. Create RAM users.

    You can allocate RAM users to Realtime Compute developers later. For more information about how to create RAM users, see Create a RAM user.

  3. Create a custom policy.

    For more information about how to create a custom policy in RAM, see Create a custom policy .

    Note
    • The policy for granting permissions on Realtime Compute is as follows: 
      {    
   "Version": "1",
   "Statement": [
    { 
     "Action": "stream:*", 
      "Resource": "acs:stream:*:*:*", 
      "Effect": "Allow"
    }, 
    { 
      "Action": "ram:PassRole",
      "Resource": "acs:ram:*:*:*",
      "Effect": "Allow" 
   } 
  ] 
}
    • Realtime Compute supports a project-level policy. That is, you can authorize RAM users to access different projects. To authorize RAM users to access a single project, modify the preceding code in the following way. Replace projectname with the name of an actual project.
      • Before: 
        "Resource": "acs:stream:*:*:*"
      • After: 
        "Resource":"acs:stream:*:*:projectname"
  4. Grant permissions to RAM users or RAM user groups.

    Attach the preceding policy to specified RAM users or RAM user groups. For more information, see Grant permissions to a RAM user and Grant permissions to a RAM user.

  5. Log on to the Realtime Compute console as a RAM user.
    RAM users can log on to the Realtime Compute console through the RAM user logon URL.
    Note You can find the RAM user logon URL under RAM user logon on the Account Management card of the Overview page in the RAM console.

Account verification

The account verification feature Realtime Compute provided makes sure the account security. If you have not operated a job for a long time, the system sends an SMS message and an email to you for account verification. Perform the verification as prompted.