You can use your Alibaba Cloud account to access your PolarDB resources. If you want to share the resources within your Alibaba Cloud account with other users, you must create and authorize Resource Access Management (RAM) users. After the authorization, the RAM users can access the specified resources. This topic describes how to create and authorize a RAM user.

Prerequisites

Log on to the Alibaba Cloud Management Console by using an Alibaba Cloud account or as a RAM user.

Create a RAM user

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, click Create User.
    Note You can click Add User to create multiple RAM users at a time.
  4. Set the Logon Name and Display Name parameters.
  5. In the Access Mode section, select Console Access or Programmatic Access.
    • Console Access: If you select this access mode, you must complete the logon security settings. These settings include whether to use the default or custom logon password, whether to reset the password at the next logon, and whether to enable multi-factor authentication (MFA).
    • Programmatic Access: If you select this access mode, an AccessKey pair is automatically created for the RAM user. The RAM user can call API operations or use development tools to access Alibaba Cloud resources.
    Note To ensure the security of your Alibaba Cloud account, we recommend that you select only one access mode for the RAM user. This prevents the RAM user from using an AccessKey pair to access Alibaba Cloud resources after the RAM user is removed from the organization.
  6. Click OK.

Grant permissions to a RAM user on the Grants page

  1. Log on to the RAM console.
  2. In the left-side navigation pane, click Grants under Permissions.
  3. Click Grant Permission.
  4. In the Principle section, enter the username and click the RAM user.
  5. In the Authorization Policy Name column on the left side of the page, click the policies that you want to attach to the RAM user.

    The following table describes the policies that you can attach to a RAM user.

    Policy Description
    AliyunPolarDBReadOnlyAccess Provides read-only access to PolarDB.
    AliyunPolarDBFullAccess Provides full access to PolarDB.
    Note To remove a selected policy, click the Icon icon for the policy in the Selected section on the right side of the page.
  6. Click OK.
  7. Click Complete.

Grant permissions to a RAM user on the Users page

  1. Log on to the RAM console.
  2. In the left-side navigation pane, click Users under Identities.
  3. In the User Logon Name/Display Name column, find the RAM user that you want to authorize.
  4. Click Add Permissions. On the page that appears, the Principal field is automatically filled in.
  5. In the Authorization Policy Name column on the left side of the page, click the policies that you want to attach to the RAM user.

    The following table describes the policies that you can attach to a RAM user.

    Policy Description
    AliyunPolardbReadOnlyAccess Provides read-only access to PolarDB.
    AliyunPolardbFullAccess Provides full access to PolarDB.
    Note To remove a selected policy, click the Icon icon for the policy in the Selected section on the right side of the page.
  6. Click OK.
  7. Click Complete.

Log on to the Alibaba Cloud Management Console as a RAM user

Prerequisites: You have completed the preceding authorization steps.

You can log on to the console through the following addresses as a RAM user:

  • Common logon: RAM User Logon

    If you use this address, you must manually enter the name of the RAM user and the enterprise alias. The format is RAM username@enterprise alias.

  • Dedicated logon: You can view the logon address that is dedicated to the RAM user in the RAM console.

    ram

    If you use this address, the system automatically enters your enterprise alias. You need to enter only the name of the RAM user.

More actions

You can also add a RAM user to a group, assign roles to a RAM user, and authorize a user group or roles. For more information, see RAM User Guide.