This topic describes how to create and authorize a RAM user. You can use your Alibaba Cloud account to access your PolarDB resources. If you need to share the resources under your Alibaba Cloud account with other users, you must create and authorize RAM users. After the authorization, the RAM users can access the specified resources.

Prerequisites

An Alibaba Cloud account is used to log on to the Resource Access Management (RAM) console. Alternatively, the logon credentials of a RAM user are used to log on to the console. The RAM user is granted the permissions to manage and authorize users.

Create a RAM user

  1. Log on to the RAM console with an Alibaba Cloud account or as a RAM user. The RAM user must be granted the permissions to create and authorize users.
    • If you need to log on to the console with an Alibaba Cloud account, visit the following link: RAM console.
    • If you need to log on to the console as a RAM user, visit the following link: RAM console.
  2. In the left-side navigation pane, click Users under Identities.
  3. Click Create User.
    Note To create multiple RAM users at a time, click Add User.
  4. Specify the Logon Name and Display Name parameters.
  5. Under Access Mode, select Console Password Logon.
  6. Under Console Password Logon, select Automatically Generate Default Password or Custom Logon Password.
  7. Under Password Reset, select Required at Next Logon or Not Required.
  8. Under Multi-factor Authentication, select Not Required.
  9. Click OK.

Grant permissions to a RAM user on the Grants page

  1. In the left-side navigation pane, click Grants under Permissions.
  2. Click Grant Permission.
  3. Under Principal, enter the username, and click the target RAM user.
  4. In the Authorization Policy Name column in the left side of the Add Permissions panel, click the policies that you want to attach to the RAM user.

    The following table describes the policies that you can attach to the RAM user.

    Policy Description
    AliyunPolarDBReadOnlyAccess Provides read-only access to PolarDB.
    AliyunPolarDBFullAccess Provides full access to PolarDB.
    Note To remove a selected policy, click the Icon icon for the policy in the Selected section on the right side of the Add Permissions panel.
  5. Click OK.
  6. Click Finished.

Grant permissions to a RAM user on the Users page

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, find the target RAM user.
  3. Click Add Permissions. On the page that appears, the principal is automatically filled in.
  4. In the Authorization Policy Name column in the left side of the Add Permissions panel, click the policies that you want to attach to the RAM user.

    The following table describes the policies that you can attach to the RAM user.

    Policy Description
    AliyunPolardbReadOnlyAccess Provides read-only access to PolarDB.
    AliyunPolardbFullAccess Provides full access to PolarDB.
    Note To remove a selected policy, click the Icon icon for the policy in the Selected section on the right side of the Add Permissions panel.
  5. Click OK.
  6. Click Finished.

Log on as a RAM user

Prerequisites: The preceding authorization steps are completed.

You can log on as a RAM user by using the following addresses:

  • Common logon address: RAM User Logon

    If you use the common logon address, you must manually enter the name of the RAM user and the enterprise alias. The format is RAM username@company alias.

  • Dedicated logon address: In the RAM console, you can view the logon address that is dedicated to the RAM user.

    ram

    If you use the dedicated logon address, the system automatically enters your enterprise alias. You need only to enter the name of the RAM user.

More actions

You can also add a RAM user to a group, assign roles to a RAM user, and authorize a user group or roles. For more information, see RAM User Guide.