This topic describes how to create and authorize a Resource Access Management (RAM) user. You can use your Alibaba Cloud account to access your ApsaraDB for PolarDB resources. If you want to share the resources under your Alibaba Cloud account with other users, create and authorize a RAM user. The RAM user can then be used to access specified resources.

Create a RAM user

  1. You can use an Alibaba Cloud account or a RAM user to create one or more RAM users. First, log on to the RAM console.
    • Click Alibaba Cloud account Logon to log on with your Alibaba Cloud account.
    • Click RAM User Logon to log on with your RAM user.
      Note Enter the RAM username in the format of RAM username@enterprise alias on the logon page.
  2. In the left-side navigation pane, click Users under Identities.
  3. Click Create User.
    Note To create multiple RAM users at a time, click Add User.
  4. Specify the Logon Name and Display Name parameters.
  5. In the Access Mode section, select Console Password Logon.
  6. Under Console Password Logon, select Automatically Generate Default Password or Custom Logon Password.
  7. Under Password Reset, select Required at Next Logon or Not Required.
  8. Under Multi-factor Authentication, select Not Required.
  9. Click OK.

Grant permission to a RAM user on the Grants page

  1. In the left-side navigation pane, click Grants under Permissions.
  2. Click Grant Permission.
  3. Under Principal, enter the username, and click the target RAM user.
  4. In the Policy Name column, select the target policies by clicking the corresponding rows.
    Note You can click X in the section on the right side of the page to delete the selected policy.
  5. Click OK.
  6. Click Finished.

Grant permission to a RAM user on the Users page

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, find the target RAM user.
  3. Click Add Permissions. On the page that appears, the principal is automatically filled in.
  4. In the Policy Name column, select the target policies by clicking the corresponding rows.
    Note You can click X in the section on the right side of the page to delete the selected policy.
  5. Click OK.
  6. Click Finished.

Log on as a RAM user

Prerequisites: You must complete the preceding authorization procedures.

You can log on as a RAM user at the following addresses:

  • Universal logon address: RAM User Logon.

    If you log on at the universal logon address, you must enter the RAM username and company alias manually. The address format is RAM username@company alias.

  • Dedicated logon address: You can view the logon address dedicated to your RAM users in the RAM console.

    RAM console

    The system will enter your company alias automatically if you log on using this dedicated address. You only need to enter the RAM username.

More actions

You can also add a RAM user to a group, assign roles to a RAM user, and authorize a user group or roles. For more information, see RAM User Guide.