This topic describes how to create a RAM user, create an AccessKey pair for the RAM user, grant permissions to the RAM user, and allocate the RAM user to a person.

Background information

  • If you use DTplus alone, you can skip this topic after you create an Alibaba Cloud account. For more information, see Prepare an Alibaba Cloud account.
  • If you need to use DTplus together with others, follow the instructions in this topic to create RAM users.

Create a RAM user

  1. Log on to the RAM console with your Alibaba Cloud account.
  2. In the left-side navigation pane, click Users under Identities.
  3. Click Create User.
    Note To create multiple RAM users at a time, click Add User.
  4. Specify the Logon Name and Display Name parameters.
  5. Under Access Mode, select Console Password Logon.
  6. Click OK.
Notice After you create a RAM user, take note of the logon username and password of the RAM user and send them to the person who needs to use the RAM user.

Create an AccessKey pair for the RAM user

An AccessKey pair ensures that nodes created in your DataWorks workspace can be run. You must create an AccessKey pair for each RAM user.

If you grant a RAM user the permission to manage AccessKey pairs, the RAM user can create AccessKey pairs in the RAM console.

To create an AccessKey pair for a RAM user, perform the following steps:

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, click the username of the target RAM user.
  3. In the User AccessKey Pairs section, click Create AccessKey.
    Note You must enter a verification code if you are creating an AccessKey pair for the first time.
  4. Click OK.
    Note
    • The AccessKey Secret is displayed only once when you first create it. You cannot retrieve the AccessKey Secret if you forget it. We recommend that you save the AccessKey Secret for subsequent use.
    • If the AccessKey pair is disclosed or lost, you must create a new one. Currently, you can create a maximum of two AccessKey pairs.

Grant permissions to the RAM user

To allow a RAM user to create a DataWorks workspace, you must grant the AliyunDataWorksFullAccess permission to the RAM user.

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, find the target RAM user.
  3. Click Add Permissions. On the page that appears, the principal is automatically filled in.
  4. In the Policy Name column, select the target policies by clicking the corresponding rows.
    Note You can click X in the section on the right side of the page to delete the selected policy.
  5. Click OK.
  6. Click Finished.

Allocate the RAM user to a person

Note
  • A RAM user belongs to your Alibaba Cloud account and does not own resources, so the resource usage of a RAM user is not measured and billed to the RAM user.
  • All charges generated for using Alibaba Cloud services by RAM users are paid by your Alibaba Cloud account.
  • You must take note of the logon link for RAM users and the default domain or domain alias of your Alibaba Cloud account. Then, send them to the person to whom you want to allocate a RAM user.
When you allocate the RAM user to a person, you must provide the following information for the person:
  • Logon link for RAM users

    Log on to the RAM console with your Alibaba Cloud account and click Overview in the left-side navigation pane. View the logon link for RAM users in the Account Management section.

  • Domain alias or default domain of your Alibaba Cloud account

    Log on to the RAM console with your Alibaba Cloud account and click Settings in the left-side navigation pane. On the Settings page, click the Advanced tab and view the default domain and domain alias in the Default Domain and Domain Alias sections.

  • Username and password of the RAM user
  • AccessKey ID and AccessKey secret of the RAM user
In addition to providing the preceding information, make sure that:
  • You grant the RAM user the permission to log on to the Alibaba Cloud Management Console.
  • You grant the RAM user the permission to manage AccessKey pairs. For more information, see Set security policies for RAM users.

What to do next

After you prepare a RAM user, you can create a workspace for the RAM user to perform data analytics operations. For more information, see Create a workspace.