This topic describes how to create a Resource Access Management (RAM) user, create an AccessKey for the RAM user, grant permissions to the RAM user, and allocate the RAM user to a person.

Background information

  • If you use DTplus alone, you can skip this topic after creating an Alibaba Cloud account. For more information, see Prepare an Alibaba Cloud account.
  • If you want to use DTplus together with others, follow instructions in this topic to create RAM users.

Create a RAM user

  1. Log on to the RAM console with your Alibaba Cloud account.
  2. In the left-side navigation pane, click Users under Identities.
  3. Click Create User.
    Note To create multiple RAM users at a time, click Add User.
  4. Specify the Logon Name and Display Name parameters.
  5. Under Access Mode, select Console Password Logon.
  6. Click OK.
Notice After creating the RAM user, take note of the logon username and password of the RAM user and send them to the person who uses the RAM user.

Create an AccessKey for the RAM user

An AccessKey guarantees that nodes created in your DataWorks workspace can be run. You must create an AccessKey for each RAM user.

If you grant a RAM user the permission to manage AccessKeys, the RAM user can create AccessKeys in the RAM console.

To create an AccessKey for a RAM user, follow these steps:

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, click the username of the target RAM user.
  3. In the User AccessKey Pairs section, click Create AccessKey.
    Note You must enter a verification code if you are creating an AccessKey pair for the first time.
  4. Click OK.
    Note
    • The AccessKey Secret is displayed only once when you first create it. You cannot retrieve the AccessKey Secret if you forget it. We recommend that you save the AccessKey Secret for subsequent use.
    • If the AccessKey pair is disclosed or lost, you must create a new one. Currently, you can create a maximum of two AccessKey pairs.

Grant permissions to the RAM user

To allow a RAM user to create a DataWorks workspace, you must grant the AliyunDataWorksFullAccess permission to the RAM user.

  1. In the left-side navigation pane, click Users under Identities.
  2. In the User Logon Name/Display Name column, find the target RAM user.
  3. Click Add Permissions. On the page that appears, the principal is automatically filled in.
  4. In the Policy Name column, select the target policies by clicking the corresponding rows.
    Note You can click X in the section on the right side of the page to delete the selected policy.
  5. Click OK.
  6. Click Finished.

Allocate the RAM user to a person

Note
  • A RAM user belongs to your Alibaba Cloud account and does not own resources, so the resource usage of a RAM user is not measured and billed to the RAM user.
  • All charges generated for using Alibaba Cloud services by RAM users are paid by your Alibaba Cloud account.
  • You must take note of the logon link for RAM users and the default domain or domain alias of your Alibaba Cloud account. Then, send them to the person to whom you want to allocate a RAM user.
When allocating the RAM user to a person, you must provide the following information for the person:
  • Logon link for RAM users

    Log on to the RAM console with your Alibaba Cloud account and click Overview in the left-side navigation pane. View the logon link for RAM users in the Account Management section.

  • Domain alias or default domain of your Alibaba Cloud account

    Log on to the RAM console with your Alibaba Cloud account and click Settings in the left-side navigation pane. On the Settings page that appears, click the Advanced tab and view the default domain and domain alias in the Default Domain and Domain Alias sections.

  • Username and password of the RAM user
  • AccessKey ID and AccessKey secret of the RAM user
In addition to providing the preceding information, make sure that:
  • You grant the RAM user the permission to log on to the Alibaba Cloud console.
  • You grant the RAM user the permission to manage AccessKeys. For more information, see Set RAM user security policies.

What to do next

Create a workspace. For more information, see Create Workspace.