Alibaba Cloud allows you to grant permission for an Alibaba Cloud account or for a resource group. You can select an appropriate model according to your specific requirements.
Grant permission for an Alibaba Cloud account
Grant permission for a target resource group
Granting permission for a resource group means that when you attach a policy to a RAM identity, only the Alibaba Cloud resources within the target resource group are included within the scope of the policy permissions.
In detail, the RAM user with the
AdministratorAccess system policy in a resource group is called administrator. By default, the resource
group creator is assigned as administrator. The administrator is the entity that can
add RAM users to the resource group and grant permission to the users in the resource