Alibaba Cloud allows you to grant RAM identities the permissions for managing the resources of an Alibaba Cloud account or a resource group. You can select a policy model from these two options based on your requirements.
Manage the resources of an Alibaba Cloud account
Manage the resources of a target resource group
In this model, if you attach a policy to a RAM identity, only the Alibaba Cloud resources of the target resource group are included in the scope of the policy permissions.
The RAM user that is attached with the
AdministratorAccess system policy in a resource group is the administrator of the resource group. By
default, the RAM user that creates the resource group is the administrator. The administrator
can add RAM users to the resource group and grant permissions to the RAM users in
the resource group.