Application Real-Time Monitoring Service:Access control overview

How RAM works with Tracing Analysis

RAM uses policies to define what actions an identity can perform on Tracing Analysis resources. You attach policies to RAM users, and those identities can then access resources within the boundaries the policies allow.

A typical setup involves three steps:

1. Create a RAM user for each team member who needs access.

2. Attach a Tracing Analysis system policy (or a custom policy) to each RAM user.

3. Each RAM user signs in with their own credentials and works within their granted permissions.

All resource usage is billed to the Alibaba Cloud account, not to individual RAM users.

When to use RAM

Use RAM when multiple people in your organization need different levels of access to Tracing Analysis. Common examples:

• Developers need read-only access to trace data for debugging but should not change configurations.

• Operations engineers need full access to manage applications and configure monitoring settings.

• Auditors need read-only access to review data and configurations without the ability to modify anything.

RAM lets you:

• Grant and revoke permissions on, and delete, user accounts at any time without affecting other users.

• Enforce least-privilege access so each team member can only perform the actions their role requires.

System policies

Tracing Analysis provides two predefined system policies. Attach these policies to RAM users to control access.

What's next

• Grant different permissions to RAM users