This topic describes the differences between ordinary accounts, member accounts, and management accounts.
The following table describes the differences between ordinary accounts, member accounts,
and management accounts.
Item | Ordinary account | Member account | Management account |
---|---|---|---|
Account attributes | An ordinary account is an independent Alibaba Cloud account that is not included in a resource directory by a management account. | A member account is an Alibaba Cloud account that is included in a resource directory by a management account. | A management account is an Alibaba Cloud account that enables a resource directory and manages all member accounts. |
Console pages | On the Overview, Resources, Compliance Package, and Rules pages, you can view the resources, compliance packages, and rules within the current account by default. | On the Overview, Resources, Compliance Package, and Rules pages, you can view the Current Account tab and the tab of the account group to which the current account belongs. | On the Overview, Resources, Compliance Package, and Rules pages, you can view the Current Account tab and the tabs of all the account groups. |
Resources | You can view the resources within the current account, and the configuration timeline and compliance timeline of each resource. | You can view only the resources within the current account, and the configuration timeline and compliance timeline of each resource. | You can view the resources within the current account and the member accounts in all account groups, and the configuration timeline and compliance timeline of each resource. |
Compliance packages | You can create, modify, delete, or view the compliance packages within the current account. You can also download compliance evaluation reports. | If a member account is added to an account group, the Current Account tab and the tab of the account group to which the member account belongs are displayed.
|
You can create, modify, delete, or view compliance packages within the current account and the member accounts in all account groups. You can also download compliance evaluation reports. |
Rules | You can create, modify, delete, enable, disable, or view rules. You can also download compliance evaluation reports. | If a member account is added to an account group, the Current Account tab and the tab of the account group to which the member account belongs are displayed.
|
You can create, modify, delete, enable, disable, or view rules within the current account and the member accounts in all account groups. You can also download compliance evaluation reports. |
Account groups | You cannot create, modify, delete, or view account groups. | You cannot create, modify, delete, or view account groups. This type of account exists only as a member account in an account group. | You can create, modify, delete, or view account groups. |
Service-linked role for Cloud Config | When you grant permissions on Cloud Config, a service-linked role for Cloud Config is automatically created. | If no member accounts have created a service-linked role for Cloud Config, a service-linked role is automatically created when the management account creates an account group. All the member accounts in the account group can use the service-linked role. | When you grant permissions on Cloud Config, a service-linked role for Cloud Config is automatically created. |
Delivery methods of resource data and notification methods of resource events | You can customize the delivery methods of resource data and notification methods of resource events for the current account. | You cannot modify the delivery methods of resource data and notification methods of resource events for the current account. You must follow the configurations of the management account. | You can customize the delivery methods of resource data and notification methods of resource events for the management account and the member accounts in all account groups. |