This topic describes how to specify the users or groups that are allowed to access the accounts in a resource directory based on the structure of the resource directory. This topic also describes how to assign access permissions or configurations to users or groups. This topic provides an example on how to assign access permissions on the accounts in your resource directory. In this example, user1 is specified and an access configuration is provisioned for the Sandbox Account member account in the resource directory. This access configuration defines the access permissions only on virtual private cloud (VPC) resources. After the provisioning, user1 can access only VPC resources within Sandbox Account.
Prerequisites
- An access configuration is created.
In this example, the in-use access configuration includes the AliyunVPCFullAccess system policy and no inline policies. For more information, see Manage both system and inline policies.
- A user is created or synchronized.
In this example, user1 created in the CloudSSO console is used. For more information, see Create a user.