Assign access configurations to users or groups on member accounts in your resource directory. This example provisions an access configuration with VPC-only permissions for user1 on the Sandbox Account.
Prerequisites
-
An access configuration is created.
This example uses an access configuration that includes the AliyunVPCFullAccess system policy and no inline policies. Manage system policies and inline policies.
-
A user is created or synchronized.
This example uses user1 created in the CloudSSO console. Create a user.
Procedure
-
Log on to the CloudSSO console.
-
In the left-side navigation pane, click Multi-account Permission Configuration.
-
On the Multi-account Permission Configuration page, select the target member account.
This example uses Sandbox Account.
-
Click Configure Access Assignments.
-
In the Configure Access Assignments panel, select the target user or group, and then click Next.
This example uses user1.
-
Select the target access configuration, and then click Next.
-
Review the configuration details and click Start Configuration.
-
Wait for provisioning to complete and click Finish.
Verify the assignment result
-
Log on to the CloudSSO user portal as user1.
-
On the Log on as RAM role tab, find the member account named Sandbox Account and click Show Details in the Access Assignment column.
-
In the permissions panel, find the target access configuration and click Log On in the Actions column.
-
Access VPC resources in Sandbox Account as a Resource Access Management (RAM) role.
NoteOnly VPC resources are accessible because the access configuration grants VPC permissions only. To access other resources, modify the policy in the access configuration and re-provision it.