All Products
Search

This Product

    Compute Nest:Manage resource groups

    Document Center

    Compute Nest:Manage resource groups

    Last Updated:Jun 06, 2025

    As a service provider, you can use resource groups to group your cloud resources from dimensions such as the usage, permissions, and ownership. This allows you to manage resources of multiple customers and projects in a hierarchical manner and implement finer-grained authorization than that based on Alibaba Cloud accounts. If you have multiple Compute Nest services, you can add the services to different resource groups based on your business requirements and manage the services and permissions by group.

    Background information

    Resource groups have the following limits:

    • Only services and service instances can be added to resource groups.

    • Resources cannot be transferred between resource groups across accounts.

    • Each resource can be added to only one resource group.

    • Resource groups can be accessed by Resource Access Management (RAM) users that are granted global permissions. If a RAM user is authorized to manage all Alibaba Cloud resources within an Alibaba Cloud account, the RAM user can access all resource groups within the Alibaba Cloud account.

    Procedure

    In this example, you have two services, which are Service A and Service B, and you want to designate Customer A to manage Service A and Customer B to manage Service B. In this case, you can use resource groups of Compute Nest to manage permissions so that Customer A can access only Service A and Customer B can access only Service B.

    1. In the Resource Management console, create two resource groups named Resource Group A and Resource Group B. For more information, see Create a resource group.

    2. Grant permissions on Resource Group A to Customer A and permissions on Resource Group B to Customer B. You must attach the AliyunComputeNestSupplierFullAccess policy to the RAM users of Customer A and Customer B. If other permissions are required, you can grant the permissions to Customer A and Customer B based on your business requirements. For more information, see Add RAM authorization.

    3. Create Service A and Service B. Set the resource group of Service A to Resource Group A and the resource group of Service B to Resource Group B.

    4. After the services are created, Customer A and Customer B can log on to the Compute Nest console and view all resource groups in the All Resources drop-down list in the upper-left corner of the My Services page.

    5. Resources within a resource group are displayed only if a customer is granted the permissions on the resource group. For example, Customer A has only permissions on Resource Group A. In this case, Customer A can select Resource Group A from the All Resources drop-down list and view Service A.

    6. If no resource group is specified for a service, the service is added to the default resource group. You can transfer resources between resource groups to change the ownership of the resources. For more information, see Transfer resources across resource groups.