All Products
Search

This Product

    :Prepare a RAM user

    Document Center

    :Prepare a RAM user

    Last Updated:Mar 14, 2025

    To secure project data, it is advisable to create a RAM user and assign it to other users to tightly manage permissions within the Dataphin project. This topic describes the process of creating a RAM user.

    Background information

    Before creating a RAM user, familiarize yourself with the Alibaba Cloud account and RAM user roles and permissions in Dataphin to make an informed decision based on your needs.

    Account

    User roles and permissions in Dataphin

    Alibaba Cloud account

    This is the primary account of an Alibaba Cloud user, which by default becomes the super administrator account of Dataphin. Typically, enterprise managers use the Alibaba Cloud primary account. Due to its wide range of permissions, it is not recommended for roles such as developers, operations personnel, or analysts within the enterprise to use the Alibaba Cloud account.

    RAM user

    A sub-account belonging to an Alibaba Cloud account. You can sync the RAM user to Dataphin, add it as a member of the project space, and grant roles such as project administrator, developer, analyst, operations personnel, or visitor to achieve fine-grained permission management in Dataphin. For the roles and permissions that can be granted to RAM users in Dataphin, see User roles and permissions.

    To avoid project data security issues, it is recommended that you create a RAM user and assign it to other users. This allows you to:

    • Create RAM users for employees in different functional departments within your Alibaba Cloud account based on the business organization of the enterprise, allowing employees to have unique security credentials and use Dataphin.

    • Set different access privileges based on the functions of enterprise users to achieve permission isolation between users.

    For example, during the use of Dataphin, an enterprise plans for different employees to be responsible for data development, data administration, and data analysis stages. The enterprise manager has requirements for permission control and data security among employees. Therefore, you can create three RAM users, sync them to Dataphin, add them as members of the project space, and grant them the roles of developer, operations personnel, and analyst, respectively.

    Prerequisites

    Before creating a RAM user, ensure you have an Alibaba Cloud account.

    Notes

    • RAM users are part of your Alibaba Cloud account, do not own resources, and incur no separate charges.

    • Your Alibaba Cloud account is responsible for all charges incurred by RAM users.

    Step 1: Create a RAM user

    1. Log on to the RAM console with your Alibaba Cloud account.

    2. In the left-side navigation pane, choose Identities > Users.

    3. On the Users page, click Create User. image

    4. In the User Account Information section of the Create User page, configure the following parameters:

      • Logon Name: The logon name can be up to 64 characters in length, and can contain letters, digits, periods (.), hyphens (-), and underscores (_).

      • Display Name: The display name can be up to 128 characters in length.

      • Tag: Click the edit icon and enter a tag key and a tag value. You can add one or more tags to the RAM user. This way, you can manage the RAM user based on the tags.

      Note

      You can click Add User to create multiple RAM users at a time.

    5. In the Access Method area, select your preferred method of access and configure the relevant parameters accordingly.

      For your Alibaba Cloud account's security, it's recommended to enable only one access mode for the RAM user, distinguishing individual users from programmatic users.

      • Console Access: For RAM users who are individuals, it is advisable to enable console access. Utilize the RAM username and password for Alibaba Cloud access, ensuring the account password is kept secure.

        When selecting Console Access, set the following:

        • Set Password: Choose between Auto-generate Password and Custom Password. When opting for a Custom Password, you are required to create a password that adheres to the specified complexity requirements. For more information, see Set RAM user password strength.

        • Require Password Reset: Choose whether to enforce a password reset upon the next logon.

        • MFA (Multi-factor Authentication): You can choose to enable MFA for the current RAM user. If 'Required to Enable MFA' is selected for the RAM user, they must bind an MFA device upon logging on to the Alibaba Cloud Management Console. For more information, see visit this guide.

      • Use Permanent AccessKey

        If the RAM user is acting on behalf of a program, it is advisable to enable OpenAPI Access for that user. By doing so, the RAM user will be able to utilize an AccessKey pair to interact with Alibaba Cloud services. When OpenAPI Access is enabled, the system will automatically create an AccessKey ID and AccessKey secret for the RAM user. For more information, see Create an AccessKey.

    6. Click the Confirm button to complete the RAM user creation process.

    Step 2: Assign the RAM user account to other users

    When assigning the RAM user account, provide the following information:

    • The RAM user login link.

      Open the RAM console, navigate to the Overview page, select the Overview tab, and within the Basic Information section, click Copy Logon Address. Then provide this address to the user who requires access for logon. This address serves as the logon portal for RAM users.

    • The RAM user's account and password, as saved in Step 1.

    What to do next

    After preparing the RAM user, you can proceed to activate the Dataphin service. For more information, see Activate Dataphin - Semi-managed.