Before you configure member permissions for a workspace, you must add one or more RAM users. This topic describes how to add a RAM user.
On the Workspaces page, select the workspace that you want to configure.
In the Manage Members section, click Go to RAM Console to Add RAM User to go to the RAM console.
- On the Users page, click Create User.
- In the User Account Information section of the Create User page, configure the following parameters:
Note You can click Add User to create multiple RAM users at a time.
- Logon Name: The logon name can be up to 64 characters in length, and can contain letters, digits, periods (.), hyphens (-), and underscores (_).
- Display Name: The display name can be up to 128 characters in length.
- Optional:Tag: You can click the icon. In the dialog box that appears, specify the Tag Key and Tag Value parameters. You can add one or more tags to the RAM user. This way, you can manage the RAM user based on the tags.
- In the Access Mode section, select an access mode and configure the required parameters.
To ensure the security of your Alibaba Cloud account, we recommend that you select only one access mode for the RAM user. This way, the RAM user for an individual is separated from the RAM user for a program.
- Console Access
If the RAM user represents an individual, we recommend that you select Console Access for the RAM user. This way, the RAM user can use a username and password to access Alibaba Cloud. If you select Console Access, you must configure the following parameters:
- Console Password: You can select Automatically Regenerate Default Password or Reset Custom Password. If you select Reset Custom Password, you must specify a password. The password must meet the complexity requirements. For more information, see Configure a password policy for RAM users.
- Password Reset: specifies whether the RAM user is required to reset the password upon the next logon.
- Multi-factor Authentication: specifies whether to enable multi-factor authentication (MFA) for the RAM user. If you select Required to Enable MFA for the RAM user, the RAM user must bind an MFA device when the RAM user logs on to the Alibaba Cloud Management Console. For more information, see Bind an MFA device to a RAM user.
- OpenAPI Access
If the RAM user represents a program, we recommend that you select OpenAPI Access for the RAM user. This way, the RAM user can use an AccessKey pair to access Alibaba Cloud. If you select OpenAPI Access, the system automatically generates an AccessKey ID and AccessKey secret for the RAM user. For more information, see Create an AccessKey pair.
- Console Access
- Click OK.
Repeat the preceding steps to create more RAM users, and go to the Users page to view the RAM users that you created.
Return to the Workspace Management page. In the Members section, search for the created RAM user and configure permissions for the RAM user.