This topic describes how to create a RAM user, create an AccessKey pair for the RAM user, grant permissions to the RAM user, and allow a user to use the RAM user to access DataWorks.

Background information

  • If you want to access DataWorks alone, prepare your Alibaba Cloud account by following the instructions that are described in Activate DataWorks and skip the operations that are described in this topic.
  • If you want to work with other users to access DataWorks, prepare RAM users by following the instructions that are described in this topic.

Create a RAM user

You need to use your Alibaba Cloud account to log on to the RAM console and create a RAM user.

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, click Create User.
  4. In the User Account Information section of the Create User page, configure the Logon Name and Display Name parameters.
    Note You can click Add User to create multiple RAM users at a time.
  5. In the Access Mode section, select an access mode.
    • Console Access: If you select this option, you must complete the logon security settings. These settings specify whether to use a system-generated or custom logon password, whether the password must be reset upon the next logon, and whether to enable multi-factor authentication (MFA).
      Note If you select Custom Logon Password in the Console Password section, you must specify a password. The password must meet the complexity requirements. For more information about the complexity requirements, see Configure a password policy for RAM users.
    • OpenAPI Access: If you select this option, an AccessKey pair is automatically created for the RAM user. The RAM user can call API operations or use other development tools to access Alibaba Cloud resources.
    Note To ensure the security of the Alibaba Cloud account, we recommend that you select only one access mode for the RAM user. This prevents the RAM user from using an AccessKey pair to access Alibaba Cloud resources after the RAM user leaves the organization.
  6. Click OK.
Notice After you create a RAM user, keep the username and password of the RAM user secure and send the logon information to the user that is allowed to access DataWorks by using the RAM user.

(Optional) Create an AccessKey pair for a RAM user

An AccessKey pair is not required if you use a RAM user only to run nodes in DataWorks. If you have special business requirements, you can create an AccessKey pair for the RAM user in the RAM console.

If the RAM user is granted permissions to manage AccessKey pairs, you can use the RAM user to create an AccessKey pair in the RAM console.

To create an AccessKey pair for a RAM user, perform the following steps:

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the specific RAM user and click its name.
  4. In the User AccessKeys section, click Create AccessKey.
  5. In the Create AccessKey dialog box, view the AccessKey ID and AccessKey secret.
    You can click Download CSV File to download the AccessKey pair or click Copy to copy the AccessKey pair.
  6. Click Close.
    Note
    • The AccessKey secret is displayed only when you create an AccessKey pair, and is unavailable for subsequent queries. We recommend that you save the AccessKey secret for subsequent use.
    • If the AccessKey pair is disclosed or lost, you must create another AccessKey pair. You can create a maximum of two AccessKey pairs

Grant a RAM user the permissions to perform operations in the DataWorks console

If you want to grant a RAM user the permissions to perform operations in the DataWorks console, you must log on to the RAM console and grant the permissions to the RAM user.

Perform the following steps to grant the permissions to the RAM user:

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
  4. In the Add Permissions panel, grant permissions to the RAM user.
    1. Select the authorization scope.
      • Alibaba Cloud Account: The authorization takes effect on the current Alibaba Cloud account.
      • Specific Resource Group: The authorization takes effect on a specific resource group.
        Note If you select Specific Resource Group for Authorized Scope, make sure that the required cloud service supports resource groups. For more information, see Alibaba Cloud services that support resource groups.
    2. Specify the principal.
      The principal is the RAM user to which permissions are to be granted. By default, the current RAM user is specified. You can also specify another RAM user.
    3. Select policies.
      Note You can attach a maximum of five policies to a RAM user at a time. If you need to attach more than five policies to a RAM user, perform the operation multiple times.
  5. Click OK.
  6. Click Complete.

Allow a user to use DataWorks as a RAM user

If you need to work with other users for collaborative development in the DataWorks console, you need to prepare RAM users and provide the users with the information that can be used to log on to the Alibaba Cloud Management Console as the RAM users. If an AccessKey pair is required for a RAM user that you prepared, you must provide the AccessKey pair that is available to a user that uses DataWorks as the RAM user.

Note
  • A RAM user belongs to an Alibaba Cloud account and does not own resources. Resource usage of a RAM user is not measured and billed.
  • All charges generated when you use Alibaba Cloud services as a RAM user are paid by your Alibaba Cloud account.
  • You must obtain the link that can be used to log on to the Alibaba Cloud Management Console as a RAM user and the default domain name or domain alias of your Alibaba Cloud account. Then, you must send the information to a user that is allowed to access DataWorks as a RAM user.
You must provide the following information to a user that is allowed to access DataWorks as a RAM user:
  • Link that can be used to log on to the Alibaba Cloud Management Console as a RAM user
    Log on to the RAM console by using your Alibaba Cloud account. In the left-side navigation pane, click Overview. In the upper-right corner of the Overview page, click Copy on the right side of the logon link specified by the RAM user logon parameter in the Account Management section and provide the link for a user that is allowed to access DataWorks as the RAM user. For more information about how to log on to the Alibaba Cloud Management Console as a RAM user, see Log on to the Alibaba Cloud Management Console as a RAM user. RAM console
  • Domain alias or default domain name of your Alibaba Cloud account

    Log on to the RAM console by using your Alibaba Cloud account. In the left-side navigation pane, choose Identifies > Settings. On the Settings page, click the Advanced tab to view the default domain name and domain alias.

  • Username and password of the RAM user
  • AccessKey ID and AccessKey secret of the RAM user
In addition to providing the preceding information, take note of the following points:
  • The permissions to log on to the Alibaba Cloud Management Console are granted to the RAM user.
  • The permissions to manage AccessKey pairs are granted to the RAM user. For more information, see Configure security policies for RAM users.

What to do next

After you prepare a RAM user, you can use the RAM user to log on to the DataWorks console, create a workspace, and perform operations such as data development in the workspace. For more information, see Create a workspace.