All Products
Search
Document Center

Data Management:Accounts used to log on to DMS

Last Updated:Mar 28, 2026

DMS supports two authentication paths: direct login with an Alibaba Cloud account or RAM user, and single sign-on (SSO) through your enterprise identity provider (IdP). This topic explains both options and how to configure RAM user settings in DMS.

Log on methods

MethodRecommended forDetails
Alibaba Cloud account or RAM userTeams already using Alibaba Cloud Identity and Access Management (IAM)Log on directly with your Alibaba Cloud primary account or any RAM user under that account.
Single sign-on (SSO)Enterprises with a central IdPImplement user-based SSO or role-based SSO to log on to the Alibaba Cloud Management Console from the identity provider (IdP) of your enterprise. For setup instructions, see Use SSO to log on to DMS.

RAM user behavior after removal

If a RAM user is removed from Resource Access Management (RAM), the user account remains visible in DMS but can no longer be used to log on to Alibaba Cloud or the DMS console.

Note

Before removing or disabling a user in DMS, check whether that user holds a role such as data owner, database administrator (DBA), or approver on an approval node. If so, reassign the role to another user first. For more information, see Manage users.

Configure RAM user settings

Prerequisites

Before you begin, make sure that you have:

  • A DMS administrator or DBA role

Steps

  1. Log on to the DMS console V5.0.

  2. In the top navigation bar, click O&M. In the left-side navigation pane, click Configuration Management.

    If you use DMS in simple mode, hover over the 2022-10-21_15-25-22.png icon in the upper-left corner and choose All functions > O&M > Configuration Management.
  3. Configure the following settings as needed.

RAM permission verification

This setting controls whether DMS automatically initializes roles and permissions for RAM users when they first log on.

SettingBehavior
Yes (default)A RAM user with the AdministratorAccess policy is initialized as a DMS administrator. A RAM user with the ReadOnlyAccess policy for RDS and MongoDB can query databases in Security Collaboration mode (no permission record created) and log on to databases in Flexible Management mode or Stable Change mode (permission record created; access is granted for 180 days).
NoNo role or permission is initialized for RAM users in DMS.

RAM users automatically join the tenant

This setting controls whether newly created RAM users are automatically added to your DMS tenant when they log on.

SettingBehavior
Yes (default)After you create a RAM user under your Alibaba Cloud account, the RAM user is automatically added to your DMS tenant when they log on to the DMS console.
NoRAM users are not added automatically. Manually add each RAM user to the DMS tenant. For instructions, see Add a user.

What's next