Hybrid Backup Recovery (HBR) supports user-based Resource Access Management (RAM) policies and temporary access authorization based on Security Token Service (STS). These features allow you to manage access permissions and control access to Hybrid Backup Recovery (HBR) resources.

User-based RAM policies

Alibaba Cloud RAM is a service that helps control access to resources. You can configure RAM policies based on the user. You can configure RAM policies to manage users, such as employees, systems, and applications, and grant permissions on the required resources to a user.

A RAM policy is in the JSON format. You can write a RAM policy that includes the Action, Effect, Resource, and Condition elements in the Statement section. You can add multiple statements to a policy to implement flexible authorization. For more information, see RAM overview.

Temporary access authorization based on STS

RAM policies allow you to access resources for a long period of time. If you need to access resources only for a short period of time, you can use STS to create temporary credentials. You can use STS to generate temporary AccessKey pairs and tokens. You can send these credentials to temporary users to access Hybrid Backup Recovery (HBR) resources. The permissions that are obtained by using STS are strictly restricted and have time limits. Therefore, the leak of temporary credentials does not significantly affect the system security.

You can use STS to authorize temporary access to Hybrid Backup Recovery (HBR) resources. You can also use STS to create an access credential that has a custom validity period and custom permissions for a third-party application or a RAM user.