You can use RAM users to avoid security risks caused by AccessKey pair and password leaks. This topic describes how to create a RAM user and grant permissions to the user.

Prerequisites

Resource Access Management (RAM) is activated.

Procedure

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users. On the Users page, click Create User.
    User management
  3. On the Create User page, specify Logon Name and Display Name.
    Enter vod in the Logon Name field.
  4. In the Access Mode section, select OpenAPI Access and click OK.
    Create a user
    After you click OK, the SMS Verification window appears. After you enter the verification code, the AccessKey pair of the RAM user is automatically generated. Generate the AccessKey pair.
  5. Click Copy in the Actions column to copy user information, such as the logon name, logon password, and AccessKey pair (AccessKey ID and AccessKey Secret) to the clipboard.
    Note We recommend that you store your user information in a secure location for future use.
  6. Go back to the Users page. The RAM user that you created appears in the user list.
    The RAM user that you created does not have any permissions.
  7. Click Add Permissions in the Actions column.
    Add permissions
  8. In the Select Policy section, select the authorization scope and enter vod in the field. Then select the filtered policies and click OK.
    Add permissions

    For the definition of system policies, see the "System policies" section in Overview.

  9. Click User Logon Name and enable console logon on the Authentication tab if the RAM user requires permissions such as the console logon permission.
    Modify permissions