If you have multiple clusters or your clusters need to be managed by multiple users, you can use Resource Access Management (RAM) users to manage user access on clusters to meet management and security requirements. This topic describes how to associate RAM users with a cluster and manage the console permissions of RAM users.
Overview
RAM is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM to manage users and user permissions. Elastic High Performance Computing (E-HPC) provides the following features based on RAM. You can create multiple RAM users and assign the RAM users different permissions on the clusters or service console to implement fine-grained permission management.
Feature | Description | Scenario |
Associate RAM users with a cluster |
| You have multiple clusters that need to be managed by different personnel. |
Modify the console permissions of a RAM user |
| You need to control the operation permissions of personnel with different responsibilities on the console for management and security reasons. For example, a cluster administrator is responsible for deploying and managing clusters. You can assign permissions that are related to clusters, such as permissions on the Cluster and User pages. A job operator is responsible for submitting jobs, but cannot modify cluster configurations. In this case, you can assign permissions on the Job page. |
You can use the preceding features together to implement fine-grained permission control.
Prerequisites
A RAM user is created and granted permissions to use E-HPC. For more information, see Create a RAM user.
Associate RAM users with or disassociate RAM users from a cluster
Log on to the E-HPC console by using an Alibaba Cloud account.
ImportantOnly Alibaba Cloud accounts can perform related operations.
In the upper-left corner of the top navigation bar, select a region.
In the left-side navigation pane, choose .
In the upper part of the User page, select a cluster from the Cluster drop-down list.
Operation
Procedure
Associate RAM users with a cluster
Click the Assign a RAM user tab.
Click Assign RAM user.
In the panel that appears, select the RAM users that you want to associate with the cluster and click OK.
After you associate RAM users with the cluster, only the Alibaba Cloud account and the associated RAM users can access and manage the cluster. Other RAM users cannot access or manage the cluster.
Disassociate RAM users from a cluster
Click the Assign a RAM user tab.
Use one of the following methods to disassociate RAM users:
Disassociate a RAM user: Click Delete in the Operation column of the RAM user.
Disassociate RAM users: Click Batch Delete in the upper part of the user list.
Select the RAM users that you want to disassociate and click Delete.
If the cluster is associated with other RAM users, the deleted RAM users cannot access or manage the cluster. If the cluster is not associated with other RAM users, the Alibaba Cloud account and all RAM users can access and manage the cluster.
NoteThe delete operation deletes only the association between the cluster and RAM users. The RAM users are not deleted.
Modify the console permissions of a RAM user
Log on to the E-HPC console by using an Alibaba Cloud account.
ImportantOnly Alibaba Cloud accounts can perform related operations.
In the upper-left corner of the top navigation bar, select a region.
In the left-side navigation pane, choose .
On the User page, click the Console Permissions of RAM Users tab.
Select a RAM user whose permissions you want to modify from the drop-down list.
Select the required permissions and click OK.
NoteThe modified permission settings take effect after the RAM user logs on to the console again or refreshes the browser.