If you want to attach, replace, or detach an instance RAM role by using a RAM user, you must use the Alibaba Cloud account to authorize the RAM user to manage the instance RAM role. The procedure described in this topic can be used only when you use an Alibaba Cloud account.
Background information
When you authorize a RAM user to use an instance RAM role, you must grant the RAM user the PassRole permission on the instance RAM role. If the RAM user does not have the PassRole permission, the RAM user cannot exercise the permissions specified in role policies.
Procedure
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Users page, find the RAM user to which you want to attach the custom policy, and click Add Permissions in the Actions column.
- In the Add Permissions panel, grant permissions to the RAM user.
- Go back to the Add Permissions panel and click Custom Policy in the Select Policy section.
- In the Authorization Policy Name column, click the names of policies to be attached to the RAM user. Note In the Selected section on the right, you can click the cross sign (×) next to a RAM policy to remove the RAM policy.
- Click OK.
- Click Complete.