When multiple people in your organization manage Enterprise Distributed Application Service (EDAS) resources, shared credentials create security risks: you cannot track who performed which action, and a leaked AccessKey pair exposes all EDAS resources. Resource Access Management (RAM) solves this by letting you create individual users, each with only the permissions they need.
Why use RAM with EDAS
RAM is an Alibaba Cloud service for identity management and access control. You create and manage RAM users that represent employees, systems, or applications, then grant each user the minimum permissions required for their role.
| Benefit | Description |
|---|---|
| Least-privilege access | Grant each RAM user only the EDAS permissions required for their role, reducing the risk of unintended changes |
| Credential isolation | Each RAM user authenticates with their own AccessKey pair, keeping your Alibaba Cloud account credentials secure |
Scope
The EDAS documentation covers only the RAM operations specific to EDAS. For general RAM concepts -- including RAM users, RAM roles, and RAM policies -- see What is RAM?.