All Products
Search

This Product

    EventBridge:Grant permissions to RAM users

    Document Center

    EventBridge:Grant permissions to RAM users

    Last Updated:Mar 11, 2026

    When multiple team members need to manage EventBridge resources such as event buses and event rules, create Resource Access Management (RAM) users and grant them fine-grained permissions instead of sharing your Alibaba Cloud account AccessKey pair. This reduces the risk of credential exposure and lets you control exactly what each person can do through the console, SDKs, or API operations.

    • All resource usage and costs are billed to the Alibaba Cloud account, not to individual RAM users.

    • You can revoke permissions or delete a RAM user at any time.

    Prerequisites

    Before you begin, make sure that you have:

    • An Alibaba Cloud account

    • At least one RAM user created in the RAM console

    Grant permissions from the Users page

    Use this method to grant permissions directly from a specific RAM user's profile.

    1. Log on to the RAM console with your Alibaba Cloud account.

    2. In the left-side navigation pane, choose Identities > Users.

    3. On the Users page, find the target RAM user and click Add Permissions in the Actions column.

    4. In the Add Permissions panel, configure the following settings:

      1. Select the authorization scope.

        ScopeEffect
        Alibaba Cloud AccountThe authorization applies to the current Alibaba Cloud account
        Specific Resource GroupThe authorization applies only within a specific resource group
        Note If you select Specific Resource Group for Authorized Scope, make sure the cloud service supports resource groups. For more information, see Services that work with Resource Group.

      2. Specify the principal. The current RAM user is selected by default. To grant permissions to a different RAM user, change the principal.

      3. Select policies.

        Note You can attach a maximum of five policies to a RAM user at a time. To attach more than five policies, repeat this operation.

    5. Click OK.

    6. Click Complete.

    Grant permissions from the Grants page

    Use this method to grant permissions without navigating to a specific user's profile first.

    1. Log on to the RAM console with your Alibaba Cloud account.

    2. In the left-side navigation pane, choose Permissions > Grants.

    3. On the Grants page, click Grant Permission.

    4. On the Grant Permission page, configure the following settings:

      1. Select the authorization scope.

        ScopeEffect
        Alibaba Cloud AccountThe authorization applies to the current Alibaba Cloud account
        Specific Resource GroupThe authorization applies only within a specific resource group
        Note If you select Specific Resource Group for Authorized Scope, make sure the cloud service supports resource groups. For more information, see Services that work with Resource Group.

      2. Specify the principal. Select the RAM user to which you want to grant permissions.

      3. Select policies.

        Note You can attach a maximum of five policies to a RAM user at a time. To attach more than five policies, repeat this operation.

    5. Click OK.

    6. Click Complete.

    What to do next

    After you grant permissions, share the RAM user name and password or AccessKey pair with team members so they can access EventBridge.

    Log on to the EventBridge console

    1. Open the RAM user logon portal in a browser.

    2. On the RAM User Logon page, enter the RAM user name and click Next. Enter the password and click Login.

      Note The RAM user name format is <$username>@<$AccountAlias> or <$username>@<$AccountAlias>.onaliyun.com. <$AccountAlias> is the account alias. If no account alias is set, the Alibaba Cloud account ID is used by default.

    3. On the console homepage, click the authorized service to access its console.

    Call API operations

    Use the AccessKey ID and AccessKey secret of the RAM user in your code to authenticate API calls.

    References