All Products
Search

This Product

    Express Connect:How Express Connect works with RAM

    Document Center

    Express Connect:How Express Connect works with RAM

    Last Updated:Jan 19, 2024

    To ensure data security, you can use Resource Access Management (RAM) policies to allow only authorized users to access Express Connect resources.

    Overview

    Express Connect supports the following policies:

    • Alibaba Cloud RAM services:

      • System policies: System policies are created and maintained by Alibaba Cloud. You cannot modify system policies.

      • Custom policies: If the provided system policies are not suitable for your use case, you can create custom policies to perform fine-grained permission management.

        For more information about RAM policies, see Policy elements.

      • After you create a RAM policy, you must attach the policy to a RAM user, a user group, or a RAM role to allow the permissions that are specified in the policy to take effect.

        For example, you can create a RAM policy to allow a RAM user to access specified resources only by using specified IP addresses or within a specified period of time.

      • You can delete RAM policies. Before you delete a RAM policy, make sure that the RAM policy is not attached to an object. If the policy is attached to an object, detach the policy before you delete it.

    Use a RAM policy

    You can use RAM policies to control the access to Alibaba Cloud services.

    You can specify permissions in a RAM policy to grant the permissions to a RAM user, a user group, or a RAM role. You can use RAM policies to specify the scope of resources that can be accessed or managed by RAM users and RAM roles. RAM policies include system policies and custom policies.

    System policies

    System policies are created and maintained by Alibaba Cloud, and are easier to use than custom policies. If you do not need fine-grained permission management, you can use system policies. For more information, see System policies for Express Connect.

    Custom policies

    If the provided system policies are not suitable for your use case, you can create custom policies. For more information, see Create a custom policy.

    Before you create a custom policy, take note of the information in the following topics:

    Attach policies to RAM identities

    After you create a policy, you can attach it to a RAM user, a RAM user group, or a RAM role to grant the permissions defined in the policy to the principal.

    • You can attach one or more policies to a RAM user, a RAM user group, or a RAM role.

    • The attached policies can be system policies or custom policies.

    • If the attached policies are modified, the modifications automatically take effect. You do not need to attach the modified policies to RAM principals again.