This topic describes Resource Access Management (RAM) and the features implemented by using RAM in Mobile PaaS (mPaaS).
RAM is an Alibaba Cloud service designed for user identity management and resource access control. RAM allows you to create and manage multiple identities within one Alibaba Cloud account and grant different permissions to a single identity or a group of identities. This way, different RAM users can be granted different resource access permissions. In detail, RAM users are a type of entity identities. A RAM user has a fixed identity ID and certificate and corresponds to a specific person or app.
mPaaS supports all the features of RAM. After you create a RAM user and grant the required permissions, the RAM user can log on to the mPaaS console. Then, you can add policies for RAM users to isolate resources between RAM users in the mPaaS console. That is, you can control the access to mPaaS apps based on RAM users. For more information about how to implement application-level access control for RAM users, see Application-level access control for RAM users.
In mPaaS, you can also configure component-level permissions for RAM users. If a RAM user is not authorized to access a specific component, the component is visible to the RAM user in the menu but is inaccessible by the RAM user. For more information about component-level access control for RAM users, see Component-level access control for RAM users.