Resource Access Management (RAM) users' credentials are created in the RAM console. You can use a RAM user's credentials to log on to the Object Storage Service (OSS) console.

Background information

You can use a RAM user's credentials to log on to the OSS console in the following scenarios:
  • A bucket created by using an Alibaba Cloud account stores internal documents of your enterprise. To share some internal documents with your employees, create RAM users for your employees and grant permissions to the RAM users. The RAM users can log on to the OSS console to view these documents.
  • Some of your partners need to view some materials regularly. You can store the materials in a bucket, create RAM users for the partners, and authorize the RAM users to access the bucket. This way, the partners can log on to the OSS console as RAM users to view the materials regularly.
  • Alibaba Cloud accounts are not suitable for testing in the development environment. To resolve this issue, you can create RAM users for testing.
  • Other scenarios.

Create and authorize RAM users

  1. Use an Alibaba Cloud account to log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. Click Create User.
    Note On the page that appears, you can click Add User to create multiple RAM users at a time.
  4. Specify the Logon Name and Display Name parameters.
  5. In the Access Mode section, select Console Access or Open API Access.
    Note We recommend that you select only one access mode for RAM users to secure your Alibaba Cloud resources. This method prevents RAM users who have terminated their employment contracts with the company from using an AccessKey pair to access Alibaba Cloud resources.
  6. After you configure the parameters, click OK.
  7. Click Add Permissions in the Actions column corresponding to the RAM user. In the Add Permissions dialog box that appears, the Principle field is automatically specified.
    You can add permissions to the RAM user. To ensure that you can use the features in the OSS console after you log on as a RAM user, you must also grant the permissions to access MNS, CloudMonitor, and CDN to the RAM user. Create a RAM userThe system provides only some policies. You can create custom policies. For more information, see Create a custom policy.
  8. Click OK.

Use a RAM user's credentials to log on to the OSS console

  1. Use an Alibaba Cloud account to log on to the RAM console.
  2. On the Overview page, find the Account Management section. View the RAM User Logon value.
  3. Click the link. You can use a RAM user's credentials to log on to the Alibaba Cloud Management console.
  4. Log on to the OSS console and manage your OSS resources.

For more information, see Create a RAM user.