You can grant permissions to a Resource Access Management (RAM) role that you created for a trusted Alibaba Cloud account, Alibaba Cloud service, or identity provider (IdP). This topic describes how to grant permissions to a RAM role.
Note You cannot grant permissions to service-linked roles by attaching policies to the roles. This is because the policies that are attached to this type of role are defined by the linked cloud services. For more information, see Service-linked roles.
Limits
For more information about the maximum numbers of system policies and custom policies that can be attached to each RAM role, see Limits.
Method 1: Grant permissions to a RAM role by clicking Add Permissions on the Roles page
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Roles page, find the RAM role to which you want to grant permissions and click Add Permissions in the Actions column.
- In the Add Permissions panel, grant permissions to the RAM role.
- Click OK.
- Click Complete.
Method 2: Grant permissions to a RAM role by clicking Input and Attach on the Roles page
If you know the exact name of a policy, you can grant permissions to a RAM role by clicking Input and Attach in the Actions column of the RAN role on the Roles page. By default, the authorization scope is the current Alibaba Cloud account. For more information about how to view the name of a policy, see View the basic information about a policy.
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Roles page, find the RAM role to which you want to grant permissions and click Input and Attach in the Actions column.
- In the Add Permissions panel, set Type to System Policy or Custom Policy and enter a policy name.
- Click OK.
- Click Close.
Method 3: Grant permissions to a RAM role on the Grants page
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Grants page, click Grant Permission.
- In the Grant Permissions panel, grant permissions to the RAM role.
- Click OK.
- Click Complete.