Document Center
all-products-head
This Product
This Product
All Products
Resource Access Management
Resource Access Management
All Products
Announcements and Updates
Release notes
Show more
Show less
Product Introduction
What is RAM?
What is STS?
Terms
Limits
Services that work with RAM
Services that work with STS
Services that work with service-linked roles
CloudSSO-based identity and permission management in multi-account scenarios
Show more
Show less
Billing
Billing methods
Show more
Show less
Getting Started
Introduction
Manage security settings of RAM users
Create a RAM user
Create a user group
Create a custom policy
Grant permissions to the RAM user
Log on to the Alibaba Cloud Management Console as a RAM user
Show more
Show less
RAM User Management
Overview of RAM users
Basic operations
Logon management
Authorization management
Show more
Show less
RAM User Group Management
Overview of a RAM user group
Create a user group
Add a RAM user to a RAM user group
Remove a RAM user from a RAM user group
View the basic information about a RAM user group
Modify the basic information about a RAM user group
Grant permissions to a RAM user group
View the permissions of a RAM user group
Revoke permissions from a RAM user group
Delete a user group
Show more
Show less
RAM Role Management
RAM role overview
Service-linked roles
Create a RAM role
View the information about a RAM role
Grant permissions to a RAM role
Remove permissions from a RAM role
Edit the trust policy of a RAM role
Specify the maximum session duration for a RAM role
Assume a RAM role
Delete a RAM role
Show more
Show less
Policy Management
Policy overview
Policy models
View the basic information about a policy
Custom policies
Manage policy references
Policy language
Example policies
Show more
Show less
SSO Management
SSO overview
Scenarios of SSO
User-based SSO
Role-based SSO
Show more
Show less
OAuth Management
Overview
Common scenarios
Manage an OAuth application
Configurations for OAuth SDKs
Show more
Show less
AccessKey Pair Management
Create an AccessKey pair
View the information about AccessKey pairs of a RAM user
Rotate AccessKey pairs of RAM users
Disable an AccessKey pair of a RAM user
Delete an AccessKey pair of a RAM user
Show more
Show less
Security Settings
Overview of security settings
Passwords
Basic security settings
Advanced settings
Multi-factor authentication
Show more
Show less
Security
Resilience in RAM
Show more
Show less
API Reference
API overview
API Reference (IMS)
API Reference (RAM)
API Reference (STS)
Show more
Show less
SDK Reference
IMS SDK reference
RAM SDK Reference
STS SDK Reference
Show more
Show less
Best Practices
Use RAM to ensure security of the Alibaba Cloud resources of your enterprise
Use RAM to manage user permissions and resources
Show more
Show less
Tutorials
Use RAM to manage permissions of O&M engineers
Use RAM to limit the IP addresses that are allowed to access Alibaba Cloud resources
Use RAM to limit the period of time in which users are allowed to access Alibaba Cloud resources
Use RAM to limit the methods of access to Alibaba Cloud resources
Allow only MFA-enabled RAM users to access cloud resources
Use an STS token for authorizing a mobile app to access Alibaba Cloud resources
Use RAM to authorize applications to access Alibaba Cloud resources
Use a RAM role to grant permissions across Alibaba Cloud accounts
Use RAM to create and authorize resource groups
Use a resource group to manage an ECS instance
Use tags to grant access to ECS instances by group
Use tags to grant access to ApsaraDB RDS instances by group
Use RAM to manage ECS permissions
Use RAM to manage OSS permissions
Use RAM to manage ApsaraDB RDS permissions
Use RAM to manage CLB permissions
Use RAM to manage CDN permissions
Use RAM roles to manage VPC permissions
Use RAM to manage ActionTrail permissions
View RAM operation events in the ActionTrail console
Show more
Show less
FAQ
FAQ about RAM users
FAQ about RAM roles and STS tokens
FAQ about AccessKey pairs
FAQ about MFA
FAQ about SSO
What do I do if I fail to delete my Alibaba Cloud account?
How do I modify the validity period of a logon session or an STS token?
How do I troubleshoot an access denied error?
Show more
Show less
Permissions on Cloud Services
EventBridge
Elastic Compute Service (ECS)
Resource Access Management (RAM)
ActionTrail
Object Storage Service (OSS)
Cloud Config
Resource Management
Function Compute (FC) Permission List
Message Service
Tablestore (OTS)
Log Service (SLS)
Network Attached Storage (NAS)
Elastic IP Address (EIP)
Container Registry (CR)
Virtual Private Cloud (VPC)
Application Load Balancer (ALB)
Security Center
Key Management Service (KMS)
Resource Access Management (IMS)
Global Accelerator (GA)
Operation Orchestration Service (OOS)
Cloud Enterprise Network (CEN)
Serverless Workflow (FnF)
Alibaba Cloud Container Service for Kubernetes (ACK)
Show more
Show less
Resource Access Management (RAM) is a service provided by Alibaba Cloud. It allows you to manage user identities and resource access permissions.
RAM console
Getting started
学习路径
Learn to use RAM step by step.
Learn
Product Introduction
What is RAM?
What is STS?
Terms
Limits
Services that work with RAM
Services that work with STS
Start
Getting Started
Configure security policies for RAM users
Create a RAM user
Create a user group
Create a custom policy
Grant permissions to a RAM user
Log on to the Alibaba Cloud Management Console as a RAM user
Use
RAM User Management
Overview of RAM users
Create a RAM user
Grant permissions to a RAM user
Bind an MFA device to a RAM user
Log on to the Alibaba Cloud Management Console as a RAM user
RAM User Group Management
Overview of a RAM user group
Create a user group
Add a RAM user to a RAM user group
Grant permissions to a RAM user group
RAM Role Management
RAM role overview
Service-linked roles
Grant permissions to a RAM role
Assume a RAM role
Policy Management
Policy Management
Create a custom policy
Policy elements
Policy structure and syntax
Policy evaluation process
Overview of sample policies
Policy evaluation process
Policy evaluation process of assuming a RAM role
SSO Management
SSO overview
Scenarios of SSO
Overview of user-based SSO
Overview of role-based SSO by using SAML
Overview of role-based SSO by using OIDC
OAuth Management
OAuth overview
Common scenarios
Manage an OAuth application
AccessKey Pair Management
Create an AccessKey pair
View the information about AccessKey pairs of a RAM user
Rotate AccessKey pairs of RAM users
Practice
Best Practices
Use RAM to ensure security of the Alibaba Cloud resources of your enterprise
Use RAM to manage user permissions and resources
Develop
API Reference
API overview
API Reference (IMS)
API Reference (RAM)
API Reference (STS)
SDK Reference
IMS SDK Reference
RAM SDK Reference
STS SDK Reference
View more frequently asked questions, cases, and solutions.
FAQ about RAM users
FAQ about RAM roles and STS tokens
FAQ about AccessKey pairs
FAQ about MFA
FAQ about SSO
What do I do if I fail to delete my Alibaba Cloud account?
How do I modify the validity period of a logon session or an STS token?
How do I troubleshoot an access denied error?