You can use a RAM role, a RAM user, or the root user to access members. For security
purposes, we recommend that you use a RAM role or RAM user to access members.
Use a RAM role to access a member
The system automatically creates a RAM role named ResourceDirectoryAccountAccessRole
for each member in a resource directory. The trusted entity of the role is the management
account of the resource directory. You can use the management account or a RAM user
of the management account to assume the ResourceDirectoryAccountAccessRole role of
a member and access the member.
- Create a RAM user by using the management account.
In this example, the RAM user Alice is created. For more information, see
Create a RAM user.
- Grant permissions to Alice.
You must grant the following permissions to Alice:
- AliyunSTSAssumeRoleAccess: the permission to call the AssumeRole operation of Security
Token Service (STS)
- AliyunResourceDirectoryFullAccess: the permission to manage a resource directory
Note If you want to use Alice as an administrator, you can grant the AdministratorAccess
permission to Alice.
For more information about how to grant permissions to a RAM user, see Grant permissions to a RAM user.
- Use Alice to log on to the Resource Management console.
- In the left-side navigation pane, choose .
- Click the Organization or Members tab.
- Find the member that you want to access and click Logon Account in the Actions column.
Then, you can use Alice to assume the RAM role ResourceDirectoryAccountAccessRole
of the member and perform the operations that are defined for the RAM role.
Use a RAM user to access a member
You can create a RAM user for a member and use this RAM user to log on to the Alibaba
Cloud Management Console and access the member.
- Use a RAM user that belongs to the management account to assume the related RAM role
and access a member.
- Create a RAM user for the member.
In this example, the RAM user Tom is created. For more information, see
Create a RAM user.
- Grant permissions to Tom.
If you want to access all the resources of a member, grant the AdministratorAccess
permission to Tom. In other cases, grant permissions to Tom based on your business
requirements. For more information, see
Grant permissions to a RAM user.
- Use Tom to log on to the Alibaba Cloud Management Console.
Use the root user to access a member
You can use the root user to log on to the Alibaba Cloud Management Console and access
the member.
Note For security purposes, we recommend that you do not use the root user to access members.
- Log on to the Alibaba Cloud Management Console.
Note If you have logged on to the Alibaba Cloud Management Console by using another account,
log off from the console first.
- Enter the username and password of your account.
- Click Sign In.