This topic describes the terms related to Resource Management.
Terms related to Resource Directory
A management account is an account that is used to enable a resource directory and is the super administrator of the resource directory. The management account has all administrative permissions on the resource directory and the members in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as a management account. Each resource directory has only one management account.
To ensure the security of the management account, we recommend that you create an Alibaba Cloud account and use this Alibaba Cloud account as the root user of the management account. Do not use an existing Alibaba Cloud account to enable a resource directory. In addition, you can create a RAM user for the management account, grant administrator permissions to the RAM user, and use this RAM user to manage the entire resource directory. Only the management account of a resource directory or a RAM user that has administrator permissions can be used to perform operations in the resource directory.
Note A management account does not belong to a resource directory and is not limited by the access control policies of a resource directory.
|Root folder||The Root folder is the parent folder of all the other folders in a resource directory. These folders are organized in a hierarchy that starts from the Root folder.|
|folder||A folder is an organizational unit in a resource directory. A folder may indicate a branch, line of business, or project of an enterprise. Each folder can contain members and subfolders, which forms a tree-shaped organizational structure.|
A member serves as a container for resources and is also an organizational unit in a resource directory. A member indicates a project or application. The resources of different members are isolated. You can use a management account to grant the required permissions to a RAM user or RAM role and use this RAM user or RAM role to log on to or access members.
The following types of members are supported:
|RDP||A resource directory path (RDP) indicates the location of a resource entity (folder
or member) in a resource directory. The RDP of a resource entity consists of the ID
of the resource entity, the IDs of all the parent folders of the resource entity,
and the ID of the resource directory to which the resource entity belongs. An RDP
is in one of the following formats:
Terms related to Resource Group
|resource group||You can sort resources owned by your Alibaba Cloud account into various resource groups. This facilitates resource management among multiple projects or applications within your Alibaba Cloud account and simplifies permission management.|
|Resource Meta Center||The metadata of a resource refers to the attribute information about the resource. The information includes the name, IP address, and tags of the resource. The Resource Meta Center (RMC) service allows you to search for resources that belong to different resource groups, cloud services, or resource types by using the metadata of the resources.|
Terms related to Resource Sharing
|resource share||A resource share is an instance of the Resource Sharing service. It is also a cloud resource and has a unique ID and an Alibaba Cloud Resource Name (ARN). A resource share consists of a resource owner, shared targets, and shared resources.|
|resource owner||A resource owner initiates resource sharing and owns shared resources. It is the enterprise management account or a member account of a resource directory.|
|shared target||A shared target shares the resources of resource owners. It has specific operation
permissions on the shared resources. A shared target is a member account of a resource
directory. Multiple shared targets can share the same resource.
Note The operation permissions of each shared target on the shared resources are determined based on the Alibaba Cloud service to which the resources belong. For example, the operation permissions of shared targets on the shared vSwitches in a VPC are determined based on the VPC service. For more information, see Permissions related to VPC sharing.
|shared resource||A shared resource is a resource of an Alibaba Cloud service, such as a vSwitch in a VPC.|
Terms related to Tag
A tag consists of a key-value pair.
|custom tag||A custom tag is created by a user. For more information, see Add a custom tag.|
|preset tag||A preset tag is a tag that you create in advance and is added to the resources in all regions. You can create preset tags in the stage of tag planning and add them to specific cloud resources in the stage of tag implementation. The system provides some common built-in types for preset tags. This allows you to quickly plan tag systems. For more information, see Create a preset tag.|
|system tag||A system tag is defined by the system. You can only query system tags. System tags present data relationships in a standard manner. In some specific cases, you can use system tags to assist in processing your business. For example, a cluster is associated with an Elastic Compute Service (ECS) instance, and the system automatically adds the system tag of the cluster ID to the ECS instance. This way, you can determine the attribution of the ECS instance based on the system tag. For more information, see View system tags and the resources to which the system tags are added.|
|tag editor||A tag editor is a tool that is used to manage resource tags in a centralized manner. You can use a tag editor to search for resources that belong to different Alibaba Cloud services and reside in different regions. In addition, you can use a tag editor to add, modify, or remove tags for multiple resources at a time, and export resource lists.|