This topic describes the differences among management accounts, members, resource accounts, cloud accounts, root users, and RAM users.
Management account
A management account is an Alibaba Cloud account that has passed enterprise verification. After you use this Alibaba Cloud account to enable a resource directory, the account becomes the management account of the resource directory. The management account is the super administrator of the resource directory. It has all administrative permissions on the resource directory and the folders and members in the resource directory. Each resource directory has only one management account.
Member
A member can be a resource account or cloud account. Members that are created in a resource directory are resource accounts. A resource account is used to isolate the resources of a project or application on Alibaba Cloud from other resources. You can invite existing Alibaba Cloud accounts to join your resource directory. After the owners of the Alibaba Cloud accounts accept the invitations, the accounts become the members of the resource directory. These members are cloud accounts.
Resource account
A member that is created in a resource directory is a resource account. Resource accounts do not have root users and provide higher security. A root user of an Alibaba Cloud account is the administrator of the account. For more information about how to create a resource account, see Create a member.
Cloud account
A member that is invited to join a resource directory is a cloud account. Cloud accounts have root users. For more information about how to invite an Alibaba Cloud account to join a resource directory, see Invite an Alibaba Cloud account to join a resource directory.
Root user
A root user refers to an Alibaba Cloud account identity and has all administrative permissions on resources within the related Alibaba Cloud account. After you log on to the Alibaba Cloud Management Console by using the username and password of an Alibaba Cloud account, you have logged on to the console as the root user of the account.
To ensure account security and avoid sharing the logon password or AccessKey pairs of the root user with other users, we recommend that you create a RAM user for the management account or each cloud account, grant the required permissions to the RAM user, and then use the RAM user to perform related operations.
RAM user
A RAM user is a physical identity that has a fixed ID and credential information in RAM. A RAM user represents a person or an application. You can create RAM users within an Alibaba Cloud account and authorize the RAM users to access different resources.