Document Center
all-products-head
This Product
This Product
All Products
Resource Access Management
Resource Access Management
All Products
Getting Started
What is RAM?
When do I use RAM?
Quick start: Create a RAM user and grant permissions
Quick start: Create and use an AccessKey pair for programmatic access
Quick start: Configure SSO for an enterprise IdP
Best practices for identity and permissions
Limitations
Announcements and updates
Billing
Show more
Show less
Identity Management
RAM user management
AccessKey pair management
RAM user group management
RAM role management
Show more
Show less
Access Management
Policy models
Policy overview
Basic operations
Policy language
Example policies
Show more
Show less
SSO Management
SSO overview
Use cases of SSO
User-based SSO
Role-based SSO
Show more
Show less
OAuth Management
Overview of OAuth applications
Common use cases
Manage enterprise applications
Manage third-party applications
Configurations for OAuth SDKs
Show more
Show less
Access Analysis
Identify external access
Identify over-privileged identities
Remediate over-privileged access with Access Analyzer
Validate policies
Permission audit
Show more
Show less
Use Cases
Best practices
Tutorials
Show more
Show less
Developer Reference
API overview
API reference
SDK reference
CLI reference
System Policy Reference
Show more
Show less
Support
FAQ
Show more
Show less
Resource Access Management (RAM) is a service provided by Alibaba Cloud. It allows you to manage user identities and resource access permissions.
RAM console
Getting started
学习路径
Learn to use RAM step by step.
Learn
Product Introduction
What is RAM?
What is STS?
Terms
Limits
Services that work with RAM
Services that work with STS
Start
Getting Started
Configure security policies for RAM users
Create a RAM user
Create a user group
Create a custom policy
Grant permissions to a RAM user
Log on to the Alibaba Cloud Management Console as a RAM user
Use
RAM User Management
Overview of RAM users
Create a RAM user
Grant permissions to a RAM user
Bind an MFA device to a RAM user
Log on to the Alibaba Cloud Management Console as a RAM user
RAM User Group Management
Overview of a RAM user group
Create a user group
Add a RAM user to a RAM user group
Grant permissions to a RAM user group
RAM Role Management
RAM role overview
Service-linked roles
Grant permissions to a RAM role
Assume a RAM role
Policy Management
Policy Management
Create a custom policy
Policy elements
Policy structure and syntax
Policy evaluation process
Overview of sample policies
Policy evaluation process
Policy evaluation process of assuming a RAM role
SSO Management
SSO overview
Scenarios of SSO
Overview of user-based SSO
Overview of role-based SSO by using SAML
Overview of role-based SSO by using OIDC
OAuth Management
OAuth overview
Common scenarios
Manage an OAuth application
AccessKey Pair Management
Create an AccessKey pair
View the information about AccessKey pairs of a RAM user
Rotate AccessKey pairs of RAM users
Practice
Best Practices
Use RAM to ensure security of the Alibaba Cloud resources of your enterprise
Use RAM to manage user permissions and resources
Develop
API Reference
API overview
API Reference (IMS)
API Reference (RAM)
API Reference (STS)
SDK Reference
IMS SDK Reference
RAM SDK Reference
STS SDK Reference
View more frequently asked questions, cases, and solutions.
FAQ about RAM users
FAQ about RAM roles and STS tokens
FAQ about AccessKey pairs
FAQ about MFA
FAQ about SSO
What do I do if I fail to delete my Alibaba Cloud account?
How do I modify the validity period of a logon session or an STS token?
How do I troubleshoot an access denied error?