Help Center/ Resource Access Manager/ User Guide/ Permissions Management/ Creating a User and Granting RAM Permissions
Updated on 2024-07-22 GMT+08:00
View PDF

Creating a User and Granting RAM Permissions

You can use Identity and Access Management (IAM) to implement fine-grained permissions control for your RAM resources. With IAM, you can:

  • Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing RAM resources.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust an account or a cloud service to perform professional and efficient O&M on your RAM resources.

If your account meets your permissions requirements, you can skip this section.

Figure 1 the process flow of user authorization.

Prerequisites

Before granting permissions to user groups, learn about the system-defined permissions for RAM described in Table 1. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

Table 1 System-defined permissions for RAM

Permission

Description

RAM FullAccess

Full permissions for RAM.

RAM ReadOnlyAccess

Read-only permissions for RAM.

RAM ResourceShareParticipantAccess

Permissions for accepting or reject a resource sharing invitation.

Process Flow

Figure 1 Process of granting RAM permissions
  1. On the IAM console, create a user group and assign permissions (RAM FullAccess as an example).

    Create a user group on the IAM console to assign the RAM FullAccess permissions to the group.

  2. Create an IAM user and add it to the user group.

    Create a user on the IAM console and add it to the user group created in 1.

  3. Log in and verify permissions.

    Log in to the RAM console as each of the created users, and verify that they each have the RAM FullAccess permission.

Parent topic: Permissions Management