Creating a User and Granting RAM Permissions

You can use Identity and Access Management (IAM) to implement fine-grained permissions control for your RAM resources. With IAM, you can:

Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing RAM resources.
Grant users only the permissions required to perform a given task based on their job responsibilities.
Entrust an account or a cloud service to perform professional and efficient O&M on your RAM resources.

If your account meets your permissions requirements, you can skip this section.

Figure 1 the process flow of user authorization.

Prerequisites

Before granting permissions to user groups, learn about the system-defined permissions for RAM described in Table 1. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

**Table 1** System-defined permissions for RAM
Permission	Description
RAM FullAccess	Full permissions for RAM.
RAM ReadOnlyAccess	Read-only permissions for RAM.
RAM ResourceShareParticipantAccess	Permissions for accepting or reject a resource sharing invitation.

Process Flow

Figure 1 Process of granting RAM permissions

On the IAM console, create a user group and assign permissions (RAM FullAccess as an example).
Create a user group on the IAM console to assign the RAM FullAccess permissions to the group.
Create an IAM user and add it to the user group.
Create a user on the IAM console and add it to the user group created in 1.
Log in and verify permissions.
Log in to the RAM console as each of the created users, and verify that they each have the RAM FullAccess permission.