In this article, you will learn about managing user access on Alibaba Cloud.
We can manage access from Alibaba Console feature called Resource Access Management.
This is how it looks like…
The first thing to manage access, you need to have user.
Go to Users (on left section) and click Create User.
Then, fill the box by your own.
Logon name and Console Password will be used for authenticating on RAM login page.
Login successfully.
Well, you need to add permission so that the user can execute or access the privileged features.
If you want to give FullAccess / Administrator, you just need to add like this.
Go to RAM -> Users (left section) -> Select the user (that you want to give access) -> Permission (third tab beside Authentication and Groups)
And then Add Permission -> Select Authorization (used to all resource or specified resource group) -> Select Policy (AdministratorAccess), if you want to give Administrator Access to the user -> OK.
The user will get Administrator Access and can perform as it as well 🙂
You can create custom policy too, let’s say want to give custom policy for specified OSS.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:ListBuckets"
],
"Resource": [
"acs:oss:*:*:*"
]
},
{
"Effect": "Allow",
"Action": [
"oss:ListObjects",
"oss:*"
],
"Resource": [
"acs:oss:*:*:$YOURBUCKET"
]
},
{
"Action": [
"oss:*"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:$YOURBUCKET/$DIR1/*"
]
},
{
"Action": [
"oss:*"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:$YOURBUCKET/$DIR1/$DIR2/$DIR3/*"
]
}
]
}
Nb:
Bucket can include directory/folder, so that you can specify until the specific directory. $YOURBUCKET’s value is the name of your bucket and $DIR-NUMBER’s values are based on your folders/directory depth. If your object exist on the first folder, you can restrict or write script until that path.
Then to add the policy, by the same way, you go to “add permission” page, and then select “CUSTOM POLICY” (NOT SYSTEM POLICY), and then choose that custom policy that you want to.
