Create a permission set

Procedure

1. Log on to the CloudSSO console.

2. In the left-side navigation pane, click Access Configuration.

3. On the Access Configuration page, click Create Access Configuration.

4. In the Create Access Configuration panel, set the following parameters and click OK.

   • Access Configuration Name: Required. The permission set name. Must be unique within the directory.

   • Session Duration: Optional. Maximum duration a user can stay logged in to a member account, in seconds. Valid values: 900 (15 minutes) to 43,200 (12 hours). Default: 3,600 (1 hour).

   • Relay State: Optional. The URL to redirect users to after sign-in. Must be a page in the Alibaba Cloud Management Console. Default: console homepage.

   • Description: Optional. A description for the permission set.

5. Configure system policies.

   • Use system policies

     1. Select Use System Policy.

     2. Select the required system policies.

     3. Click Bind and Continue.

     4. Click Next.

   • Do not use system policies

     1. Select Do Not Use System Policy.

     2. Click Continue.

6. Configure inline policies.

   1. Click Create Inline Policy.

   2. Enter a name for the inline policy and click OK.

   3. Edit the inline policy content and click Update Inline Policy.

      Inline policies use Resource Access Management (RAM) policy syntax. Basic elements of a permission policy.

7. Click close.

What's next

After you create the permission set, assign it to CloudSSO users on member accounts so they can access account resources. Assign access to a member account.