DocsICP FilingConsole
官方文档
首页

Prepare a RAM user

更新时间:
复制 MD 格式
产品详情
我的收藏

To enhance the security of your Dataphin project data, it is advisable to create a RAM user and assign it specific permissions. This topic describes the steps to create a RAM user.

Background information

Before creating a RAM user, familiarize yourself with the Alibaba Cloud account and RAM user roles and permissions within Dataphin to make an informed decision based on your needs.

Account

Corresponding user roles and permissions in Dataphin

Alibaba Cloud account

This is the primary account of an Alibaba Cloud user and will by default become the super administrator account of Dataphin. Typically, enterprise managers use the Alibaba Cloud primary account. Due to its wide range of permissions, it is not recommended for employees in roles such as developers, operators, or analysts to use the Alibaba Cloud account.

RAM user

A sub-account that belongs to an Alibaba Cloud account. You can sync the RAM user to Dataphin, add it as a member of the project space, and grant it roles such as project administrator, developer, analyst, operator, or visitor to achieve fine-grained permission management in Dataphin. For the roles and permissions that can be granted to RAM users in Dataphin, see User roles and permissions.

To avoid project data security issues, it is recommended that you create a RAM user and assign it to other users. This allows you to:

  • Create RAM users for employees in different functional departments of the enterprise within your Alibaba Cloud account based on the business organization of the enterprise, allowing employees to have unique security credentials and use Dataphin.

  • Set different access privileges based on the functions of enterprise users to achieve permission isolation between users.

For example, during the use of Dataphin, an enterprise plans for different employees to be responsible for data development, data administration, and data analysis stages. The enterprise manager requires permission control and data security among employees. Therefore, you can create three RAM users, sync them to Dataphin, add them as members of the project space, and grant them the roles of developer, operator, and analyst, respectively.

Prerequisites

Before you begin creating a RAM user, ensure you have an Alibaba Cloud account. For instructions on creating an Alibaba Cloud account, see Prepare an Alibaba Cloud account.

Precautions

  • RAM users are part of an Alibaba Cloud account; they do not own resources or have an independent billing mechanism.

  • All fees incurred by RAM users for Alibaba Cloud products are billed to the associated Alibaba Cloud account.

Step 1: Create a RAM user

  1. Log on to the RAM console with your Alibaba Cloud account.

  2. In the left-side navigation pane, choose Identities > Users.

  3. On the Users page, click Create User.

    image

  4. In the User Account Information section of the Create User page, configure the following parameters:

    • Logon Name: The logon name can be up to 64 characters in length, and can contain letters, digits, periods (.), hyphens (-), and underscores (_).

    • Display Name: The display name can be up to 128 characters in length.

    • Tag: Click the edit icon and enter a tag key and a tag value. You can add one or more tags to the RAM user. This way, you can manage the RAM user based on the tags.

    Note

    You can click Add User to create multiple RAM users at a time.

  5. In the Access Mode section, select your desired access mode and configure the corresponding parameters.

    For account security, it is recommended to select only one access mode to differentiate between individual and programmatic users.

    • Console Access: For RAM users who are individuals, we recommend enabling console access. They can use their RAM username and password to access Alibaba Cloud services. It is important to maintain the security of the account password.

      If Console Access is selected, configure the following:

      • Set Password: You can either Auto-generate Password or choose a Custom Password. When opting for a Custom Logon Password, you are required to create a password that adheres to the specified complexity requirements. For more information, see Set RAM user password strength.

      • Require Password Reset: Choose whether to mandate a password reset at the next logon.

      • MFA (Multi-factor Authentication): Choose whether to activate MFA for the current RAM user. If set to Required, the RAM user is obligated to bind an MFA device upon logging on to the Alibaba Cloud Management Console. For more information, see how to bind an MFA device to a RAM user.

    • Use Permanent AccessKey

      For programmatic users, enable OpenAPI access. An AccessKey pair will be automatically generated for the RAM user. For more information, see Create an AccessKey.

  6. Click the Confirm button to complete the creation of the RAM user.

Step 2: Assign the RAM user account to other users

To assign the RAM user account to others, provide the following information:

  • RAM user logon link.

    Open the RAM console, navigate to the Overview page, select the Overview tab, and within the Basic Information section, click Copy Logon Address. Then, provide this address to the user who requires logon access. This address serves as the logon portal for RAM users.

    image

  • The RAM user's account and password, as saved during Step 1.

What to do next

Once the RAM user is set up, you can proceed to activate the Dataphin service. For further guidance, see Activate Dataphin.

Previous:Prepare an Alibaba Cloud accountNext:Activate Dataphin