Resource Access Management (RAM) is the Alibaba Cloud identity and access control service that mPaaS integrates with to manage which identities can access your console and apps.
RAM lets you create multiple identities under a single Alibaba Cloud account and assign different permissions to a single identity or a group of identities. A RAM user is an entity with a fixed identity ID and certificate that represents a specific person or application.
mPaaS supports all the features of RAM. After you create a RAM user and grant the required permissions, the RAM user can log on to the mPaaS console. You can then apply policies to isolate resources between RAM users and control which mPaaS apps each RAM user can access.
mPaaS supports two levels of access control for RAM users:
App-level access control: Isolates app resources between RAM users. See Application-level access control for RAM users.
Component-level access control: Restricts access to specific console components. Components a RAM user is not authorized to access remain visible in the menu but are inaccessible. See Component-level access control for RAM users.