Overview

<p>If you purchase multiple ECS instances, multiple users in your organization need to use these instances. RAM will help you manage users&rsquo; resource access control. Resource Access Management (RAM) refers to user identity management and access control services provided by Ping An Cloud&rsquo;s public cloud. With RAM, you can create and manage user accounts and control the access of these user accounts to the resources under your tenant.</p>

Create User

<p>Please perform the following steps to create users:</p> <p>1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Log on to Ping An Cloud Console and click <strong>All Products &rarr; Resource Access Management &rarr; User &rarr; Management &rarr; Create</strong> in the left navigation bar, and then the Create User window pops up.</p> <p>2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Input the required information and click <strong>Create</strong> to complete the creation.</p> <p><strong>Note: </strong></p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; After being created, all users can be found on the user management page where operations of Join Group, Authorization, Delete and Reset Password are available.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; Click a Login Name to enter the User Information page for the user&rsquo;s Basic Information, Access Key Information, User Groups and User Policy.</p>

Create Group

<p>If more than one RAM users are created under your account, it is recommended that you manage the users and their permissions through user groups.</p> <p>To create a group, please log on to Ping An Cloud Console, select <strong>All Products &rarr; Resource Access Management &rarr; Group &rarr; Create</strong>, and input the name of the group to be created and click <strong>Confirm</strong> on the pop-up window.</p> <p><strong>Note: </strong></p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; After being created, all groups can be found on the Group page, where groups can be edited, authorized and deleted.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; Click the name of a group to enter the Group Information page for the Basic Information, Members Of Group and Group Policy.</p>

Create Authorization Policy

<p>Access control supports two types of authorization policies: customized policy and system policy.</p> <p><span style="font-size:18px"><strong>Customized Policy</strong></span></p> <p>Please perform the following steps to create a customized authorization policy:</p> <p>1.&nbsp;&nbsp;&nbsp;&nbsp; Log on to Ping An Cloud Console to select <strong>All Products &rarr; Resource Access Management &rarr; Policy</strong> in the left navigation bar, and select <strong>Customized Policy</strong>.</p> <p>2.&nbsp;&nbsp; Click <strong>Create</strong> in the upper-right corner and the Create Policy window pops up.</p> <p>3.&nbsp;&nbsp; Select Blank Template and we can edit based on this blank template as shown below.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pacloud/20191204114439-1793aa9b9d35.png" style="height:377px; width:830px" /></p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; Name: set the name of the authorization policy. In this example, the name of the customized policy is GetRamSummar.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; Content: input the content of the authorization policy. In this example, the content shown below refers to the information on the object-based storage bucket obtained by the user or user group.</p> <p>-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Resource (a list of operation objects): It is the abstract of the object entity presented by the cloud service to the user for interaction, e.g. RAM and ECS instance.</p> <p>-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Action (a list of operation names): Action supports multiple values, which are the API operation names defined by cloud services.</p> <p>-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Effect (authorization type): the value of Effect is Allow or Deny.</p> <p><strong>Note:</strong> When creating a customized authorization policy, you need to understand the basic structure and syntax of the authorization policy language. For further details of the authorization policy language, please refer to <a href="https://pinganyun.com/ssr/help/manage/ram/manual">Authorization Policy Language</a>.</p> <p>4.&nbsp;&nbsp; After the policy is edited, click <strong>Submit</strong> to complete the creation of the customized authorization policy.</p> <p><strong>Note: </strong></p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; After being created, all customized policies can be found on the Policy page, where policies can be edited and deleted.</p> <p>&bull;&nbsp;&nbsp;&nbsp;&nbsp; Click the name of a policy to enter the Policy Information page for the CURRENT VERSION and HISTORY VERSIONS of the policy and the current version can be edited.</p> <p>&nbsp;</p> <p><span style="font-size:18px"><strong>System Policy</strong></span></p> <p>The system authorization policy is a common set of authorization policies provided by Ping An Cloud. It is mainly for the read-only permission or all permissions of different products. For this set of authorization policies provided by Ping An Cloud, users can only use them for authorization rather than editing or modifying them. Ping An Cloud will automatically update or modify these system authorization policies.</p>

Attach Policy to User or Group

<p>To strengthen network security control, you can attach an authorization policy to a user or a group.</p> <p><strong>User Authorization</strong></p> <p>Operation steps: log on to Ping An Cloud Console, select <strong>All Products &rarr; Resource Access Management &rarr; User</strong>, find the user to which you want to attach an authorization policy, click <strong>Authorization</strong> and the Authorization window pops up. Select the appropriate authorization policy name to complete the authorization.</p> <p><strong>Group Authorization</strong></p> <p>Operation steps: log on to Ping An Cloud Console, select <strong>All Products &rarr; Resource Access Management &rarr; Group</strong>, find the group to which you want to attach an authorization policy, click <strong>Authorization</strong> and the Authorization window pops up. Select the appropriate authorization policy name to complete the authorization.</p>
Did the above content solve your problem? Yes No
Please complete information!

Call us

400-151-8800

Email us

cloud@pingan.com

Online customer service

Instant reply

Technical Support

cloud products