All Products
Search

This Product

    Resource Access Management:Create a RAM user

    Document Center

    Resource Access Management:Create a RAM user

    Last Updated:Aug 08, 2025

    A Resource Access Management (RAM) user is an identity in RAM. You can create RAM users for an Alibaba Cloud account and authorize the RAM users to access different resources.

    Procedure

    1. Log on to the RAM console by using an Alibaba Cloud account or a RAM user who has administrative rights.

    2. In the left-side navigation pane, choose Identities > Users.

    3. On the Users page, click Create User. image

    4. In the User Account Information section of the Create User page, configure the following parameters:

      • Logon Name: The logon name can be up to 64 characters in length, and can contain letters, digits, periods (.), hyphens (-), and underscores (_).

      • Display Name: The display name can be up to 128 characters in length.

      • Tag: Click the edit icon and enter a tag key and a tag value. Adding tags helps you categorize and manage RAM users.

      Note

      You can click Add User to create multiple RAM users at a time.

    5. In the Access Mode section, select an access mode and configure the required parameters.

      For enhanced security, we recommend creating separate users for individuals and for applications. Choose only one access mode accordingly to maintain this separation.

      • Console access

        For users who are individuals, we recommend enabling Console Access. This allows them to sign in to the Alibaba Cloud Management Console with a username and password. If you select Console Access, you must configure the following parameters:

        • Set Logon Password: You can select Automatically Regenerate Default Password or Reset Custom Password. If you select Reset Custom Password, you must specify a password. The password must meet complexity requirements. For more information, see Configure a password policy for RAM users.

        • Password Reset: specifies whether the RAM user is required to reset the password at the next sign-in.

        • Enable MFA: specifies whether to enable multi-factor authentication (MFA) for the RAM user. After you enable MFA, you must bind an MFA device to the RAM user. For more information, see Bind an MFA device to a RAM user.

      • Programmatic access

        For users that represent applications, enable Using permanent AccessKey to access for the RAM user. The system will generate a permanent AccessKey ID and AccessKey Secret for API calls. For more information, see Obtain an AccessKey pair.

        Important

        • The AccessKey Secret is displayed only once when it is created and cannot be retrieved later. Therefore, you must save it in a secure location.

        • An AccessKey pair is a permanent credential for application access. If the AccessKey pair of an Alibaba Cloud account is leaked, the resources that belong to the account are exposed to potential risks. To prevent credential leak risks, we recommend that you use Security Token Service (STS) tokens. For more information, see Best practices for using an access credential to call API operations.

    6. Click OK.

    7. Complete security verification as prompted.

    What to do next

    1. Grant permissions to the RAM user.

      By default, a new RAM user has no permissions. You must grant permissions to the user before they can access any Alibaba Cloud resources. For more information, see Grant permissions to RAM users.

    2. Log on to the Alibaba Cloud Management Console as the RAM user or call an operation.

      For more information, see Log on to the Alibaba Cloud Management Console as a RAM user and RAM APIs.