Resource Access Management

To operate a project on cloud, company F created a master account on Ping An Cloud and bought several cloud services. Several employees participating in the project needed to conduct different operations on the resources stored in the cloud, such as procurement and O&M. As they came from different departments, therefore, different privileges were required. Being concerned about the security of businesses deployed on the cloud, company F was reluctant to disclose master account keys directly to its employees. In this situation, it can use RAM to create sub-accounts for and assign different privileges to various employees (see figure 1), or set up user groups and bind related authorization strategies to each group and then add users to such groups for centralized management (see figure 2).

F is a financial company that owns a master account in Ping An Cloud and has bought cloud services for deployment of its business applications. However, F wanted to focus on business expansion, so it entrusted the system O&M to company I. For the benefit of data and account security, F does not need to hand over its master account keys to company I, but uses RAM to create a sub-user account for company I and grant suitable access permissions to it. Company I can then further fine-detail such permission and grant them to its employees. When cooperation between company F and I is terminated, company F may end or delete the accesses permissions granted to company I at any time.