All Products
Document Center

:Read-only permissions

Last Updated:Apr 12, 2024


To grant read-only permissions on applications and Alibaba Cloud resources in Cloud Architect Design Tools (CADT) to a Resource Access Management (RAM) user, you must grant the following permissions to the RAM user:

  • AliyunCADTReadOnlyAccess

  • Read-only permissions on the deployed cloud services

Grant permissions to a RAM user

  1. Log on to the RAM console. On the Users page, find the RAM user to which you want to grant permissions, and click Add Permissions in the Actions column. In this example, the cadt-user user is used.image

  2. In the Add Permissions panel, attach the following policies to the cadt-user user and click OK.

    In this example, a test application named CADT-Test is used. The CADT-Test application contains Virtual Private Cloud (VPC), Elastic Compute Service (ECS), and Elastic IP Address (EIP) resources. Therefore, you must grant the AliyunCADTReadOnlyAccess permission and the read-only permissions on the VPC, ECS, and EIP resources to the cadt-user user.

    • AliyunCADTReadOnlyAccess

    • AliyunVPCReadOnlyAccess

    • AliyunECSReadOnlyAccess

    • AliyunEIPReadOnlyAccess


  3. Click Complete. The following figure shows the policies that are attached to the cadt-user user.image

Verify permissions

After the preceding permissions are granted to the cadt-user user, the cadt-user user has read-only access to applications and Alibaba Cloud resources in CADT. You can use the cadt-user user to view applications and draw diagrams in CADT, and view information such as the IP address and hostname of an ECS instance for regular development and testing.

  1. Open a browser in incognito mode, and log on to the Alibaba Cloud Management Console as the cadt-user user. Then, log on to the CADT console.imageimageimage

  2. In the top navigation bar, choose Application > My Applications. On the All Applications page, you can view all applications that are created within the Alibaba Cloud account to which the cadt-user user belongs. Find the CADT-Test application, move the pointer over the application, and then click View Architecture.imageimageimage

  3. Double-click the ECS and EIP resource icons in sequence, and then click Go to Console to view the details of the resource.

    • View the details of the ECS instance.imageimage

    • View the details of the EIP.


  4. Verify that the cadt-user user can create applications, design architectures, and configure parameters, but does not have permissions to save or deploy applications.image