All Products
Search

This Product

    Cloud Architect Design Tools:Read-only permissions

    Document Center

    Cloud Architect Design Tools:Read-only permissions

    Last Updated:Apr 26, 2024

    Overview

    To grant read-only permissions on applications and Alibaba Cloud resources in Cloud Architect Design Tools (CADT) to a Resource Access Management (RAM) user, you must grant the following permissions to the RAM user:

    • AliyunCADTReadOnlyAccess

    • Read-only permissions on the deployed cloud services

    Grant permissions to a RAM user

    1. Log on to the RAM console. On the Users page, find the RAM user to which you want to grant permissions, and click Add Permissions in the Actions column. In this example, the cadt-user user is used.image

    2. In the Add Permissions panel, attach the following policies to the cadt-user user and click OK.

      In this example, a test application named CADT-Test is used. The CADT-Test application contains Virtual Private Cloud (VPC), Elastic Compute Service (ECS), and Elastic IP Address (EIP) resources. Therefore, you must grant the AliyunCADTReadOnlyAccess permission and the read-only permissions on the VPC, ECS, and EIP resources to the cadt-user user.

      • AliyunCADTReadOnlyAccess

      • AliyunVPCReadOnlyAccess

      • AliyunECSReadOnlyAccess

      • AliyunEIPReadOnlyAccess

        image

    3. Click Complete. The following figure shows the policies that are attached to the cadt-user user.image

    Verify permissions

    After the preceding permissions are granted to the cadt-user user, the cadt-user user has read-only access to applications and Alibaba Cloud resources in CADT. You can use the cadt-user user to view applications and draw diagrams in CADT, and view information such as the IP address and hostname of an ECS instance for regular development and testing.

    1. Open a browser in incognito mode, and log on to the Alibaba Cloud Management Console as the cadt-user user. Then, log on to the CADT console.imageimageimage

    2. In the top navigation bar, choose Application > My Applications. On the All Applications page, you can view all applications that are created within the Alibaba Cloud account to which the cadt-user user belongs. Find the CADT-Test application, move the pointer over the application, and then click View Architecture.imageimageimage

    3. Double-click the ECS and EIP resource icons in sequence, and then click Go to Console to view the details of the resource.

      • View the details of the ECS instance.imageimage

      • View the details of the EIP.

        imageimage

    4. Verify that the cadt-user user can create applications, design architectures, and configure parameters, but does not have permissions to save or deploy applications.image