All Products
Document Center

Cloud Architect Design Tools:Read-only permissions

Last Updated:Mar 10, 2023


To grant read-only permissions on applications and Alibaba Cloud resources in Cloud Architect Design Tool (CADT) to a RAM user, you need to grant the following permissions to the RAM user:

  • AliyunCADTReadOnlyAccess

  • Read-only permissions on the deployed cloud services

Grant permissions to a RAM user

  1. Log on to the Resource Access Management (RAM) console. On the Users page, find the RAM user to which you want to grant permissions, and click Add Permissions in the Actions column. In this example, the cadt-user user is used.image

  2. In the Add Permissions panel, attach the following policies to the cadt-user user and click OK.

    In this example, the test application CADT-Test created in the "System policies of CADT" topic is used. The CADT-Test application contains Virtual Private Cloud (VPC), Elastic Compute Service (ECS), and Elastic IP Address (EIP) resources. Therefore, you must grant the AliyunCADTReadOnlyAccess permission and the read-only permissions on the VPC, ECS, and EIP resources to the cadt-user user.

    • AliyunCADTReadOnlyAccess

    • AliyunVPCReadOnlyAccess

    • AliyunECSReadOnlyAccess

    • AliyunEIPReadOnlyAccess

  3. Click Complete. The following figure shows the policies that are attached to the cadt-user user.image

Verify permissions

After the preceding permissions are granted to the cadt-user user, the cadt-user user has read-only access to applications and Alibaba Cloud resources in CADT. The cadt-user user can view applications and draw diagrams in CADT, and view information such as the IP address and hostname of an ECS instance for regular development and testing.

  1. Open a browser in incognito mode, and log on to the Alibaba Cloud Management Console as the cadt-user user. Then, log on to the CADT console.imageimage

  2. In the navigation bar, choose Applications > My Applications. On the All Applications page, view all applications that are created by the Alibaba Cloud account to which the cadt-user user belongs. Find the CADT-Test application and click View Architecture.imageimage

  3. Double-click the ECS instance or EIP resource, and then click Go to Console to view the details of the resource.

    • View the details of the ECS instance.imageimage

    • View the details of the EIP.


  4. Verify that the cadt-user user can create applications, design architectures, and configure parameters, but does not have permissions to save or deploy applications.image