Overview
AI Registry is a fully managed platform for AI application developers that provides unified registration, discovery, and management of AI assets such as prompts and skills.
To grant AI Registry access to RAM users (sub-accounts) or through STS temporary credentials, you use RAM permission policies to control their allowed actions and resources. This guide explains how to configure these policies.
Prerequisites
You have an Alibaba Cloud account and have activated the AI Registry service.
You have created at least one AI Registry workspace (namespace).
You are familiar with access control and know how to create users and configure permission policies in the RAM console.
Method 1: Use predefined policies
AI Registry provides the following predefined permission policies. You can attach them directly to a RAM user or user group in the RAM console without writing a policy yourself.
Policy name | Description |
AliyunAIRegistryReadOnlyAccess | Grants read-only access. This includes client-side read permissions and read-only operations in the console, such as viewing workspaces and prompts, but does not allow creation, modification, or deletion. |
AliyunAIRegistryFullAccess | Grants full access. Allows you to perform any operation on all AI Registry resources. |
AliyunAIRegistryPromptFullAccess | Grants full access to prompts. Allows all operations on prompt resources, such as creating, editing, publishing, deleting, and debugging. |
AliyunAIRegistryNamespaceFullAccess | Grants full access to workspaces. Allows all operations on workspaces (namespaces), such as creating, editing, and deleting. |
Procedure
Log on to the RAM console. In the navigation pane on the left, choose . Find the target RAM user and click Attach Policy. In the policy search box, enter AIRegistry. Select the required predefined policy and click OK.
If you only need to allow team members to view resource information, select the AliyunAIRegistryReadOnlyAccess policy. For full management capabilities, select the AliyunAIRegistryFullAccess policy.
Method 2: Create a custom permission policy
If predefined policies do not meet your requirements, such as granting access to a specific workspace or resource type, create a custom permission policy.
2.1 Key concepts
A custom policy consists of the following elements:
Effect: Allow or Deny.Action: The type of operation allowed.Resource: The resources to which the policy applies.
Action
Actions in AI Registry are divided into two levels:
General action—for client access:
Action | Description |
airegistry:Read | Applications use this action to pull resources, such as prompts, via SDKs or APIs. It covers only client-side read scenarios and does not grant any console operation permissions. |
API-level actions—for console operations (fine-grained authorization by specific API):
Category | Action | Description |
Workspace | airegistry:CreateNamespace | Creates a workspace. |
airegistry:ListNamespaces | Lists workspaces. | |
airegistry:GetNamespace | Gets workspace details. | |
airegistry:UpdateNamespace | Updates a workspace. | |
airegistry:DeleteNamespace | Deletes a workspace. | |
Prompt | airegistry:ListPrompts | Lists prompts. |
airegistry:GetPrompt | Gets prompt details. | |
airegistry:CreatePrompt | Creates a prompt. | |
airegistry:UpdatePrompt | Updates a prompt. | |
airegistry:DeletePrompt | Deletes a prompt. | |
airegistry:ListPromptVersions | Lists prompt versions. | |
airegistry:GetPromptVersion | Gets prompt version information. | |
airegistry:GetPromptVersionDetail | Gets prompt version details. | |
airegistry:CreatePromptVersion | Creates a prompt version. | |
airegistry:UpdatePromptVersion | Updates a prompt version. | |
airegistry:SubmitPromptVersion | Publishes a prompt version. | |
airegistry:DeletePromptVersion | Deletes a prompt version. | |
airegistry:GetPromptGovernance | Gets prompt governance information. | |
Debugging and optimization | airegistry:InvokePromptDebugStream | Debugs a prompt (streaming). |
airegistry:InvokePromptOptimizeStream | Optimizes a prompt (streaming). | |
airegistry:GetSupportedModels | Gets the list of supported models. |
The
airegistry:Readaction is for client-side read-only access only and does not grant any permissions for console operations. You must authorize console operations individually using API-level actions. If you need to grant both client-side read access and console operation permissions, you must combineairegistry:Readwith the required API-level actions.You can also use
airegistry:*as the Action to grant both client-side read access and all API-level operation permissions.
Resource
AI Registry identifies resources using an Alibaba Cloud Resource Name (ARN). The format is as follows:
acs:airegistry:*:*:instance/saas/{workspace-id}/{domain}/{resource-type}/{resource-name}Where:
workspace-id: Your workspace ID, which you can find in the AI Registry console.
domain: Currently fixed to DEFAULT.
resource-type: The resource type, such as
prompt,skill,mcp, oragent.resource-name: The name of the specific resource.
You can use the wildcard (*) to match multiple resources.
2.2 Authorization granularity
You can choose different levels of authorization granularity based on your needs:
Scope of authorization | Example |
All resources in all workspaces | acs:airegistry:*:*:instance/saas/* |
All resources in a specific workspace | acs:airegistry:*:*:instance/saas/{your-workspace-id}/* |
A specific type of resource in a specific workspace | acs:airegistry:*:*:instance/saas/{your-workspace-id}/DEFAULT/prompt/* |
A specific resource | acs:airegistry:*:*:instance/saas/{your-workspace-id}/DEFAULT/prompt/my-prompt |
2.3 Create a custom policy
Log on to the RAM console. In the navigation pane on the left, choose . Click Create Policy and select the JSON Editor tab. Write the policy content by referring to the examples below and click OK. Attach the created policy to the target RAM user or user group.
2.4 Common scenarios
Scenario 1: Grant read-only client access
Use case: An application needs to pull resources like prompts via an SDK or API and only requires read-only access.
{
"Statement": [
{
"Effect": "Allow",
"Action": "airegistry:Read",
"Resource": "acs:airegistry:*:*:instance/saas/{your-workspace-id}/*"
}
],
"Version": "1"
}Scenario 2: Grant full management of a workspace
Use case: Grant a team member full management permissions (both console and client) for a specific workspace.
{
"Statement": [
{
"Effect": "Allow",
"Action": "airegistry:*",
"Resource": "acs:airegistry:*:*:instance/saas/{your-workspace-id}/*"
}
],
"Version": "1"
}Scenario 3: Restrict access to prompts
Use case: A prompt engineer only needs to manage prompts and should not access other types of resources.
{
"Statement": [
{
"Effect": "Allow",
"Action": "airegistry:*",
"Resource": "acs:airegistry:*:*:instance/saas/{your-workspace-id}/DEFAULT/prompt/*"
}
],
"Version": "1"
}Alternatively, use the predefined policy AliyunAIRegistryPromptFullAccess to achieve the same result.
Scenario 4: Combine client and console permissions
Use case: An application can pull resources via a client, and the user can also manage prompts in the console.
{
"Statement": [
{
"Effect": "Allow",
"Action": "airegistry:Read",
"Resource": "acs:airegistry:*:*:instance/saas/{your-workspace-id}/*"
},
{
"Effect": "Allow",
"Action": [
"airegistry:CreatePrompt",
"airegistry:UpdatePrompt",
"airegistry:DeletePrompt",
"airegistry:CreatePromptVersion",
"airegistry:UpdatePromptVersion",
"airegistry:SubmitPromptVersion",
"airegistry:DeletePromptVersion",
"airegistry:InvokePromptDebugStream",
"airegistry:InvokePromptOptimizeStream"
],
"Resource": "acs:airegistry:*:*:instance/saas/{your-workspace-id}/DEFAULT/prompt/*"
}
],
"Version": "1"
}Scenario 5: Scope permissions to a specific resource
Use case: Allow a sub-account to access only one specific prompt.
{
"Statement": [
{
"Effect": "Allow",
"Action": "airegistry:*",
"Resource": "acs:airegistry:*:*:instance/saas/{your-workspace-id}/DEFAULT/prompt/my-prompt"
}
],
"Version": "1"
}2.5 Usage notes
Deny overrides Allow: When a user's permissions match both an Allow and a Deny policy for the same action, the Deny policy always takes precedence. You can combine Allow and Deny policies to grant broad permissions while restricting specific actions.
Workspace isolation: AI Registry automatically verifies the requester's ownership of the workspace. Accessing a workspace ID that belongs to another Alibaba Cloud account, even if specified in a RAM permission policy, is not permitted. This design prevents cross-account data leakage.
Workspace ID in policies: Replace the placeholder
{your-workspace-id}in the examples with your actual workspace ID. You can find this ID in the workspace list in the AI Registry console.Principle of least privilege: We recommend following the principle of least privilege. Grant users only the minimum permissions required to perform their tasks and avoid using overly broad wildcards.
FAQ
Q: What should I do if a sub-account receives a "permission denied" error?
A: Check the following:
Verify that the correct permission policy is attached to the sub-account.
Verify that the workspace ID in the permission policy matches the workspace being accessed.
Verify that the Action covers the required operation type (
airegistry:Reador specific API-level actions).If you are using a Deny policy, check that it is not unintentionally blocking required operations.
Q: How can I allow a sub-account to access only specific workspaces?
A: In the Resource element of your custom permission policy, specify the exact workspace IDs instead of using the wildcard (*). To authorize access to multiple workspaces, you can add multiple Statement elements to the policy.
Q: How do I configure permissions for access using STS temporary credentials?
A: The permissions for STS temporary credentials are constrained by both the permission policy of the RAM role and the policy passed when calling the AssumeRole API operation. Ensure that the required AI Registry permission policy is attached to the RAM role, and that the policy specified in the AssumeRole call does not narrow the required permissions.