All Products
Search

This Product

    Cloud Architect Design Tools:Full permissions

    Document Center

    Cloud Architect Design Tools:Full permissions

    Last Updated:Nov 22, 2024

    Overview

    To grant full permissions on Cloud Architect Design Tools (CADT) and related Alibaba Cloud resources to a Resource Access Management (RAM) user, you must attach the following policies to the RAM user:

    • AliyunCADTFullAccess

    • AliyunConfigFullAccess

    • AliyunResourceDirectoryReadOnlyAccess

    • AliyunRAMReadOnlyAccess

    • AliyunQuotasReadOnlyAccess

    • Full permissions on the cloud services to manage

      Note

      If subscription resources are involved, you must attach the AliyunBSSRefundAccess policy to the RAM user.

    Grant permissions to a RAM user

    1. Log on to the RAM console. On the Users page, find the desired RAM user and click Add Permissions in the Actions column. In this example, the cadt-user user is used.image

    2. In the Grant Permission panel, attach the following policies to the RAM user and click Grant permissions.

      In this example, a test application named CADT-Test is used. The CADT-Test application contains a Virtual Private Cloud (VPC), an Elastic Compute Service (ECS) instance, and an Elastic IP Address (EIP). Therefore, you must attach the AliyunCADTFullAccess and AliyunConfigFullAccess policies to the cadt-user user and grant full permissions on VPC, ECS, and EIP to the cadt-user user.

      • AliyunCADTFullAccess

      • AliyunConfigFullAccess

      • AliyunResourceDirectoryReadOnlyAccess

      • AliyunRAMReadOnlyAccess

      • AliyunQuotasReadOnlyAccess

      • AliyunVPCFullAccess

      • AliyunECSFullAccess

      • AliyunEIPFullAccess

    • After you attach the policies to the user, click the name of the user on the Users page to go to the user details page. Click the Permissions tab to view the attached policies. The following figure shows the policies that are attached to the user.

    Verify permissions

    After the preceding permissions are granted to the cadt-user user, the cadt-user user has full permissions on CADT and related Alibaba Cloud resources.

    1. Open a browser in incognito mode, and log on to the Alibaba Cloud Management Console as the cadt-user user. Then, log on to the CADT console.imageimageimage

    2. In the top navigation bar, choose Application > My Applications. On the All Applications tab, find the test application, move the pointer over the test application, and then click Copy Architecture to quickly create an application that is the same as the test application.image

    3. In the SaveApplication dialog box, enter an application name and click OK. Click View Architecture. On the page that appears, switch to the Edit mode and click Save.image

    4. Click Deploy Application to deploy the application.image

    5. Follow the instructions to verify the availability of resources, confirm the prices and the order, and then deploy the application.imageimageimage

    6. Wait until the application is deployed. The following figure shows the page that is displayed after successful deployment.image

    7. Click Resource List in the lower part of the canvas, and click Release All Resources to verify the permissions to release resources.image

      Wait until all resources in the application are released.

      image

    8. Use the preceding method to verify the permissions that are granted to the RAM user on other CADT features.imageimage