Home PageCloud Architect Design ToolsSecurity and complianceUse RAM for access controlIdentity-based policiesSystem policies of CADT and usage notesSystem policies of CADT
Search for Help Content

System policies of CADT

Updated at: 2025-02-08 02:29
Product
Community

Overview

The following table describes the system policies that are supported by Cloud Architect Design Tool (CADT).

System policy of CADT

Description

System policy of CADT

Description

AliyunCADTReadOnlyAccess

Grants read-only permissions to manage CADT.

AliyunCADTImportAccess

Grants the permissions to detect and import resources in CADT.

AliyunCADTFullAccess

Grants full permissions to manage CADT.

CADT is used to configure and deploy cloud services. To implement O&M on resources of the cloud services that you deploy in CADT, you need to use the preceding three system policies of CADT with the system policies of the cloud services.

Permission

Description

System policy configuration

References

Permission

Description

System policy configuration

References

Read-only permissions

The permissions that are required to access applications and Alibaba Cloud resources in CADT in read-only mode. For example, after you are granted read-only permissions, you can view applications and draw diagrams in CADT, and view information such as the IP address and hostname of an Elastic Compute Service (ECS) instance and the IP address of an ApsaraDB RDS database for regular development and testing.

  • AliyunCADTReadOnlyAccess

  • Read-only permissions on the deployed cloud services

Read-only permissions

Import permissions

Import permissions allow you to detect Alibaba Cloud resources, draw diagrams, and create applications by using CADT. Import permissions also allow you to configure resources, import existing resources, verify resources, confirm the prices of resources, and view cost analysis reports in CADT. However, import permissions do not allow you to deploy resources.

  • AliyunCADTImportAccess

  • AliyunConfigFullAccess

  • Read-only permissions on the deployed cloud services

Import permissions

Full permissions

All the permissions that are required to manage CADT and Alibaba Cloud resources.

  • AliyunCADTFullAccess

  • AliyunConfigFullAccess

  • AliyunResourceDirectoryReadOnlyAccess

  • AliyunQuotasReadOnlyAccess

  • AliyunRAMReadOnlyAccess

  • AliyunBSSRefundAccess

  • Full permissions on the deployed cloud services

Full permissions

Preparations

Create a test application by using CADT

In this test, use your Alibaba Cloud account to deploy a simple application that contains an ECS instance and an elastic IP address (EIP) by using CADT. Name the application CADT-Test. image

Create a test RAM user

  1. Log on to the Resource Access Management (RAM) console.

  2. Create a test user named cadt-user. For more information, see Create a RAM user.image

Previous: System policies of CADT and usage notesNext: Read-only permissions
  • On this page (0, O)
  • Overview
  • Preparations
  • Create a test application by using CADT
  • Create a test RAM user
Feedback