Grant a Resource Access Management (RAM) user the permissions to access CloudMonitor so they can monitor your Vector Retrieval Service (VRS) (DashVector) instances.
DashVector permissions and CloudMonitor permissions are managed separately. Granting one does not grant the other.
Prerequisites
Before you begin, ensure that you have:
A RAM user created under your Alibaba Cloud account. See Create a RAM user.
Grant CloudMonitor permissions to a RAM user
Log on to the RAM console.
In the left-side navigation pane, choose Identities > Users.
On the Users page, find the RAM user and click Add Permissions in the Actions column.
In the Grant Permissions panel, set Resource Scope to Account, then select one or more policies.
Choose a policy type
Start with a system policy for most use cases. Switch to a custom policy only if you need to restrict access to specific CloudMonitor actions.
System policy (recommended): Select a policy from the list and click OK.
Policy name Description AliyunCloudMonitorFullAccess Permissions to manage CloudMonitor resources AliyunCloudMonitorReadOnlyAccess Read-only permissions for CloudMonitor resources 
Custom policy: Select a custom policy from the list. To create one, see Create custom policies.
Example: Allow exporting monitoring data
The following policy grants permission to export CloudMonitor data using the
cms:BatchGetandcms:Cursoractions.{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "cms:BatchGet", "cms:Cursor" ], "Resource": [ "*" ], "Condition": {} } ] }
CloudMonitor allows you to grant RAM users the permissions only on an Alibaba Cloud account.
After the Succeed message appears, click Complete.
For more information about how to grant a RAM user the permissions to use CloudMonitor, see Grant permissions to a RAM user.