diff --git a/deepfence_server/auth/policy.csv b/deepfence_server/auth/policy.csv
index bbf2d289e2..175c2c11ce 100644
--- a/deepfence_server/auth/policy.csv
+++ b/deepfence_server/auth/policy.csv
@@ -91,4 +91,3 @@ p, admin, license, read
 p, admin, license, write
 p, admin, license, delete
 p, standard-user, license, read
-p, read-only-user, license, read
diff --git a/deepfence_server/router/router.go b/deepfence_server/router/router.go
index 643c8a1ddb..d9eb1d0ac4 100644
--- a/deepfence_server/router/router.go
+++ b/deepfence_server/router/router.go
@@ -327,7 +327,7 @@ func SetupRoutes(r *chi.Mux, serverPort string, serveOpenapiDocs bool, ingestC c
 					r.Post("/enable", dfHandler.AuthHandler(ResourceScan, PermissionStart, dfHandler.ScheduleAgentPluginsEnable))
 					r.Post("/disable", dfHandler.AuthHandler(ResourceScan, PermissionStart, dfHandler.ScheduleAgentPluginsDisable))
 				})
-				r.Post("/cloud-node", dfHandler.AuthHandler(ResourceScan, PermissionStart, dfHandler.GetCloudNodeControls))
+				r.Post("/cloud-node", dfHandler.AuthHandler(ResourceScan, PermissionRead, dfHandler.GetCloudNodeControls))
 				r.Post("/cloud-node/enable", dfHandler.AuthHandler(ResourceScan, PermissionStart, dfHandler.EnableCloudNodeControls))
 				r.Post("/cloud-node/disable", dfHandler.AuthHandler(ResourceScan, PermissionStart, dfHandler.DisableCloudNodeControls))
 			})