Policy

Last updated: 2020-02-25 16:25:37

PDF

Operation scene

This document describes how to create custom policies through different creation methods. Custom policies allow fine-grained Permission division, which can flexibly meet the differentiated Permission management needs of users.

prerequisite

You have logged in to the Access management console and entered the Policy Manage the page.

Operation step

Create by policy generator

According to the policy created by the policy generator, by selecting services and actions from the policy wizard and defining resources, the policy syntax is generated automatically, which is simple and flexible, and is recommended first.

  1. On the policy management page, click "Create Custom Policy" in the upper left corner.
  2. In the pop-up selection creation method window, click "create by Policy Builder" to go to the select services and actions page.
  3. On the Select Services and Operations page, add the following information.
  • Service (required): select the products that need to be added.
  • Action (required): select the action you want to authorize.
  • Resources (required): fill in the six segments of the resources you want to authorize. For details, please refer to Resource description mode .
  • Conditions (Optional): set the effective conditions of the above authorization for the sub-account. For details, please refer to Effective condition .
  • The operation of some services does not need Associate object, then Enter resource description is not needed, and resources can be filled in. * .
  • Multiple declarations can be added to a policy.
  1. Click "add statement" > "next" to go to the edit policy page.
  2. On the policy editing page, supplement the policy name and policy remarks information, and confirm the policy content, where the policy name and policy content are automatically generated by the console.
  • The policy name defaults to "policygen" and the suffix number is generated according to the creation date. You can customize it.
  • The content of the policy corresponds to the services and actions in step 3, and you can modify it according to your actual needs.
  1. Click "create Policy" to complete the operation of creating a custom policy by Policy Builder.

Create by product feature or project permission

Created by Features

According to the policy created by Features, it is set by users, and the granularity of Permission can be controlled when the service is accessed, to solve user demands that have certain requirements for Permission division but are not complex.

  1. On the policy management page, click "Create Custom Policy" in the upper left corner.
  2. In the pop-up window of creation method, click create by Features or Project Permission to go to the page of configuring service type.
  3. On the configure service type page, add the policy name information.
  4. Select the service type in the Select Service Type bar, and click "next" to open the Permission page.
  • You can choose content distribution network, ILVB, queue type, topic model, SMS.
  • Multiple selection is supported.
  1. When opening the Permission page, set the function Permission switch that needs to be turned on to Status And click "next" to enter the Associate object page.
  2. On the Associate object page, click [Associate object], and select the object you want Associate.
  3. Click "finish" to complete the custom policy created by Features.

Created by project Permission

Resources with first-class project attributes are quickly authorized to users or user groups according to the policy created by project Permission.

  1. On the policy management page, click "Create Custom Policy" in the upper left corner.
  2. In the pop-up window of creation method, click create by Features or Project Permission to go to the page of configuring service type.
  3. On the configure service type page, enter the policy name, select Project Management in the Select Service Type bar, and click next to open Permission page.
  4. On the Permission page, configure the project management function according to the actual needs.
  • If you need to manage CDN-related project cloud resources, please set the "manage cloud resources within CDN business projects" Set to .
  • If you need to manage project cloud resources related to other products, please set the "manage cloud resources within other business projects" Set to .
  1. On the Associate object page, click Associate object.
  2. In the pop-up Associate object box, select by project, check the object to Associate, and click "OK".
  3. Click "finish" to complete the operation of creating a custom policy by project Permission.

Create by Policy Syntax

The policy created according to the syntax is set by the user, and Permission's granularity is flexible and controlled by the user to solve the user demands with higher requirements for Permission's fine division.

  1. On the policy management page, click "Create Custom Policy" in the upper left corner.
  2. In the pop-up selection creation method window, click "create by Policy Syntax" to go to the select policy template page.
  3. Select the policy template page, you can enter keywords to search, such as template type is all templates, keyword is a, select AdministratorAccess template.
  4. Click "next" to go to the edit policy page.
  5. On the edit policy page, confirm the policy name and policy content, and click create Policy to complete the creation of a custom policy according to the policy syntax. The default policy name and policy content are automatically generated by the console, the policy name defaults to "policygen", and the suffix number is generated according to the creation date.

Authorize by tag

According to the policy of label authorization, resources with a class of tag attributes are quickly authorized to users or user groups.

  1. On the policy management page, click "Create Custom Policy" in the upper left corner.
  2. In the pop-up selection creation method window, click "Authorization by tag" to enter the Authorization by tag page.
  3. Select the following information on the authorization page by label, and click "next" to go to the inspection page.
  • Assign users / user groups: check the users / user groups that need to be authorized. (optional)
  • In tag key: select tag key who needs authorization. (required)
  • And have tag value: choose tag value who needs authorization. (required)
  • Resources: the default is to manage Permission.
  1. On the check page, confirm the policy name and policy content, and then click "finish" to complete the creation of a custom policy by tag authorization. The default policy name and policy content are automatically generated by the console, the policy name defaults to "policygen", and the suffix number is generated according to the creation date.