DAS Custom Policies
Custom policies can be created to supplement the system-defined policies of DAS.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit JSON policies from scratch or based on an existing policy.
For details, Creating a Custom Policy. The following describes examples of common DAS custom policies.
Examples of DAS Custom Policies
- Example 1: Granting the permission to create DDS DB instances
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "das:instance:create" ] } ] } - Example 2: Denying DDS DB instance deletion
A deny policy must be used together with other policies. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permission takes precedence over the "Allow" permission.
If you need to assign the DDS FullAccess policy to a user but want to forbid this user to delete DDS DB instances, create a custom policy for denying DDS DB instance deletion. Then, assign both the DDS FullAccess and Deny policies to the group the user belongs to. With this method, the user can perform all operations on DDS DB instances except for instance deletion. The following is an example of the deny policy:
{ "Version": "1.1", "Statement": [{ "Action": ["das:instance:deleteInstance"], "Effect": "Deny" }] }
Last Article: Creating a User and Granting Permissions
Next Article: Logging In to the DAS Console
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.