Help Center> Data Lake Insight> User Guide> Permissions Management> Creating a Custom Policy

Creating a Custom Policy

Custom policies can be created as a supplement to the system policies of DLI. For the actions supported for custom policies, see Permissions Policies and Supported Actions.

You can create custom policies in either of the following two ways:

Visual editor: Select cloud services, actions, resources, and request conditions without the need to know policy syntax.
JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Creating a Custom Policy. This section describes common DLI custom policies.

Example Custom Policies

Example 1: Allow policies

Allow users to create tables in all databases of all regions:

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dli:database:create_table"
            ],
            "Resource": [
                "dli:*:*:database:*"
            ]
        }
    ]
}

Allow users to query column col in the table tb of the database db in the region where the user is located:

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dli:column:select"
            ],
            "Resource": [
                "dli:cn-north-7:*:column:databases.db.tables.tb.columns.col"
            ]
        }
    ]
}

Example 2: Deny policies

A deny policy must be used in conjunction with other policies to take effect. If the permissions assigned to a user contain both Allow and Deny actions, the Deny actions take precedence over the Allow actions.

Deny users to create or delete databases, submit jobs (except the default queue), or delete tables.

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "dli:database:create_database",
                "dli:database:drop_database",
                "dli:queue:submit_job",
                "dli:table:drop_table"
            ],
            "Resource": [
                "dli:*:*:database:*",
                "dli:*:*:queue:*",
                "dli:*:*:table:*"
            ]
        }
    ]
}

Deny users to submit jobs in the demo queue.

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "dli:queue:submit_job"
            ],
            "Resource": [
                "dli:*:*:queue:queues.demo"
            ]
        }
    ]
}

Parent topic: Permissions Management

Last Article: Creating a User and Granting Permissions

Next Article: DLI Resources

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English

Help Center

Creating a Custom Policy

Example Custom Policies