Creating a Custom Policy
Custom policies can be created as a supplement to the system policies of FunctionGraph.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit JSON policies from scratch or based on an existing policy.
For details, see Creating a Custom Policy. This section introduces examples of common FunctionGraph custom policies.
Example Custom Policies
- Example 1: Authorizing a user to query function code and configuration
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "functiongraph:function:list", "functiongraph:function:getConfig", "funcitongraph:function:getCode" ] } ] } - Example 2: Denying function deletion
A policy with only "Deny" permissions must be used in conjunction with other policies to take effect. If both "Allow" and "Deny" permissions are assigned to a user, the "Deny" permissions take precedence over the "Allow" permissions.
If you need to assign permissions of the FunctionGraph FullAccess policy to a user but prevent the user from deleting functions, create a custom policy for denying function deletion, and attach both policies to the group to which the user belongs. In this way, the user can perform all operations on FunctionGraph except deleting functions. The following is an example of a deny policy:
{ "Version": "1.1", "Statement": [ "Effect": "Deny", "Action": [ "functiongraph:function:delete" ] ] }
Last Article: Creating a User and Granting Permissions
Next Article: Building a FunctionGraph Function
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.