Example of Identity-based Policy
SWR provides some permissions for roles. You can assign these permissions to IAM users or user groups. With these roles, you can control access to SWR resources and operations at different levels.
Tenant Administrator
Administrator permissions for all services except IAM, including all SWR permissions. Its JSON policy document is as follows:
{
"Version": "1.1",
"Statement": [
{
"Action": [
"obs:*:*"
],
"Effect": "Allow"
},
{
"Condition": {
"StringNotEqualsIgnoreCase": {
"g:ServiceName": [
"iam"
]
}
},
"Action": [
"*:*:*"
],
"Effect": "Allow"
}
]
}
Tenant Guest
Read-only permissions for all services except IAM, including permissions such as image pull.
Its JSON policy document is as follows:
{
"Version": "1.1",
"Statement": [
{
"Action": [
"obs:*:get*",
"obs:*:list*",
"obs:*:head*"
],
"Effect": "Allow"
},
{
"Condition": {
"StringNotEqualsIgnoreCase": {
"g:ServiceName": [
"iam"
]
}
},
"Action": [
"*:*:get*",
"*:*:list*",
"*:*:head*"
],
"Effect": "Allow"
}
]
}
ServiceStage Developer
ServiceStage developer permissions, including permissions such as image pull.
Its JSON policy document is as follows:
{
"Version": "1.0",
"Statement": [
{
"Action": [
"servicestage:*:*"
],
"Effect": "Allow"
}
],
"Depends": [
{
"catalog": "BASE",
"display_name": "Tenant Guest"
}
]
}
SWR Admin
SWR administrator permissions, including all SWR permissions.
Its JSON policy document is as follows:
{
"Version": "1.0",
"Statement": [
{
"Action": [
"SWR:software:*",
"SWR:dockerimage:*"
],
"Effect": "Allow"
}
]
}
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
