Updated on 2023-04-03 GMT+08:00

Example of Identity-based Policy

SWR provides some permissions for roles. You can assign these permissions to IAM users or user groups. With these roles, you can control access to SWR resources and operations at different levels.

Tenant Administrator

Administrator permissions for all services except IAM, including all SWR permissions. Its JSON policy document is as follows:

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "obs:*:*"
            ],
            "Effect": "Allow"
        },
        {
            "Condition": {
                "StringNotEqualsIgnoreCase": {
                    "g:ServiceName": [
                        "iam"
                    ]
                }
            },
            "Action": [
                "*:*:*"
            ],
            "Effect": "Allow"
        }
    ]
}

Tenant Guest

Read-only permissions for all services except IAM, including permissions such as image pull.

Its JSON policy document is as follows:

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "obs:*:get*",
                "obs:*:list*",
                "obs:*:head*"
            ],
            "Effect": "Allow"
        },
        {
            "Condition": {
                "StringNotEqualsIgnoreCase": {
                    "g:ServiceName": [
                        "iam"
                    ]
                }
            },
            "Action": [
                "*:*:get*",
                "*:*:list*",
                "*:*:head*"
            ],
            "Effect": "Allow"
        }
    ]
}

ServiceStage Developer

ServiceStage developer permissions, including permissions such as image pull.

Its JSON policy document is as follows:

{
    "Version": "1.0",
    "Statement": [
        {
            "Action": [
                "servicestage:*:*"
            ],
            "Effect": "Allow"
        }
    ],
    "Depends": [
        {
            "catalog": "BASE",
            "display_name": "Tenant Guest"
        }
    ]
}

SWR Admin

SWR administrator permissions, including all SWR permissions.

Its JSON policy document is as follows:

{
    "Version": "1.0",
    "Statement": [
        {
            "Action": [
                "SWR:software:*",
                "SWR:dockerimage:*"
            ],
            "Effect": "Allow"
        }
    ]
}