Creating a Custom Policy
Custom policies can be created as a supplement to system-defined policies of DDM.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit JSON policies from scratch or based on an existing policy.
For details, see Permissions > Policies > Custom Policies > Creating a Custom Policy in the Identity and Access Management User Guide. The following section contains examples of common DDM custom policies.
Example Policies
- Example: Denying DDM instance deletion
A deny policy must be used together with other policies. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions. The following is an example of a deny policy:
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "ddm:instance:delete" ] } ] }
The following is an example custom policy with both Allow and Deny permissions:{ "Version": "1.1", "Statement": [{ "Effect": "Allow" "Action": [ "*:*:*" ], }, { "Action": [ "ddm:instance:create", ], "Effect": "Deny" } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.