Creating a Custom Policy

Custom policies can be created as a supplement to system-defined policies of DDM.

You can create custom policies in either of the following ways:

Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Permissions > Policies > Custom Policies > Creating a Custom Policy in the Identity and Access Management User Guide. The following section contains examples of common DDM custom policies.

Example Policies

Example: Denying DDM instance deletion

A deny policy must be used together with other policies. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions. The following is an example of a deny policy:

{ 
      "Version": "1.1", 
      "Statement": [ 
            { 
           "Effect": "Deny", 
                  "Action": [ 
                        "ddm:instance:delete" 
                  ] 
            } 
      ] 
}

The following is an example custom policy with both Allow and Deny permissions:

{
	"Version": "1.1",
	"Statement": [{
                               "Effect": "Allow"
			"Action": [
				"*:*:*"
			],
		},
		{
			"Action": [
				"ddm:instance:create",
			],
			"Effect": "Deny"
		}
	]
}

Parent topic: Permissions Management

Previous topic: Creating a User and Granting Permissions

Next topic: Instance Management