Updated on 2022-09-16 GMT+08:00

Creating a Custom Policy

Custom policies can be created as a supplement to system-defined policies of DDM.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Permissions > Policies > Custom Policies > Creating a Custom Policy in the Identity and Access Management User Guide. The following section contains examples of common DDM custom policies.

Example Policies

  • Example: Denying DDM instance deletion

    A deny policy must be used together with other policies. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions. The following is an example of a deny policy:

    { 
          "Version": "1.1", 
          "Statement": [ 
                { 
               "Effect": "Deny", 
                      "Action": [ 
                            "ddm:instance:delete" 
                      ] 
                } 
          ] 
    }
    The following is an example custom policy with both Allow and Deny permissions:
    {
    	"Version": "1.1",
    	"Statement": [{
                                   "Effect": "Allow"
    			"Action": [
    				"*:*:*"
    			],
    		},
    		{
    			"Action": [
    				"ddm:instance:create",
    			],
    			"Effect": "Deny"
    		}
    	]
    }