System-Defined Policies

**Table 1** GES system-defined policies
Policy Name	Description
GES FullAccess	Permissions for all operations on GES, including creating, deleting, accessing, and updating graphs. NOTE: Users with the permissions of this policy also need the following policy permissions granted: Tenant Guest, Server Administrator, and VPC Administrator. To use resources stored on OBS for other services, you need the OBS OperateAccess permission. OBS is a global service. You can find the corresponding OBS policy in the Global service project scope.
GES Development	Operator permissions for all operations except creating, deleting, resizing, and expanding graphs. NOTE: To use resources stored on OBS for other services, you need the OBS OperateAccess permission. OBS is a global service. You can find the corresponding OBS policy in the Global service project scope.
GES ReadOnlyAccess	Read-only permissions for viewing resources, such as graphs, metadata, and backup data. NOTE: To use resources stored on OBS for other services, you need the OBS OperateAccess permission. OBS is a global service. You can find the corresponding OBS policy in the Global service project scope.

It takes about 13 minutes for an OBS role to take effect after being applied to a user or group. A policy takes about 5 minutes.

**Table 2** Common operations supported by each system-defined policy
Operation	GES FullAccess	GES Development	GES ReadOnlyAccess	Resource
Querying the graph list	Yes	Yes	Yes	-
Querying graph details	Yes	Yes	Yes	graphName
Creating graphs	Yes	No	No	graphName
Accessing graphs	Yes	Yes	No	graphName
Stopping graphs	Yes	Yes	No	graphName
Starting graphs	Yes	Yes	No	graphName
Deleting graphs	Yes	No	No	graphName
Importing Incremental data to graphs	Yes	Yes	No	graphName
Exporting graphs	Yes	Yes	No	graphName
Clearing graphs	Yes	Yes	No	graphName
Upgrading graphs	Yes	Yes	No	graphName
Resizing a Graph	√	No	No	graphName
Expanding a Graph	√	No	No	graphName
Restarting a Graph	√	Yes	No	graphName
Binding EIPs	Yes	Yes	No	graphName
Unbinding an EIP	Yes	Yes	No	graphName
Querying backups of all graphs	Yes	Yes	Yes	-
Querying backups of a graph	Yes	Yes	Yes	-
Adding backups	Yes	Yes	No	backupName
Deleting a graph backup	Yes	Yes	No	backupName
Querying the metadata list	Yes	Yes	Yes	-
Querying metadata	Yes	Yes	Yes	metadataName
Verifying metadata	Yes	Yes	No	-
Adding metadata	Yes	Yes	No	metadataName
Deleting metadata	Yes	Yes	No	metadataName
Querying task statuses	Yes	Yes	Yes	-
Querying the task list	Yes	Yes	Yes	-
Configuring fine-grained permissions	√	Yes	No	-
Configuring user groups	√	Yes	No	-
Importing IAM users	√	Yes	No	-
Viewing user details	√	Yes	Yes	-

Parent topic: Policy Permissions

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.