Updated on 2024-03-29 GMT+08:00

SMS Custom Policies

You can create custom policies using the visual editor, or with a JSON file.

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Creating a Custom Policy. If you need to migrate source servers to a specific enterprise project, create a custom policy by referring to Assigning Permissions to a User Group by Enterprise Project.

The following are example SMS custom policies:

  • Example SMS policy that contains permissions for project-level services
    {
        "Version": "1.1",
        "Statement": [
            {
                "Action": [
                    "vpc:securityGroups:create",
                    "vpc:securityGroupRules:create",
                    "vpc:vpcs:create",
                    "vpc:publicIps:create",
                    "vpc:subnets:create",
                    "ecs:cloudServers:create",
                    "ecs:cloudServers:attach",
                    "ecs:cloudServers:detachVolume",
                    "ecs:cloudServers:start",
                    "ecs:cloudServers:stop",
                    "ecs:cloudServers:delete",
                    "ecs:cloudServers:reboot",
                    "ecs:cloudServers:updateMetadata",
                    "ecs:serverPasswords:manage",
                    "ecs:serverKeypairs:delete",
                    "ecs:diskConfigs:use",
                    "ecs:CloudServers:create",
                    "ecs:servers:setMetadata",
                    "ecs:serverVolumes:use",
                    "ecs:serverKeypairs:create",
                    "ecs:serverInterfaces:use",
                    "ecs:serverGroups:manage",
                    "ecs:securityGroups:use",
                    "ecs:servers:unlock",
                    "ecs:servers:rebuild",
                    "ecs:servers:lock",
                    "ecs:servers:reboot",
                    "evs:volumes:use",
                    "evs:volumes:create",
                    "evs:volumes:update",
                    "evs:volumes:delete",
                    "evs:volumes:attach",
                    "evs:volumes:detach",
                    "evs:snapshots:create",
                    "evs:snapshots:delete",
                    "evs:snapshots:rollback",
                    "ecs:*:get*",
                    "ecs:*:list*",
                    "evs:*:get*",
                    "evs:*:list*",
                    "vpc:*:list*",
                    "vpc:*:get*",
                    "ims:*:get*",
                    "ims:*:list*"
                ],
                "Effect": "Allow"
            }
        ]
    }
  • Example SMS policy that contains permissions for global services
    {
        "Version": "1.1",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                     "sms:server:registerServer",
                     "sms:server:migrationServer",
                     "sms:server:queryServer"
                ]
            }
        ]
    }

For details about policies supported by SMS, see Table 1.

Table 1 Policy description

Policy

Permission Description

sms:server:queryServer

Read-only permission for viewing source servers

sms:server:registerServer

Read/write permissions for registering source servers

sms:server:migrationServer

Read/write permissions for migrating source servers