Help Center/
SoftWare Repository for Container/
User Guide (Enterprise Edition)/
IAM-based Permissions Management/
SWR Custom Policies
Updated on 2025-09-28 GMT+08:00
SWR Custom Policies
Custom policies can be created to supplement system-defined policies of SWR.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details, see . This section illustrates common custom policies.
Example SWR custom policies
- Example 1: Allowing a user to upload and download images in the test-swr SWR Enterprise Edition instance in the test-namespace namespace
{ "Version": "5.0", "Statement": [ { "Effect": "Allow", "Action": [ "swr:repository:downloadArtifact", "swr:repository:uploadArtifact" ], "Resource": [ "swr:*:*:repository:test-swr/test-namespace/*" ] }, { "Effect": "Allow", "Action": [ "swr:instance:createTempCredential" ], "Resource": [ "*" ] } ] } - Example 2: Denying image replication from region A to region B
{ "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": [ "swr:instance:createReplicationPolicy" ], "Resource": [ "swr:*:*:instance:*" ], "Condition": { "StringEquals": { "swr:TargetRegion": [ "${region-b}" ], "swr:SourceRegion": [ "${region-a}" ] } } }, { "Effect": "Deny", "Action": [ "swr:instance:createReplicationPolicy" ], "Resource": [ "swr:*:*:instance:*" ], "Condition": { "ForAnyValue:StringEquals": { "swr:SourceUrls": [ "All repository addresses in region a" ], "swr:TargetUrls": [ "All repository addresses in region b" ] } } } ] }
Parent topic: IAM-based Permissions Management
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
