Updated on 2024-04-19 GMT+08:00

Configuring Forcible Backup Policies

Forcible backup policies allow IAM users to forcibly back up data to ensure user data accuracy and security and service security.

You can configure forcible backup policies to grant permissions to IAM users to force backup, specifically:

  1. Grant permission to always enable a backup policy when it is created.
  2. Grant permission to prohibit disabling of backup policies when they are modified.
  3. Grant permission to force backup policy application during vault creation.

To ensure forcible backup, you are advised to configure all the three preceding policies.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a JSON policy or edit an existing one.

For details about how to create custom policies, see Creating a Custom Policy.

  1. Grant permission to always enable a backup policy when it is created.
    {
      "Version": "5.0",
      "Statement": [
        {
          "Effect": "Deny",
          "Action": ["cbr:policies:create"],
          "Condition": {
              "Bool": {
                  "cbr:EnabledPolicy": "false"
              }
          }
        }
      ]
    }
  2. Grant permission to prohibit disabling of backup policies when they are modified.
    {
    "Version": "5.0",
      "Statement": [
        {
          "Effect": "Deny",
          "Action": ["cbr:policies:update"],
          "Condition": {
              "Bool": {
                  "cbr:EnabledPolicy": "false"
              }
          }
        }
     ]
    }
  3. Grant permission to force backup policy application during vault creation.
    {
     "Version": "5.0",
        "Statement": [
            {
                "Effect": "Deny",
                "Action": [
                    "cbr:vaults:create"
                ],
                "Condition": {
                    "Null": {
                        "cbr:PolicyId": [
                            "true"
                        ]
                    }
                }
            }
        ]
    }