Help Center> Blockchain Service> User Guide (ME-Abu Dhabi Region)> Managing Enhanced Hyperledger Fabric Instances> Permissions Management> Creating a Custom Policy
Updated on 2023-10-11 GMT+08:00
View PDF

Creating a Custom Policy

Custom policies can be created to supplement the system-defined policies of BCS.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Edit policies from scratch or based on an existing policy in JSON format.

For details, see Creating a Custom Policy. The following section contains examples of common BCS custom policies.

  1. On the management console homepage, click Identity and Access Management.
  2. In the navigation pane, choose Permissions > Policies/Roles and click Create Custom Policy.
  3. On the Create Custom Policy page, set the policy name, view, content, and description, then click OK.

    • Policy Name: Enter a custom policy name, for example, "partial BCS permissions".
    • Policy View: Select JSON.
    • Policy Content: Enter the policy content based on the template.
      For example, copy the following content to grant permissions for instance, channel, and member management. 
      {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "bcs:blockchains:list",
                "bcs:channels:list",
	        "bcs:members:list"		
            ]
        }
    ]
}
      Table 1 Policy content parameters

      Parameter

      Description

      Setting

      Version

      Policy version

      Fixed to 1.1.

      Statement

      Effect

      Whether the actions are allowed
      • Allow
      • Deny

      Action

      Operations to be performed on BCS

      Each action name is in the format of Service name:Resource type:Operation and cannot be customized. Table 2 lists the fine-grained permissions supported by BCS. After you set any action, the permissions for the action will be granted to the IAM user.
      Table 2 Action description

      Related Action

      Action Description

      bcs:peer:get

      Querying peers

      bcs:notifications:list

      Managing notifications

      bcs:blockchain:get

      Querying BCS service details

      bcs:notification:get

      Querying notification details

      bcs:membertopo:get

      Querying topology information

      bcs:contract:get

      Viewing contract details

      bcs:member:get

      Querying member details

      bcs:plugin:get

      Querying add-on details

      bcs:dashboard:get

      Viewing the dashboard

      bcs:sdkcfg:post

      Downloading SDK configurations

      bcs:blockchainondemand:create

      Creating BCS services

      bcs:blockchain:awakehibernate

      Freezing or unfreezing instances

      bcs:notification:put

      Processing notifications

      bcs:eip:put

      Updating EIPs

      bcs:plugin:delete

      Deleting add-ons

      bcs:taskserver:create

      Creating the taskserver add-on

      bcs:member:put

      Inviting tenants

      bcs:notification:delete

      Deleting notifications

      bcs:channel:create

      Creating channels

      bcs:member:delete

      Deleting members

      bcs:channel:put

      Adding peers to channels

      bcs:blockchain:upgrade

      Upgrading or rolling back BCS services

      bcs:cert:post

      Downloading certificates

      bcs:blockchain:delete

      Deleting BCS services

      bcs:channel:delete

      Deleting a channel

      bcs:members:list

      Listing members

      bcs:channels:list

      Listing channels

      bcs:plugins:list

      Listing add-ons

      bcs:blockchains:list

      Listing BCS services

      bcs:contracts:list

      Listing contracts

      bcs:restapi:create

      Creating the baas-restapi add-on

      bcs:cluster:post

      Cluster-related operations

Parent topic: Permissions Management