Creating a Custom Policy
Custom policies can be created to supplement the system-defined policies of BCS.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit policies from scratch or based on an existing policy in JSON format.
For details, see Creating a Custom Policy. The following section contains examples of common BCS custom policies.
- On the management console homepage, click Identity and Access Management.
- In the navigation pane, choose Permissions > Policies/Roles and click Create Custom Policy.
- On the Create Custom Policy page, set the policy name, view, content, and description, then click OK.
- Policy Name: Enter a custom policy name, for example, "partial BCS permissions".
- Policy View: Select JSON.
- Policy Content: Enter the policy content based on the template.
For example, copy the following content to query instances and channels and create channels.
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "bcs:fabricInstance:getDetail", "bcs:fabricChannel:create", "bcs:fabricChannel:list" ] } ] }Table 1 Policy content parameters Parameter
Description
Setting
Version
Policy version
Fixed to 1.1.
Statement
Effect
Whether the actions are allowed
- Allow
- Deny
Action
Operations to be performed on BCS
Each action name is in the format of Service name:Resource type:Operation and cannot be customized. Table 2 lists the fine-grained permissions supported by BCS. After you set any action, the permissions for the action will be granted to the IAM user.
Table 2 Action description Action
Action Description
bcs:fabricInstance:listQuota
Querying quotas
bcs:fabricInstance:getFlavor
Querying Flavors
bcs:fabricInstance:listRecord
Querying Asynchronous Operation Results
bcs:fabricInstance:createOnDemand
Creating a BCS Service
bcs:fabricInstance:list
Querying the BCS Service List
bcs:fabricInstance:getStatus
Querying Creation Status of a BCS Service
bcs:fabricInstance:getDetail
Querying Service Information
bcs:fabricInstance:getNodes
Querying Peer Information
bcs:fabricInstance:update
Modifying a BCS Service
bcs:fabricInstance:delete
Deleting Service Instances
bcs:fabricInstance:downloadCert
Downloading Certificates
bcs:fabricInstance:downloadSdkCfg
Downloading the SDK Configuration
bcs:fabricInstance:createUserCert
Generating a User Certificate
bcs:fabricInstance:freezeUserCert
Freezing a User Certificate
bcs:fabricInstance:unfreezeUserCert
Unfreezing a User Certificate
bcs:fabricInstance:listInstanceMetric
Querying BCS Monitoring Data
bcs:fabricInstance:listOrgMetric
Listing Entity Monitoring Data of a BCS Service
bcs:fabricInstance:getOrgMetric
Querying the Number of Monitored BCS Organization Instances
bcs:fabricChannel:create
Creating a Channel
bcs:fabricChannel:list
Querying Channel Information
bcs:fabricChannel:addPeer
Adding Peers to a Channel
bcs:fabricChannel:removePeer
Removing a Peer from a Channel
bcs:fabricChannel:removeOrg
Removing Organizations from a Channel
bcs:fabricChannel:delete
Deleting a Channel
bcs:fabricMember:createInvitation
Inviting Tenants to Join a Consortium
bcs:fabricMember:deleteInvitation
Deleting Invitation Information
bcs:fabricMember:list
Listing Consortium Members
bcs:fabricMember:quit
Exiting a Consortium
bcs:fabricNotification:list
Querying All Notifications
bcs:fabricNotification:handle
Processing an Invitation
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
