Creating a Custom Policy
Custom policies can be created as a supplement to the system policies of BMS. For the actions supported for custom policies, see Permissions Policies and Supported Actions.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions without the need to know policy syntax.
- JSON: Edit JSON policies from scratch or based on an existing policy.
For details, see Creating a Custom Policy. This section provides examples of common BMS custom policies.
Example Custom Policies
- Example 1: Allowing users to change BMS names
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "bms:servers:list", "bms:servers:get", "bms:servers:put" ] } ] } - Example 2: Allowing users to start multiple BMSs at a time
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "bms:servers:list", "bms:servers:get", "bms:servers:start" ] } ] } - Example 3: Denying BMS power-off
A deny policy must be used in conjunction with other policies to take effect. If the policies assigned to a user contain both Allow and Deny actions, the Deny actions take precedence over the Allow actions.
The following method can be used if you need to assign the BMS FullAccess policy to a user but also forbid the user from powering off BMSs (permission: bms:servers:stop). Create a custom policy for denying BMS power-off, and assign both the policies to the group the user belongs to. Then, the user can perform all operations on BMS except powering off them. The following is a policy for denying BMS power-off.
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "bms:servers:stop" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
