- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Getting Started with MAS
- Modules
- Namespace
- Multi-Active Instances
- Application Management
- Monitor Management
- Credential Management
- Event Monitoring
- Audit Logs
- Permissions Management
-
FAQs
-
MAS FAQs
- Is MAS a Product or Solution?
- Does MAS Synchronize Data in Addition to Controlling Access from Applications to Databases?
- Is MAS Like a Management Channel for Which I Need to Configure Automatic Switchover Policies?
- What Is the Automatic Switchover Mechanism? How Does MAS Implement Switchovers in Seconds?
-
Multi-Active DR Solution FAQs
- In the Single- or Dual-Instance Data Layer Architecture (Same Region, Multi-AZ, Traffic Distribution with API Gateway), Which Components Are Provided by MAS and Which Ones Should I Prepare?
- Can I Implement the Active-Active Solution on Any Other Services in Addition to Self-Built Cloud Services?
- How Do I Implement Database Dual-Write?
- Does the Multi-Active Architecture Have Any Requirements on My Services?
- What Are the RPO and RTO of the Multi-Active DR Solution?
- Does the Multi-Active DR Solution Have Any Network Requirements? Will Incorrect Switchover Occur If the Network is Unstable or Jitters?
- How Do I Configure Monitoring for Multi-AZ Deployment in the Same Region?
- Will MAS and API Gateway Be Deployed on Both Huawei Cloud and Our Cloud?
- MAS Usage FAQs
-
MAS FAQs
- General Reference
Show all
Copied.
MAS Custom Policies
Custom policies can be created to supplement the system-defined policies of MAS. You can create custom policies using one of the following methods:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit JSON policies from scratch or based on an existing policy.
The following section contains examples of common MAS custom policies.
Example of Custom Policies
- Example 1: Authorizing users to create, modify, and check instances
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "mas:instance:create", "mas:instance:modify", "mas:instance:list", "mas:instance:get" ] } ] }
- Example 2: Authorizing users to use all components and monitors in MAS
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "mas:monitor:*", "mas:component:*" ] } ] }
- Example 3: Denying MAS instances deletion
A policy with only "Deny" permissions must be used in conjunction with other policies to take effect. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
The following method can be used if you need to assign permissions of the MAS FullAccess policy to a user but you want to prevent the user from deleting instances. Create a custom policy for denying instance deletion, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on MAS except deleting instances. The following is an example of a deny policy:
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "mas:instance:delete" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot