Help Center/ Web3 Node Engine Service/ User Guide/ Permissions Management/ Custom Policies
Updated on 2024-05-10 GMT+08:00
View PDF
Share

Custom Policies

Custom policies can be created to supplement the system-defined policies of NES.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a policy in the JSON format from scratch or based on an existing policy.

For details, see Creating a Custom Policy. The following section contains examples of common NES custom policies.

  1. On the management console homepage, click Identity and Access Management.
  2. In the navigation pane, choose Permissions > Policies/Roles and click Create Custom Policy.
  3. On the Create Custom Policy page, set the policy name, view, content, and description, then click OK.

    • Policy Name: Enter a custom policy name, for example, partial NES permissions.
    • Policy View: Select JSON.
    • Policy Content: Enter the policy content based on the template.
      For example, to create a node, query a single node, and obtain node monitoring information, copy the following content: 
      {
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "bcs:nesNode:create",  
                "bcs:nesNode:get",
                "bcs:nesNode:getMetric"
            ],
            "Effect": "Allow"
        }
    ]
}
      Table 1 Policy content parameters

      Parameter

      Description

      Value

      Version

      Policy version

      Fixed to 1.1.

      Statement

      Effect

      Whether the actions are allowed
      • Allow
      • Deny

      Action

      Operations to be performed on NES

      Each action name is in the format of Service name:Resource type:Operation and cannot be customized. Table 2 lists the fine-grained permissions supported by NES. After you set any action, the permissions for the action will be granted to the IAM user.
      Table 2 Action description

      Action

      Action Description

      bcs:nes:getSummary

      Obtaining the Overview Information

      bcs:nes:listNetwork

      Obtaining the Network Types

      bcs:nes:listNetworkFlavor

      Obtaining Available Specifications

      bcs:nesNode:listFlavor

      Obtaining Available Specifications for Node Scaling

      bcs:nesNode:list

      Obtaining All Nodes on a Specified Network

      bcs:nesNode:create

      Creating a Node

      bcs:nesNode:get

      Querying a Node

      bcs:nesNode:delete

      Deleting a Node

      bcs:nesNode:update

      Updating a Node

      bcs:nesNode:getMetric

      Obtaining the Node Monitoring Information

      bcs:nesNode:getStatistic

      Obtaining the API Calling Information of a Node in a Specified Period

      bcs:nesNode:getStatus

      Obtaining the Status of a Staking Node in a Specified Period

      bcs:nesNode:downloadCert

      Downloading Certificates

      bcs:nesAPIKey:create

      Creating an API Key

      bcs:nesAPIKey:list

      Obtaining All API Keys of a User

      bcs:nesAPIKey:delete

      Deleting an API Key

      bcs:nesAPIKey:update

      Updating an API Key

      bcs:nesNode:validateRelays

      Verifying the Address of Relays

      bcs:nesNode:updateRelays

      Updating the Address of Relays

Parent topic: Permissions Management