Organizations
Organizations
- What's New
- Service Overview
- Getting Started
-
User Guide
- Permissions Management
- Managing Organizations
- Managing OUs
- Managing Accounts
-
Managing SCPs
- Overview of an SCP
- Enabling or Disabling the SCP Type
- Creating an SCP
- Modifying or Deleting an SCP
- Attaching or Detaching an SCP
- Example SCPs
- System-defined SCPs
- Cloud Services for Using SCPs
- Regions for Using SCPs
-
Actions Supported by SCP-based Authorization
- Compute
- Storage
- Networking
- Containers
- Analytics
- Content Delivery & Edge Computing
- Databases
- Security & Compliance
- Internet of Things
- Middleware
- Developer Services
- Business Applications
-
Management & Governance
- Simple Message Notification (SMN)
- Log Tank Service (LTS)
- Identity and Access Management (IAM)
- Security Token Service (STS)
- Resource Formation Service (RFS)
- IAM Identity Center
- Organizations
- Resource Access Manager (RAM)
- Enterprise Project Management Service (EPS)
- Tag Management Service (TMS)
- Config
- IAM Access Analyzer
- Cloud Trace Service (CTS)
- Resource Governance Center (RGC)
- Application Operations Management (AOM)
- Cloud Eye (CES)
- IAM Identity Broker
- User Support
- Migration
- Managing Tag Policies
- Managing Trusted Services
- Managing Tags
- CTS Auditing
- Adjusting Quotas
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
- Managing Organizations
- Managing OUs
-
Managing Accounts
- Creating an Account
- Listing Accounts in an Organization
- Closing an Account
- Getting Account Information
- Updating an Account
- Removing the Specified Account
- Moving an Account
- Inviting an Account to Join an Organization
- Querying Account Creation Requests in Specified State
- Querying Account Creation Status
- Querying CloseAccount Requests in Specified State
- Managing Invitations
- Managing Trusted Services
- Managing Delegated Administrators
- Managing Policies
-
Managing Tags
- Listing Tags for the Specified Resource
- Adding Tags to the Specified Resource
- Removing Tags from the Specified Resource
- Listing Tags for the Specified Resource Type
- Adding Tags to the Specified Resource Type
- Deleting Tags with the Specified Key from the Specified Resource Type
- Querying Resource Instances by Resource Type and Tag
- Querying Number of Resource Instances by Resource Type and Tag
- Querying Resource Tags
- Others
- Permissions and Supported Actions
- Appendixes
- Change History
- FAQs
- General Reference
On this page
Show all
Copied.
Creating an SCP
This topic describes how to create a custom SCP. For SCP examples, see Example SCPs.
Procedure
- Log in to the management console as the organization administrator or using the management account, and navigate to the Organizations console.
- On the Policies page, click Service control policies.
Figure 1 Accessing the Service control policies page
- Click Create Policy.
Figure 2 Creating an SCP
- Enter a policy name. Ensure that you are entering a unique policy name. It must be different from any other existing policy.
(Optional) You can also enter a description for the policy.
- On the left of the policy content, edit the policy content in JSON.
For details about how to build JSON policy statements, see SCP Syntax and Example SCPs.
NOTE:
The Version value of a custom policy must be 5.0.
When Effect is Allow, the Condition element is not allowed, that is, the condition key cannot be added.
- On the right of the policy content, use the policy editor to edit the actions, resources, and conditions of the custom policy.
- Adding an action: Click + to add an action. The added action will appear under Available Actions, as shown in Figure 3.
- Adding a resource: Only services available for resource-level authorization can be added. Click + to select a service for the action, and enter the URN to identify the specific resource you want to control access to, as shown in Figure 4.
- (Optional) Add a condition. You can click + to add a condition key and an operator to define the conditions for when a policy is in effect, as shown in Figure 5.
- (Optional) Click Add Statement to add an object for the Statement element.
The value for the Statement element can be an array of multiple objects that identify different permissions.
Figure 6 Adding a statement - (Optional) Add one or more tags. Enter a tag key and a tag value, and click Add.
Figure 7 Adding tags to the SCP
- Click Save. If the policy list is displayed, the SCP is created successfully. If a message appears indicating incorrect policy content, modify the SCP syntax.
Parent topic: Managing SCPs
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot