Help Center/ Organizations/ User Guide/ Managing SCPs/ Creating an SCP
Updated on 2025-04-09 GMT+08:00
View PDF
Share

Creating an SCP

This topic describes how to create a custom SCP. For SCP examples, see Example SCPs.

Procedure

  1. Log in to the management console as the organization administrator or using the management account, and navigate to the Organizations console.
  2. On the Policies page, click Service control policies.

    Figure 1 Accessing the Service control policies page

  3. Click Create Policy.

    Figure 2 Creating an SCP

  4. Enter a policy name. Ensure that you are entering a unique policy name. It must be different from any other existing policy.

    (Optional) You can also enter a description for the policy.

  5. On the left of the policy content, edit the policy content in JSON.

    For details about how to build JSON policy statements, see SCP Syntax and Example SCPs.

    The Version value of a custom policy must be 5.0.

    When Effect is Allow, the Condition element is not allowed, that is, the condition key cannot be added.

  6. Hover over the statement on the left of the policy content, and edit the actions, resources, and conditions of the custom policy in the policy editor on the right.

    • Adding an action: You can click , and select or search for the service and action to be added. The added action will be displayed in Action on the left of the policy content, as shown in Figure 3.
      Figure 3 Adding an action
    • Adding a resource: Only services available for resource-level authorization can be added. You can click to select a service and resource type and enter the URN as required, as shown in Figure 4.
      Figure 4 Adding a resource
    • (Optional) Adding a condition: You can click to add a condition key and a condition operator to define the conditions for the policy to take effect, as shown in Figure 5.
      Figure 5 Adding a condition

  7. (Optional) Click Add Statement to add an object for the Statement element.

    The value for the Statement element can be an array of multiple objects that identify different permissions.

    Figure 6 Adding a statement

  8. (Optional) Add one or more tags. Enter a tag key and a tag value, and click Add.

    Figure 7 Adding tags to the SCP

  9. Click Save. If the policy list is displayed, the SCP is created successfully. If a message appears indicating incorrect policy content, modify the SCP syntax.
Parent topic: Managing SCPs