Help Center> Organizations> User Guide> Managing SCPs> Creating an SCP
Updated on 2024-03-15 GMT+08:00
View PDF

Creating an SCP

You can create an SCP on the Organizations console, as described in this section. You can also use APIs to create an SCP. For details, see Creating an SCP. For example SCPs, see Example SCPs.

Creating an SCP with a JSON File

  1. Log in to Huawei Cloud as the organization administrator or using the management account, and navigate to the Organizations console.
  2. On the Policies page, click Service control policies.

    Figure 1 Accessing the Service control policies page

  3. Click Create Policy.

    Figure 2 Creating an SCP

  4. Enter a policy name. Ensure that you are entering a unique policy name, different from any existing one.

    (Optional) You can also enter a description for the policy.

  5. Click Add Statement to add an array of statement elements. You can edit actions, resources, and conditions in the editor on the right pane.

    Figure 3 Adding a statement
    • Adding an action: Click + to add an action. The added action will appear under Available Actions , as shown in Figure 4.
      Figure 4 Adding an action
    • Adding a resource: Only services available for resource-level authorization can be added. Click + to select a service for the action, and enter the URN to identify the specific resource you want to control access to , as shown in Figure 5.
      Figure 5 Adding a resource
    • (Optional) Adding a condition: You can add a condition key to specify the conditions that limit when a policy statement is in effect. Click + to add condition keys and operators , as shown in Figure 6.
      Figure 6 Adding a condition

  6. Modify the statements in the given template.

    Effect: Enter Allow or Deny.

    Action: Enter available actions in the API actions table of a specific service, for example, evs:volumes:create. For details about the syntax, see SCP Syntax. For details about the actions supported by each service, see System Permissions.

    The Version value of a custom policy must be 5.0.

  7. (Optional) Add one or more tags. Enter a tag key and a tag value, and click Add.

    Figure 7 Adding tags to the SCP

  8. Click Save. If the policy list is displayed, the SCP is created successfully. If a message appears indicating incorrect policy content, modify the SCP syntax.
Parent topic: Managing SCPs