Help Center> Organizations> User Guide> Managing SCPs> Creating an SCP
Updated on 2024-05-28 GMT+08:00
View PDF

Creating an SCP

You can create an SCP on the Organizations console, as described in this section. You can also use APIs to create an SCP. For details, see Creating an SCP. For example SCPs, see Example SCPs.

Procedure

  1. Log in to Huawei Cloud as the organization administrator or using the management account, navigate to the Organizations console, and access the Organization page.
  2. On the Policies page, click Service control policies.

    Figure 1 Accessing the Service control policies page

  3. Click Create Policy.

    Figure 2 Creating an SCP

  4. Enter a policy name. Ensure that you are entering a unique policy name. It must be different from any other existing policy.

    (Optional) You can also enter a description for the policy.

  5. On the left of the policy content, edit the policy content in JSON.

    For details about how to build JSON policy statements, see SCP Syntax and Example SCPs.

    The Version value of a custom policy must be 5.0.

    When Effect is Allow, the Condition element is not allowed, that is, the condition key cannot be added.

  6. On the right of the policy content, use the policy editor to edit the actions, resources, and conditions of the custom policy.

    • Adding an action: Click + to add an action. The added action will appear under Available Actions, as shown in Figure 3.
      Figure 3 Adding an action
    • Adding a resource: Only services available for resource-level authorization can be added. Click + to select a service for the action, and enter the URN to identify the specific resource you want to control access to, as shown in Figure 4.
      Figure 4 Adding a resource
    • (Optional) Add a condition. You can click + to add a condition key and an operator to define the conditions for when a policy is in effect, as shown in Figure 5.
      Figure 5 Adding a condition

  7. (Optional) Click Add Statement to add an object for the Statement element.

    The value for the Statement element can be an array of multiple objects that identify different permissions.

    Figure 6 Adding a statement

  8. (Optional) Add one or more tags. Enter a tag key and a tag value, and click Add.

    Figure 7 Adding tags to the SCP

  9. Click Save. If the policy list is displayed, the SCP is created successfully. If a message appears indicating incorrect policy content, modify the SCP syntax.
Parent topic: Managing SCPs