Creating a Custom Policy
You can create custom policies to supplement the system-defined policies of ServiceStage. For details about actions supported in custom policies, see Permissions and Supported Actions.
To create a custom policy, choose either visual editor or JSON.
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details, see Creating a Custom Policy. The following section contains examples of common ServiceStage custom policies.
Example Custom Policies
{
"Version": "1.1",
"Statement": [
{
"Action": [
"cse:*:*"
],
"Effect": "Allow"
},
{
"Action": [
"cse:engine:create",
"cse:engine:delete"
],
"Effect": "Deny"
}
]
}
A policy with only "Deny" permissions must be used together with other policies. If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
After authorization, you can verify the permissions as the IAM user using the console or REST APIs.
The following uses the custom policy as an example to describe how to log in to the ServiceStage console to verify that a user is not allowed to create microservice engines.
- Log in to Huawei Cloud as an IAM user.
- Tenant name: Name of the Huawei Cloud account used to create the IAM user
- IAM username and password: Username and password specified during the IAM user creation using the tenant name
- On the Cloud Service Engines page, create a microservice engine. If error 403 is returned, the permissions are correct and have taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
