Updated on 2024-03-15 GMT+08:00

Creating SMN Custom Policies

You can create custom policies to supplement the system-defined policies of SMN. For the actions supported by custom policies, see Permissions Policies and Supported Actions in Simple Message Notification API Reference.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a JSON policy or edit an existing one.

The following are examples of custom policies created for SMN. For details, see Creating a Custom Policy.

Example SMN Custom Policies

  • Example 1: allowing topic creation
    {
        "Version": "1.1",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "smn:topic:create"
                ]
            }
        ]
    }
  • Example 2: denying topic deletion

    A policy with only Deny permissions must work with other policies. If the policies assigned to a user contain both Allow and Deny actions, the Deny actions take precedence over the Allow actions.

    You can assign a system policy of SMN FullAccess and a custom policy of denying topic deletion to the user group which the user belongs to at the same time. Thus the user can perform all operations on SMN except deleting topics. The following is an example of a deny policy:

    {
        "Version": "1.1",
        "Statement": [
            {
                "Effect": "Deny",
                "Action": [
                    "smn:topic:delete"
                ]
            }
        ]
    }
  • Example 3: defining multiple actions in a policy

    A custom policy can contain multiple actions that belong to any global or project-level services. The following is an example policy containing actions of multiple services:

    {
        "Version": "1.1",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "smn:topic:create",
                    "smn:tag:create",
                    "smn:application:create"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "elb:certificates:create",
                    "elb:whitelists:create",
                    "elb:pools:create",
                    "elb:members:create",
                    "elb:healthmonitors:create",
                    "elb:l7policies:create",
                    "elb:listeners:create",
                    "elb:loadbalancers:create"
                ]
            }
        ]
    }