SMS Custom Policies

You can create custom policies using the visual editor, or with a JSON file.

Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Creating a Custom Policy. If you need to migrate source servers to a specific enterprise project, create a custom policy by referring to Assigning Permissions to a User Group by Enterprise Project.

The following are example SMS custom policies:

Example SMS policy that contains permissions for project-level services

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "vpc:securityGroups:create",
                "vpc:securityGroupRules:create",
                "vpc:vpcs:create",
                "vpc:publicIps:create",
                "vpc:subnets:create",
                "ecs:cloudServers:create",
                "ecs:cloudServers:attach",
                "ecs:cloudServers:detachVolume",
                "ecs:cloudServers:start",
                "ecs:cloudServers:stop",
                "ecs:cloudServers:delete",
                "ecs:cloudServers:reboot",
                "ecs:cloudServers:updateMetadata",
                "ecs:serverPasswords:manage",
                "ecs:serverKeypairs:delete",
                "ecs:diskConfigs:use",
                "ecs:CloudServers:create",
                "ecs:servers:setMetadata",
                "ecs:serverVolumes:use",
                "ecs:serverKeypairs:create",
                "ecs:serverInterfaces:use",
                "ecs:serverGroups:manage",
                "ecs:securityGroups:use",
                "ecs:servers:unlock",
                "ecs:servers:rebuild",
                "ecs:servers:lock",
                "ecs:servers:reboot",
                "evs:volumes:use",
                "evs:volumes:create",
                "evs:volumes:update",
                "evs:volumes:delete",
                "evs:volumes:attach",
                "evs:volumes:detach",
                "evs:snapshots:create",
                "evs:snapshots:delete",
                "evs:snapshots:rollback",
                "ecs:*:get*",
                "ecs:*:list*",
                "evs:*:get*",
                "evs:*:list*",
                "vpc:*:list*",
                "vpc:*:get*",
                "ims:*:get*",
                "ims:*:list*"
            ],
            "Effect": "Allow"
        }
    ]
}

Example SMS policy that contains permissions for global services

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                 "sms:server:registerServer",
                 "sms:server:migrationServer",
                 "sms:server:queryServer"
            ]
        }
    ]
}

For details about policies supported by SMS, see Table 1.

**Table 1** Policy description
Policy	Permission Description
sms:server:queryServer	Read-only permission for viewing source servers
sms:server:registerServer	Read/write permissions for registering source servers
sms:server:migrationServer	Read/write permissions for migrating source servers