- What's New
- Function Overview
- Service Overview
- Getting Started
- User Guide
- Best Practices
- API Reference
- SDK Reference
- FAQs
- Videos
-
More Documents
- User Guide (ME-Abu Dhabi Region)
- API Reference (ME-Abu Dhabi Region)
- User Guide (Kuala Lumpur Region)
- API Reference (Kuala Lumpur Region)
- General Reference
Show all
Copied.
Custom Policies
You can create custom policies to supplement predefined policies for TMS. For the actions supported by custom policies, see TMS API Actions.
You can create a custom policy in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details, see Creating a Custom Policy. The following lists examples of custom policies for TMS.
Example Custom Policies
- Example 1: Granting permission to view predefined tags
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "tms:predefineTags:list" ] } ] }
- Example 2: Granting permission to deny predefined tag deletion
"Deny" permissions should be used together with "Allow" permissions. If "Deny" and "Allow" permissions are both assigned, the "Deny" permissions take precedence over the "Allow" permissions.
Assume that you want to grant the TMS FullAccess permissions to a user but do not want them to delete predefined tags. You can create a custom policy for denying predefined tag deletion, and attach this policy together with the TMS FullAccess policy to the user. As an explicit deny in any policy overrides any allows, the user can perform all operations on these predefined tags excepting deleting them. The following shows an example policy for denying predefined tag deletion.
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "tms:predefineTags:delete" ] } ] }
- Example 3: Creating a custom policy containing multiple actions.
A custom policy can contain actions of one or more services. To grant permissions of multiple services in a policy, ensure that the services are all of the same level (global or project).
The following shows an example policy that contains multiple actions.
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "tms:predefineTags:create", "tms:predefineTags:delete" ] }, { "Effect": "Allow", "Action": [ "obs:bucket:ListAllMyBuckets", "obs:bucket:ListBucket" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot