Help Center> Database and Application Migration UGO> User Guide> Permissions Management> Creating a Custom Policy
Updated on 2022-09-14 GMT+08:00
View PDF

Creating a Custom Policy

You are advised to use system-defined policies. If you need to create custom policies, see Permission Management.

You can create a custom policy in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a policy in JSON format or edit the JSON strings of an existing policy.

For details, see Creating a Custom Policy. This section contains examples of common UGO custom policies.

Example Custom Policies

  • Example 1: Allowing a user to create an evaluation project
    {
	"Version": "1.1",
	"Statement": [{
		"Action": ["ugo:evaluationJob:create"]
                "Effect": "Allow",
	}]
}
  • Example 2: Denying a user to delete an evaluation project

    A policy with only "Deny" permissions must be used in conjunction with other policies to take effect. If the policies assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

    The following method can be used if you need to assign permissions of the UGO FullAccess policy to a user but you want to prevent the user from deleting UGO instances. Create a custom policy for denying evaluation project deletion, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on evaluation projects except deleting evaluation projects. The following is an example of a deny policy:

    {
	"Version": "1.1",
	"Statement": [{
		"Action": ["ugo:evaluationJob:delete"],
		"Effect": "Deny"
	}]
}
Parent topic: Permissions Management