RCPs
Example 1: Images in an organization can only be downloaded by accounts in that organization.
The following policy means that images in the OU or account bound to the policy cannot be downloaded by accounts outside the o-j1ftg6v1z9zldcg2o29ho0gvazswvia2 organization. They can only be downloaded by accounts in the organization.
The organization here refers to the organization in the Organizations service, not the organization in SWR. To obtain the ID of the organization, follow the steps in the figure.
{
"Version": "5.0",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": [
"swr:repository:downloadArtifact"
],
"Resource": [
"*"
],
"Condition": {
"StringNotEquals": {
"g:PrincipalOrgId": [
"o-j1ftg6v1z9zldcg2o29ho0gvazswvia2"
]
},
"Bool": {
"g:PrincipalIsService": [
"false"
]
}
}
}
]
}
Example 2: Images in an organization can only be downloaded by accounts in that organization, except public images.
The following policy means that private images in the OU or account bound to the policy cannot be downloaded by accounts outside the o-j1ftg6v1z9zldcg2o29ho0gvazswvia2 organization. They can only be downloaded by accounts in the organization. Public images can be downloaded by any account.
The organization here refers to the organization in the Organizations service, not the organization in SWR. To obtain the ID of the organization, follow the steps in the figure.
{
"Version": "5.0",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": [
"swr:repository:downloadArtifact"
],
"Resource": [
"*"
],
"Condition": {
"StringNotEquals": {
"g:PrincipalOrgId": [
"o-j1ftg6v1z9zldcg2o29ho0gvazswvia2"
]
},
"Bool": {
"g:PrincipalIsService": [
"false"
],
"swr:RepositoryIsPublic": [
"false"
]
}
}
}
]
}
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
