Creating a Custom Policy
Custom policies can be created to supplement the system-defined policies of BCS.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit policies from scratch or based on an existing policy in JSON format.
For details, see Creating a Custom Policy. The following section contains examples of common BCS custom policies.
- On the management console homepage, click Identity and Access Management.
- In the navigation pane, choose Permissions > Policies/Roles and click Create Custom Policy.
- On the Create Custom Policy page, set the policy name, view, content, and description, then click OK.
   
   - Policy Name: Enter a custom policy name, for example, "partial BCS permissions".
- Policy View: Select JSON.
- Policy Content: Enter the policy content based on the template.
     For example, copy the following content to query instances and channels and create channels.{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "bcs:fabricInstance:getDetail", "bcs:fabricChannel:create", "bcs:fabricChannel:list" ] } ] }Table 1 Policy content parameters Parameter Description Setting Version Policy version Fixed to 1.1. Statement Effect Whether the actions are allowed - Allow
- Deny
 Action Operations to be performed on BCS Each action name is in the format of Service name:Resource type:Operation and cannot be customized. Table 2 lists the fine-grained permissions supported by BCS. After you set any action, the permissions for the action will be granted to the IAM user. Table 2 Action description Action Action Description bcs:fabricInstance:listQuota Querying quotas bcs:fabricInstance:getFlavor Querying Flavors bcs:fabricInstance:listRecord Querying Asynchronous Operation Results bcs:fabricInstance:createOnDemand Creating a BCS Service bcs:fabricInstance:list Querying the BCS Service List bcs:fabricInstance:getStatus Querying Creation Status of a BCS Service bcs:fabricInstance:getDetail Querying Service Information bcs:fabricInstance:getNodes Querying Peer Information bcs:fabricInstance:update Modifying a BCS Service bcs:fabricInstance:delete Deleting Service Instances bcs:fabricInstance:downloadCert Downloading Certificates bcs:fabricInstance:downloadSdkCfg Downloading the SDK Configuration bcs:fabricInstance:createUserCert Generating a User Certificate bcs:fabricInstance:freezeUserCert Freezing a User Certificate bcs:fabricInstance:unfreezeUserCert Unfreezing a User Certificate bcs:fabricInstance:listInstanceMetric Querying BCS Monitoring Data bcs:fabricInstance:listOrgMetric Listing Entity Monitoring Data of a BCS Service bcs:fabricInstance:getOrgMetric Querying the Number of Monitored BCS Organization Instances bcs:fabricChannel:create Creating a Channel bcs:fabricChannel:list Querying Channel Information bcs:fabricChannel:addPeer Adding Peers to a Channel bcs:fabricChannel:removePeer Removing a Peer from a Channel bcs:fabricChannel:removeOrg Removing Organizations from a Channel bcs:fabricChannel:delete Deleting a Channel bcs:fabricMember:createInvitation Inviting Tenants to Join a Consortium bcs:fabricMember:deleteInvitation Deleting Invitation Information bcs:fabricMember:list Listing Consortium Members bcs:fabricMember:quit Exiting a Consortium bcs:fabricNotification:list Querying All Notifications bcs:fabricNotification:handle Processing an Invitation 
 
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot 
    