Syntax of RBAC Policies
Policy Structure
An RBAC policy consists of a Version, a Statement, and Depends.
Policy Syntax
Click 
to view the details of a policy. The DDS Administrator policy is used as an example to describe the syntax of RBAC policies.
{
"Version": "1.0",
"Statement": [
{
"Effect": "Allow",
"Action": [
"DDS:DDS:*"
],
"Resource": [
"DDS:*:*:instanceName:dds-*"
],
}
],
"Depends": [
{
"catalog": "BASE",
"display_name": "Server Administrator"
},
{
"catalog": "BASE",
"display_name": "Tenant Guest"
}
]
}
|
Parameter |
Meaning |
Value |
|
|---|---|---|---|
|
Version |
Policy version |
The value is fixed at 1.0. |
|
|
Statement |
Action |
Operations to be performed on DDS. |
Format: Service name:Resource type:Operation DDS:DDS:*: Permissions for performing all operations on all resource types in DDS. |
|
Effect |
Determines whether the operation defined in an action is allowed. |
|
|
|
Resource |
Defines resource authentication. |
This parameter is optional. DDS:*:*:instanceName:dds-* indicates that the user has the configured action permissions on all instances whose names start with dds-. If this parameter is not specified, the user has the permissions on all instances by default. |
|
|
Depends |
catalog |
Name of the service to which dependencies of a policy belong |
Service Name Example: BASE |
|
display_name |
Name of a dependent policy |
Permission name Example: Server Administrator |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
