Halaman ini belum tersedia dalam bahasa lokal Anda. Kami berusaha keras untuk menambahkan lebih banyak versi bahasa. Terima kasih atas dukungan Anda.
- Service Overview
- Billing
- Getting Started
-
User Guide
- Overview
- Permissions Management
- Environment Management
- Application Management
- Component Management
- Instance Management
- Component Configurations
- Component O&M
- System Settings
- Key Operations Recorded by CTS
-
Best Practices
- CAE Best Practices
- Using CAE to Host Nginx Static File Servers
- Interconnecting GitLab with Jenkins for Automatic Build and Deployment on CAE
- Deploying Components Based on the Dependency Sequence Using the Jenkins Pipeline
- Deploying Spring Cloud Applications to CAE to Automatically Connect to the Nacos Engine
- Graceful Startup of a Spring Cloud Application
- Health Check
- Lifecycle Management
- Sending Event Alarms to WeCom
-
Connecting to the CodeArts Pipeline to Automatically Upgrade CAE Components
- Overview
- Upgrading a CAE Component After Uploading a Software Package Built Using the Pipeline to a CodeArts Release Repo
- Upgrading a CAE Component After Uploading a Software Package Built Using the Pipeline to the OBS Bucket
- Upgrading a CAE Component After Uploading an Image Built Using the Pipeline to the SWR Image Repository
- Configuring PromQL to Implement Custom Auto Scaling
- Configuring the Interconnection Between CAE and DEW to Help Applications Obtain Encrypted Secrets from DEW
- Deploying ASP.NET Core Applications to CAE
- Connecting the Network Through Enterprise Routes
- API Reference
-
FAQs
- Component Management FAQs
- Environment Management
-
Component Configuration FAQs
- Is Manual Scaling Still Effective When a Scaling Policy Is Configured?
- Can Components Be Scaled Without a Scaling Policy?
- Why Is My Instance Abnormal After Cloud Storage Is Configured?
- What Do I Do If a Component Becomes Not Ready?
- How Does CAE Support Dark Launch?
- How Do I Provide Prometheus Metrics for a Java Application?
- System Configuration FAQs
- Service Resources FAQs
- General Reference
Show all
Copied.
Creating a Custom CAE Policy
Custom policies supplement the system-defined policies of CAE.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details, see Creating a Custom Policy. This section provides examples of common custom CAE policies.
Example Custom Policy
This procedure creates a policy that an IAM user is prohibited to delete components.
{
"Version": "1.1",
"Statement": [
{
"Action": [
"cae:*:*"
],
"Effect": "Allow"
},
{
"Action": [
"cae:application:delete"
],
"Effect": "Deny"
}
]
}A policy with only "Deny" permissions must be used together with other policies. If the permissions granted to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
After authorization, users in the group can verify their permissions using the console or REST APIs.
The following uses the custom policy as an example to describe how to log in to the CAE console to verify that a user is not allowed to delete components.
- Log in to Huawei Cloud as an IAM user.
- Tenant name: Name of the account used to create the IAM user
- IAM username and password: Username and password specified during the IAM user creation using the tenant name
- On the Components page, create a component for test, and click More > Delete in the Operation column of the component. If a message is displayed indicating that you do not have the operation permissions, the permissions configuration is correct and has taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
