Help Center/ Cloud Backup and Recovery/ User Guide/ Management permissions/ Configuring Forcible Backup Policies
Updated on 2024-09-18 GMT+08:00
View PDF
Share

Configuring Forcible Backup Policies

Forcible backup policies allow IAM users to forcibly back up data to ensure user data accuracy and security and service security.

You can configure forcible backup policies to grant permissions to IAM users to force backup, specifically:

  1. Grant permission to always enable a backup policy when it is created.
  2. Grant permission to prohibit disabling of backup policies when they are modified.
  3. Grant permission to force backup policy application during vault creation.

To ensure forcible backup, you are advised to configure all the three preceding policies.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a JSON policy or edit an existing one.

For details about how to create custom policies, see Creating a Custom Policy.

  1. Grant permission to always enable a backup policy when it is created. 
    {
  "Version": "5.0",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": ["cbr:policies:create"],
      "Condition": {
          "Bool": {
              "cbr:EnabledPolicy": "false"
          }
      }
    }
  ]
}
  2. Grant permission to prohibit disabling of backup policies when they are modified. 
    {
"Version": "5.0",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": ["cbr:policies:update"],
      "Condition": {
          "Bool": {
              "cbr:EnabledPolicy": "false"
          }
      }
    }
 ]
}
  3. Grant permission to force backup policy application during vault creation. 
    {
 "Version": "5.0",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "cbr:vaults:create"
            ],
            "Condition": {
                "Null": {
                    "cbr:PolicyId": [
                        "true"
                    ]
                }
            }
        }
    ]
}

Parent topic: Management permissions