Configuring Forcible Backup Policies
Forcible backup policies allow IAM users to forcibly back up data to ensure user data accuracy and security and service security.
You can configure forcible backup policies to grant permissions to IAM users to force backup, specifically:
- Grant permission to always enable a backup policy when it is created.
- Grant permission to prohibit disabling of backup policies when they are modified.
- Grant permission to force backup policy application during vault creation.
To ensure forcible backup, you are advised to configure all the three preceding policies.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details about how to create custom policies, see Creating a Custom Policy.
- Grant permission to always enable a backup policy when it is created.
{ "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": ["cbr:policies:create"], "Condition": { "Bool": { "cbr:EnabledPolicy": "false" } } } ] }
- Grant permission to prohibit disabling of backup policies when they are modified.
{ "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": ["cbr:policies:update"], "Condition": { "Bool": { "cbr:EnabledPolicy": "false" } } } ] }
- Grant permission to force backup policy application during vault creation.
{ "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": [ "cbr:vaults:create" ], "Condition": { "Null": { "cbr:PolicyId": [ "true" ] } } } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot