CNAD Pro Custom Policies
Custom policies can be created to supplement the system-defined policies of CNAD Pro. For details about the actions supported by custom policies, see CNAD Pro Permissions and Actions.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. You do not need to have knowledge of the policy syntax.
- JSON: Create a policy in JSON format or edit the JSON strings of an existing policy.
For details, see Creating a Custom Policy. The following section contains examples of common CNAD Pro custom policies.
Example of Custom CNAD Pro Policies
- Example 1: Allowing users to query the protected IP address list
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "cnad:protectedIpDropList:list" ] } ] }
- Example 2: Denying deleting an IP address blacklist or whitelist rule
A deny policy must be used together with other policies. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
The following method can be used if you need to assign permissions of the CNAD FullAccess policy to a user but you want to prevent the user from deleting namespaces (cnad:blackWhiteIpList:delete). Create a custom policy for denying namespace deletion, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on CNAD Pro except deleting namespaces. The following is an example policy for denying deleting an IP address blacklist or whitelist rule.
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "cnad:blackWhiteIpList:delete" ] }, ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot