Creating Custom Policies for General-Purpose File Systems
You can create custom policies to supplement the system-defined policies of SFS. For details about actions supported in custom policies, see Permissions and Supported Actions.
To create a custom policy, choose either visual editor or JSON.
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy grammar.
- JSON: Create a JSON policy from scratch or based on an existing policy.
For details, see Creating a Custom Policy.The following lists examples of common SFS custom policies.
Example Custom Policies
- Example 1: Grant permission to create general-purpose file systems.
{ "Version": "1.1", "Statement": [ { "Action": [ "sfs3:fileSystem:createFileSystem" ], "Effect": "Allow" } ] } - Example 2: Grant permission to deny general-purpose file system deletion.
A policy with only "Deny" permissions must be used together with other policies. If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
Assume that you want to grant the permissions of the SFS3 FullAccess policy to a user but want to prevent them from deleting general-purpose file systems. You can create a custom policy for denying file system deletion, and attach this policy together with the SFS3 FullAccess policy to the user. As an explicit deny in any policy overrides any allows, the user can perform all operations on general-purpose file systems excepting deleting them. Example policy denying file system deletion:
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "sfs3:fileSystem:deleteFileSystem" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
