Syntax of RBAC Policies
Policy Structure
An RBAC policy consists of a Version, a Statement, and Depends.

Policy Syntax
Click to view the details of a policy. The DDS Administrator policy is used as an example to describe the syntax of RBAC policies.

{ "Version": "1.0", "Statement": [ { "Effect": "Allow", "Action": [ "DDS:DDS:*" ], "Resource": [ "DDS:*:*:instanceName:dds-*" ], } ], "Depends": [ { "catalog": "BASE", "display_name": "Server Administrator" }, { "catalog": "BASE", "display_name": "Tenant Guest" } ] }
Parameter |
Meaning |
Value |
|
---|---|---|---|
Version |
Policy version |
The value is fixed at 1.0. |
|
Statement |
Action |
Operations to be performed on DDS. |
Format: Service name:Resource type:Operation DDS:DDS:*: Permissions for performing all operations on all resource types in DDS. |
Effect |
Determines whether the operation defined in an action is allowed. |
|
|
Resource |
Defines resource authentication. |
This parameter is optional. DDS:*:*:instanceName:dds-* indicates that the user has the configured action permissions on all instances whose names start with dds-. If this parameter is not specified, the user has the permissions on all instances by default. |
|
Depends |
catalog |
Name of the service to which dependencies of a policy belong |
Service Name Example: BASE |
display_name |
Name of a dependent policy |
Permission name Example: Server Administrator |