Help Center/ Simple Message Notification/ User Guide/ Permissions Management/ Creating SMN Custom Policies
Updated on 2025-04-25 GMT+08:00
View PDF
Share

Creating SMN Custom Policies

You can create custom policies to supplement the system-defined policies of SMN. For the actions supported by custom policies, see Permissions Policies and Supported Actions in Simple Message Notification API Reference.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a JSON policy or edit an existing one.

The following are examples of custom policies created for SMN. For details, see Creating a Custom Policy.

Example SMN Custom Policies

  • Example 1: Grant permissions to create a topic. 
    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "smn:topic:create"
            ]
        }
    ]
}
  • Example 2: Grant permissions to deny topic deletion.

    A policy with only "Deny" permissions must be used with other policies. If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

    You can assign a system policy of SMN FullAccess and a custom policy of denying topic deletion to the user group which the user belongs to at the same time. Thus the user can perform all operations on SMN except deleting topics. The following is an example of a deny policy:

    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "smn:topic:delete"
            ]
        }
    ]
}
  • Example 3: Create a custom policy containing multiple actions.

    A custom policy can contain multiple actions that belong to any global or project-level services. The following is a custom policy containing multiple actions:

    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "smn:topic:create",
                "smn:tag:create",
                "smn:application:create"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "elb:certificates:create",
                "elb:whitelists:create",
                "elb:pools:create",
                "elb:members:create",
                "elb:healthmonitors:create",
                "elb:l7policies:create",
                "elb:listeners:create",
                "elb:loadbalancers:create"
            ]
        }
    ]
}
Parent topic: Permissions Management