KooMessage Custom Policies

Custom policies can be created to supplement the system-defined policies of KooMessage. You can create custom policies in either of the following ways:

Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
JSON: Create a JSON policy or edit an existing one.

For details, see Creating a Custom Policy. The following section contains examples of common KooMessage custom policies.

Example Custom Policies

Example 1: Granting a user all permissions on KooMessage

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "KooMessage:*:*"
            ],
            "Effect": "Allow"
        }
    ]
}

Example 2: Denying KooMessage deletion
A policy with only "Deny" permissions must be used together with other policies. If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

The following method can be used if you need to assign permissions of the KooMessage FullAccess policy to a user but you want to prevent the user from deleting KooMessage resources. Create a custom policy for denying KooMessage deletion, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on KooMessage except deletion. The following is an example of a deny policy:
```
{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "kooMessage:devSendTask:create"
            ]
        }
    ]
}
```

Parent topic: Permissions Management

Previous topic: Creating a User and Granting KooMessage Permissions