Help Center/ TaurusDB_TaurusDB for PostgreSQL/ User Guide/ Using IAM to Grant Access to TaurusDB for PostgreSQL/ Creating a TaurusDB for PostgreSQL Custom Policy
Updated on 2025-11-14 GMT+08:00
View PDF
Share

Creating a TaurusDB for PostgreSQL Custom Policy

Custom policies can be created to supplement the system-defined policies of TaurusDB for PostgreSQL.

You can create custom policies in either of the following two ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions without the need to know policy syntax.
  • JSON: Edit JSON policies from scratch or based on an existing policy.

For details, see Creating a Custom Policy. This section provides examples of common TaurusDB for PostgreSQL custom policies.

Example Custom Policies

  • Example 1: Allowing users to create TaurusDB for PostgreSQL instances 
    {
	"Version": "1.1",
	"Statement": [{
		"Effect": "Allow",
		"Action": ["gaussdb:instance:create"]
	}]
}
  • Example 2: Denying TaurusDB for PostgreSQL instance deletion

    A policy with only "Deny" permissions must be used in conjunction with other policies to take effect. If the permissions assigned to a user include both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

    The following method can be used if you need to assign permissions of the TaurusDB FullAccess policy to a user but you want to prevent the user from deleting TaurusDB for PostgreSQL instances. Create a custom policy for denying TaurusDB for PostgreSQL instance deletion, and attach both policies to the group the user belongs to. Then, the user can perform all operations on TaurusDB for PostgreSQL instances except deleting them. The following is an example deny policy:

    {
	"Version": "1.1",
	"Statement": [{
		"Action": ["gaussdb:instance:delete"],
		"Effect": "Deny"
	}]
}
Parent Topic: Using IAM to Grant Access to TaurusDB for PostgreSQL