SWR Custom Policies
Custom policies can be created to supplement system-defined policies of SWR.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details, see Creating a Custom Policy. This section illustrates common custom policies.
Example SWR custom policies
- Example 1: Allowing a user to upload and download images in the test-swr SWR Enterprise Edition instance in the test-namespace namespace
{ "Version": "5.0", "Statement": [ { "Effect": "Allow", "Action": [ "swr:repository:downloadArtifact", "swr:repository:uploadArtifact" ], "Resource": [ "swr:*:*:repository:test-swr/test-namespace/*" ] }, { "Effect": "Allow", "Action": [ "swr:instance:createTempCredential" ], "Resource": [ "*" ] } ] }
- Example 3: Denying image replication from region A to region B
{ "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": [ "swr:instance:createReplicationPolicy" ], "Resource": [ "swr:*:*:instance:*" ], "Condition": { "StringEquals": { "swr:TargetRegion": [ "${region-b}" ], "swr:SourceRegion": [ "${region-a}" ] } } }, { "Effect": "Deny", "Action": [ "swr:instance:createReplicationPolicy" ], "Resource": [ "swr:*:*:instance:*" ], "Condition": { "ForAnyValue:StringEquals": { "swr:SourceUrls": [ "All repository addresses in region a" ], "swr:TargetUrls": [ "All repository addresses in region b" ] } } } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot