Updated on 2025-09-19 GMT+08:00

Custom Policies for SWR Enterprise Edition

Scenarios

Custom policies can be created to supplement system-defined policies. You can add actions in custom policies as needed. For details about supported actions, see Table 1.

To create a custom policy, choose either visual editor or JSON.

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a policy in the JSON format from scratch or based on an existing policy.

For details, see Creating a Custom Policy.

Example Custom Policies

  • Example 1: Create a policy to allow users to create, update, view, or delete a namespace.
    {
        "Version": "1.1",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "swr:repository:getNamespace",
                    "swr:repository:listNamespaces",
                    "swr:repository:createNamespace",
                    "swr:repository:updateNamespace",
                    "swr:repository:deleteNamespace"
                ]
            }
        ]
    }
  • Example 2:

    A policy with only Deny permissions must be used in conjunction with other policies to take effect. If the policies assigned to a user contain both Allow and Deny actions, the Deny actions take precedence.

    If you want to assign the SWR FullAccess policy to a user but do not want this user to have permission to delete repositories, create a custom policy that denies repository deletion. Then, attach both the policies to the group that the user belongs to. In this way, the user can perform all operations on repositories except deleting the repositories. The following is an example of a deny policy:

    {
        "Version": "1.1",
        "Statement": [
            {
                "Effect": "Deny",
                "Action": [
                    "swr:instance:delete"
                ]
            }
        ]
    }

Common SWR Operations Supported by Each System-defined Policy

Table 1 SWR Enterprise Edition operations supported by system-defined policies

Operation

Action

SWR FullAccess

SWR OperateAccess

SWR ReadOnlyAccess

Listing artifacts

swr:repository:listArtifacts

Querying artifact details

swr:repository:getArtifact

Deleting artifacts

swr:repository:deleteArtifact

×

Listing artifact accessories

swr:repository:listAccessories

Querying additional information about an artifact

swr:repository:getArtifactAddition

Querying policies of an Enterprise Edition instance

swr:instance:getPolicy

Updating policies of an Enterprise Edition instance

swr:instance:updatePolicy

×

×

Querying configurations of an Enterprise Edition instance

swr:instance:getConfigurations

Updating configurations of an Enterprise Edition instance

swr:instance:updateConfigurations

×

×

Listing the instances that use a resource

swr:instance:listResourceInstances

Querying the number of instances that use a resource

swr:instance:getResourceInstancesCount

Creating resource tags in batches

swr:instance:createResourceTags

×

×

Deleting resource tags in batches

swr:instance:deleteResourceTags

×

×

Querying project tags

swr:instance:getProjectTags

Querying tags of a resource

swr:instance:getResourceTags

Creating an Enterprise Edition instance

swr:instance:create

×

×

Listing Enterprise Edition instances

swr:instance:list

Querying details about an Enterprise Edition instance

swr:instance:get

Deleting Enterprise Edition instances

swr:instance:delete

×

×

Querying audit logs of an Enterprise Edition instance

swr:instance:getAuditLogs

Querying statistics on Enterprise Edition instances

swr:instance:getStatistics

Listing tasks

swr:instance:listJobs

Querying task details

swr:instance:getJobs

Deleting tasks

swr:instance:deleteJob

×

×

Creating a namespace

swr:repository:createNamespace

×

Listing namespaces

swr:repository:listNamespaces

Querying namespace details

swr:repository:getNamespace

Modifying a namespace

swr:repository:updateNamespace

×

Deleting namespaces

swr:repository:deleteNamespace

×

Listing artifact repositories

swr:repository:listRepositories

Querying details about an artifact repository

swr:repository:getRepository

Modifying an artifact repository

swr:repository:updateRepository

×

Deleting artifact repositories

swr:repository:deleteRepository

×

Listing artifact tags

swr:repository:listTags

Querying details about an artifact tag

swr:repository:getTag

Deleting artifact tags

swr:repository:deleteTag

×

Querying additional information about an artifact tag

swr:repository:getTagAddition

Creating a tag retention policy

swr:repository:createRetentionPolicy

×

Listing tag retention policies

swr:repository:listRetentionPolicies

Querying details about a tag retention policy

swr:repository:getRetentionPolicy

Modifying a tag retention policy

swr:repository:updateRetentionPolicy

×

Deleting tag retention policies

swr:repository:deleteRetentionPolicy

×

Executing tag retention policies

swr:repository:executeRetentionPolicy

×

Listing tag retention records

swr:repository:listRetentionPolicyExecutions

Listing tag retention tasks

swr:repository:listRetentionPolicyExecTasks

Listing tag retention subtasks

swr:repository:listRetentionPolicyExecSubTasks

Creating a trigger

swr:repository:createWebhook

×

Listing triggers

swr:repository:listWebhooks

Querying trigger details

swr:repository:getWebhook

Modifying a trigger

swr:repository:updateWebhook

×

Deleting triggers

swr:repository:deleteWebhook

×

Listing triggering records

swr:repository:listWebhookJobs

Creating a destination registry

swr:instance:createRegistry

×

×

Listing destination registries

swr:instance:listRegistries

Querying details about a destination registry

swr:instance:getRegistry

Modifying a destination registry

swr:instance:updateRegistry

×

×

Deleting destination registries

swr:instance:deleteRegistry

×

×

Creating a replication policy

swr:instance:createReplicationPolicy

×

×

Listing replication policies

swr:instance:listReplicationPolicies

Querying details about a replication policy

swr:instance:getReplicationPolicy

Modifying a replication policy

swr:instance:updateReplicationPolicy

×

×

Deleting replication policies

swr:instance:deleteReplicationPolicy

×

×

Executing replication policies

swr:instance:executeReplicationPolicy

×

Stopping replication tasks

swr:instance:stopReplicationPolicyExecution

×

×

Listing replication records

swr:instance:listReplicationPolicyExecutions

Listing replication tasks

swr:instance:listReplicationPolicyExecTasks

Listing replication subtasks

swr:instance:listReplicationPolicyExecSubTasks

Creating a sign policy

swr:repository:createSignPolicy

×

Listing sign policies

swr:repository:listSignPolicies

Querying details about a sign policy

swr:repository:getSignPolicy

Modifying a sign policy

swr:repository:updateSignPolicy

×

Deleting sign policies

swr:repository:deleteSignPolicy

×

Executing sign policies

swr:repository:executeSignPolicy

×

Listing signing records

swr:repository:listSignPolicyExecutions

Listing signing tasks

swr:repository:listSignPolicyExecTasks

Listing signing subtasks

swr:repository:listSignPolicyExecSubTasks

Creating a scan policy

swr:repository:createScanPolicy

×

Listing scan policies

swr:repository:listScanPolicies

Querying details about a scan policy

swr:repository:getScanPolicy

Modifying a scan policy

swr:repository:updateScanPolicy

×

Deleting scan policies

swr:repository:deleteScanPolicy

×

Executing scan policies

swr:repository:executeScanPolicy

×

Listing scanning records

swr:repository:listScanPolicyExecutions

Listing scanning tasks

swr:repository:listScanPolicyExecTasks

Creating a block policy

swr:repository:createBlockPolicy

×

Listing block policies

swr:repository:listBlockPolicies

Querying details about a block policy

swr:repository:getBlockPolicy

Modifying a block policy

swr:repository:updateBlockPolicy

×

Listing blocking records

swr:repository:listBlockPolicyRecords

Updating the whitelist for public network access

swr:instance:updateEndpointPolicy

×

×

Updating the whitelist status for public network access

swr:instance:updateEndpointPolicyStatus

×

×

Querying the whitelist for public network access

swr:instance:getEndpointPolicy

Allowing a connection from the intranet

swr:instance:createInternalEndpoint

×

×

Querying details about an allowed connection from the intranet

swr:instance:getInternalEndpoint

Denying a connection from the intranet

swr:instance:deleteInternalEndpoint

×

×

Listing allowed connections from the intranet

swr:instance:listInternalEndpoints

Uploading artifacts

swr:repository:uploadArtifact

×

Downloading artifacts

swr:repository:downloadArtifact

Creating a temporary access credential

swr:instance:createTempCredential

Creating a long-term access credential

swr:instance:createLTCredential

×

×

Enabling or disabling long-term access credentials

swr:instance:updateLTCredential

×

×

Listing long-term access credentials

swr:instance:listLTCredentials

Deleting long-term access credentials

swr:instance:deleteLTCredential

×

×