更新时间:2025-06-24 GMT+08:00
AppStage自定义策略
如果系统预置的AppStage权限,不满足您的授权要求,可以创建自定义策略。目前华为云支持以下两种方式创建自定义策略:
- 可视化视图创建自定义策略:无需了解策略语法,按可视化视图导航栏选择云服务、操作、资源、条件等策略内容,可自动生成策略。
- JSON视图创建自定义策略:可以在选择策略模板后,根据具体需求编辑策略内容;也可以直接在编辑框内编写JSON格式的策略内容。
具体创建步骤请参见:创建自定义策略。本章为您介绍常用的AppStage自定义策略样例。
AppStage自定义策略样例
示例:授权用户应用平台管理员权限并授予依赖权限。
- 授权用户应用平台管理员权限。
- 授予依赖的CBC权限。
- 授予依赖的IAM权限。
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "iam:credentials:listCredentials", "iam:permissions:grantRoleToAgencyOnDomain", "iam:credentials:updateCredential", "iam:agencies:listAgencies", "iam:tokens:assume", "iam:roles:updateRole", "iam:roles:listRoles", "iam:agencies:createAgency", "iam:permissions:listRolesForAgency", "iam:projects:listProjects", "iam:groups:listGroups", "iam:groups:createGroup", "iam:permissions:grantRoleToAgency", "iam:credentials:createCredential", "iam:credentials:deleteCredential", "iam:agencies:updateAgency", "iam:permissions:revokeRoleFromAgency", "iam:roles:getRole", "iam:roles:createRole", "iam:permissions:listRolesForAgencyOnDomain", "iam:roles:deleteRole", "iam:identityProviders:createIdentityProvider", "iam:identityProviders:createMapping", "iam:identityProviders:createProtocol", "iam:permissions:listRolesForGroupOnDomain" , "iam:permissions:listRolesForGroupOnProject", "iam:permissions:grantRoleToGroupOnProject", "iam:identityProviders:createIDPMetadata", "iam:permissions:grantRoleToGroupOnDomain", "iam:identityProviders:getIdentityProvider", "iam:identityProviders:getMapping", "iam:identityProviders:deleteProtocol", "iam:identityProviders:getProtocol" ] } ] }
