CloudBox custom permission policy reference

更新时间:
复制 MD 格式

If system policies do not meet your requirements, you can create custom permission policies to achieve least privilege. Custom permission policies provide an effective way to implement fine-grained permission control and enhance resource access security. This topic describes the operations related to custom permission policies for CloudBox.

What is a custom policy?

Resource Access Management (RAM) policies are classified into system policies and custom policies. You need to maintain custom policies.

  • After you create a custom policy, you need to attach it to a RAM user, a user group, or a RAM role so that the permissions specified in the policy can be granted to the principal.

  • You can delete a RAM policy that is not attached to a principal. If the RAM policy is attached to a principal, you must detach the RAM policy from the principal before you can delete the RAM policy.

  • Custom policies support version control. You can manage custom policy versions based on the version management mechanism provided by RAM.

Operational Documentation