Authorization information

General structure of a policy

A policy is a JSON document with the following structure:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

Policy fields:

• Effect: the authorization effect. Valid values: Allow and Deny.

• Action: one or more API operations to allow or deny. Supported values are listed in the Action section.

• Resource: one or more resources specified by Alibaba Cloud Resource Name (ARN).

• Condition: optional conditions for the policy to take effect. Supported keys are listed in the Condition section.

  • Condition_operator: the conditional operator. Supported operators are listed in Policy elements.

  • Condition_key: the condition key.

  • Condition_value: the condition value.

Action

The following table lists Action values defined by Cloud Shell for RAM policy statements.

• Operation: the Action value in a policy statement.

• Resource type: the resource scope. All Resources indicates that resource-level permissions are not supported.

Condition

Cloud Shell does not define service-specific condition keys. Common condition keys are listed in Policy elements.

Related operations

Attach a custom policy to a RAM user, user group, or role:

• Grant permissions to a RAM user

• Grant permissions to a RAM user group

• Grant permissions to a RAM role