Create a custom policy

Creation methods

• Create a custom policy by using the visual editor

  Configure permissions in a WYSIWYG visual editor with built-in validation.

• Create a custom policy by using the JSON editor

  Write a custom policy in JSON. Ideal for users familiar with policy syntax.

• Create a custom policy by importing a policy

  • Import a policy template: Start from built-in templates for common roles (system administrator, financial staff, network administrator) and customize them.

  • Import a system policy: Import and modify an existing system policy.

Use the visual editor

1. Sign in to the RAM console as a RAM administrator.

2. In the left-side navigation pane, choose Permissions > Policies.

3. On the Policies page, click Create Policy.

   

4. On the Create Policy page, click the Visual Editor tab.

   

5. Configure the permission policy.

   Learn about the effect, action, resource, and condition elements in Basic elements of a permission policy.

   1. In the Effect section, select Allow or Deny.

   2. In the Service section, select a cloud service.

      Note

      The visual editor supports only the cloud services listed in the console.

   3. In the Action section, select All action(s) or Select action(s).

      Actions are filtered by the selected cloud service. If you select Select action(s), select individual actions.

   4. In the Resources section, select All Resources or Specified resource(s).

      Resource types are filtered by the selected actions. If you select Specified resource(s), click Add Resource to specify resource ARNs. Use Match All to select all resources for a resource type.

      Note

      Resource ARNs required by the selected actions are marked Required. Configure these ARNs to restrict the scope of permissions.

   5. In the Condition section, click Add Condition to configure conditions.

      Alibaba Cloud conditions and service-specific conditions are filtered by the selected cloud service and actions. Select a condition key and set its value.

   6. Click Add Statement and repeat the steps above to configure multiple policy statements.

6. At the top of the page, click Optimize, and then click Perform to optimize the policy.

   This feature:

   • Splits resources or conditions for incompatible actions

   • Reduces resource scope for greater precision

   • Removes duplicate statements or merges statements

7. On the Create Policy page, click OK.

8. In the Create Policy dialog box, enter a policy name and Description, then click OK.

Use the JSON editor

1. Sign in to the RAM console as a RAM administrator.

2. In the left-side navigation pane, choose Permissions > Policies.

3. On the Policies page, click Create Policy.

   

4. On the Create Policy page, click the JSON Editor tab.

   

5. Enter the policy content.

   Write the policy in JSON format following Policy syntax and structure.

6. At the top of the page, click Optimize, and then click Perform to optimize the policy.

   This feature:

   • Splits resources or conditions for incompatible actions

   • Reduces resource scope for greater precision

   • Removes duplicate statements or merges statements

7. On the Create Policy page, click OK.

8. In the Create Policy dialog box, enter a policy name and Description, then click OK.

Import a policy

1. Sign in to the RAM console as a RAM administrator.

2. In the left-side navigation pane, choose Permissions > Policies.

3. On the Policies page, click Create Policy.

   

4. On the Create Policy page, click Import Policy.

   

5. In the upper-right corner of the Import Policy dialog box, select policy template or System Policy from the drop-down list, and then import a policy.

   

   1. Select a policy template or system policy.

   2. For some policy templates, you must configure parameters to meet your business requirements.

   3. Select an import rule for the new policy.

      By default, imported content overwrites existing content. Select Do not overwrite. Append the new statement to the end. to append instead.

   4. Click Import.

6. In the visual editor or JSON editor, review and modify the imported content.

7. At the top of the page, click Optimize, and then click Perform to optimize the policy.

   This feature:

   • Splits resources or conditions for incompatible actions

   • Reduces resource scope for greater precision

   • Removes duplicate statements or merges statements

8. On the Create Policy page, click OK.

9. In the Create Policy dialog box, enter a policy name and Description, then click OK.