You need to enable JavaScript to run this app.
IAM

IAM

  • Documentation
    • IAMUser GuidePermission PolicyCreate custom policy
Copy page
Download PDF
Permission Policy
Create custom policy
Copy page
Download PDF
Create custom policy

Applicable scenario

When the main account of Volcano Engine or a sub-user with access control management rights authorizes, if the system preset policy cannot meet the requirements, the permissions can be defined through a custom policy.

Create custom policy

1. Visual Policy Editor: Provide a WYSIWYG visual policy editing interface, without in-depth understanding of policy syntax, select policy content such as effects, services, operations, resources, conditions, etc. in the interface, and automatically generate policy syntax, which is recommended for use.

2. JSON editor: provides JSON syntax editor, you need to customize the generation policy according to the policy syntax rules, suitable for users who are familiar with the policy syntax.

tip

The current range of products supported by the visual editor is limited. If the service you use does not support visual policy editing, you can switch to the JSON editor editing policy. When you use the JSON editor to edit the syntax, switching to the visual editor may not be recognized. Unrecognized does not mean that the policy content must be wrong. If you confirm that the policy syntax is correct, you can submit the policy normally. We will continue to open more products to make it easier for you to edit product strategies in the visual editor.

How to use the Visual Policy Editor

  1. Enter the visual policy editor: log in to the Volcano Engine account or sub-user with access control management rights, enter "Access Control - Policy Management" , click " Create Policy ".

  2. Define the policy name and remarks:

    1. Policy name(required): Enter the name of the proposed custom policy as required in the edit box of "Policy name"

    2. Remarks(optional): In the "Remarks" edit box, you can enter relevant description information and other content to customize the policy as required to distinguish different policies.

  3. Configure permission claims: You can include one or more permission claims in a custom policy. If you need multiple permission statements, you can click " Add permission statement " on the page to add.

    1. Effect (required): Select Allow or Deny . Denied means that the user or group of users granted the policy will be denied the relevant action under the policy. For a detailed description of the effect, please refer to the documentation of the effect .

    2. Services (required): Select the Service you wish to define.

    3. Operation (required): Select all operations or specify operations , the system matches the configurable operations according to the service you choose, if you choose the specified operation, you need to continue to select the specific operation. A detailed description of the operation can be found in the operation documentation .

    4. Resources(required): Select all resources or specify resources , the system will match the configurable resource type according to your selection of services and operations, if you choose to specify resources, you need to continue to configure the TRN of specific resources. For a detailed description of the resource, refer to the resource's documentation .

    5. Condition(optional): Click " Add Condition " to configure the condition, and you need to configure the condition key and its related information and condition value. For a detailed description of the conditions, please refer to the documentation of the conditions .

    6. During the process of configuring permission declarations, you can also switch the JSON editor according to your needs to write corresponding policies according to the policy syntax rules, and the system will automatically synchronize the options in the visual policy editor to the JSON editor. Conversely, the policy content you write in the JSON Policy Editor can be automatically synced to the Visual Policy Editor.

  4. Generate a custom policy: After completing the relevant content in the policy name and policy permission statement in the policy, you can click "Submit" to complete the policy creation.

  5. Next steps: Authorization operations for customized policies can be completed for users and user groups according to business scenarios.

tip

You can click "Import Existing Policies" on the Visual Policy Editor page and select the system default policy or the completed custom policy. You can search or filter by field such as type and product according to the policy name, quickly find and select the existing policy, and click "Confirm" after completion. The system will automatically generate the corresponding permission declaration according to the selected existing policy. You can use the visual policy editor or JSON editor to modify or increase the permission declaration. For specific usage methods, please refer to the usage method of the visual policy editor.

How to use the JSON editor

When the visual editor does not support the service you need to configure, you can switch to the JSON editor for syntax editing. Understand policy syntax . You can also import existing policies and make secondary edits. When you use the JSON editor to edit the syntax, switching to the visual editor may not be recognized. Unrecognized does not mean that the policy content must be wrong. If you confirm that the policy syntax is correct, you can submit the policy normally. We will continue to open more products to make it easier for you to edit product strategies in the visual editor.

Last updated: 2025.06.23 19:40:28