更新时间:2022-06-03 14:48:09
The basic elements of Policy are the basic components of a permission policy. IAM uses permission policies to describe the specific content of authorization.
Understanding the basic knowledge of the basic elements of Policy can help you use permission policies more reasonably.
Element | Description |
---|---|
Effect | Specifies two types of authorization effects: Allow and Deny. |
Action | Operation refers to the use of specific resources |
Resource | Resources refer to specific objects that are authorized |
Valid values are Allow and Deny.
Action
Action supports multiple values defined by CDNetworks.
Resource
Resources usually refer to the specific objects that are authorized.
service-name: the
product name
of a CDNetworks service, such as wos.
The meaning of the following permissions policy: allow read-only operations on WOS samplebucket, and prohibit write operations on WOS samplebucket:
{
"Version": "1",
"Statement":
[{
"Effect":"Allow",
"Action": ["wos:List*", "wos:Get*"],
"Resource": ["wsc:wos:::samplebucket", "wsc:wos:::samplebucket/*"],
},
{
"Effect":"Deny",
"Action": ["wos:Delete*", "wos:Put*"],
"Resource": ["wsc:wos:::samplebucket", "wsc:wos:::samplebucket/*"],
}]
}