Expression Policy

更新时间:2022-06-03 14:48:09

The basic elements of Policy are the basic components of a permission policy. IAM uses permission policies to describe the specific content of authorization.

Understanding the basic knowledge of the basic elements of Policy can help you use permission policies more reasonably.

Basic Elements of Policy

Element Description
Effect Specifies two types of authorization effects: Allow and Deny.
Action Operation refers to the use of specific resources
Resource Resources refer to specific objects that are authorized

Basic rules for using policy elements

  • Effect

Valid values are Allow and Deny.

  • Action

    Action supports multiple values defined by CDNetworks.

    Syntax
    < service-name>:< action-name>
    service-name
    the name of a CDNetworks service.
    action-name
    one or more operation names from the service.
    Example: “Action”: [“wos:ListBuckets”]
  • Resource

    Resources usually refer to the specific objects that are authorized.

    Syntax
    wsc:< service-name>:< region>:< account>:< relative-id>.
    wsc
    the acronym for CDNetworks console.

    service-name: the

    product name

    of a CDNetworks service, such as wos.

    region
    the region information. If the resource does not support this parameter,you can use an asterisk (*) wildcard character.
    account
    your login name(in English).
    relative-id
    the identifier of the service-related resource. The meaning of this element varies by service. The value of the relative-id element can be a file path. For example, relative-id = “mybucket/dir1/object1.jpg” indicates a WOS object.
    Example: “Resource”: [“wsc:wos:::mybucket”, “wsc:wos:::mybucket/*”]

Policy example

The meaning of the following permissions policy: allow read-only operations on WOS samplebucket, and prohibit write operations on WOS samplebucket:

{
"Version": "1",
"Statement":
[{

"Effect":"Allow",
"Action": ["wos:List*", "wos:Get*"],

"Resource": ["wsc:wos:::samplebucket", "wsc:wos:::samplebucket/*"],

},
{
"Effect":"Deny",
"Action": ["wos:Delete*", "wos:Put*"],

"Resource": ["wsc:wos:::samplebucket", "wsc:wos:::samplebucket/*"],

}]
}

本篇文档内容对您是否有帮助?
有帮助
我要反馈
提交成功!非常感谢您的反馈,我们会继续努力做到更好!