Back
IAM
CDNetworks Documentation IAM User Guide Structure and Syntax of Policy

Structure and Syntax of Policy

Last update:2026-03-25 15:11:38

Policy structure

Policy structure includes: version number and authorization statement (Statement) list.
Each authorization statement includes: Effect (authorization effect), Action (operations list), Resource (resource list).

Prerequisites for using the Policy syntax

Before using the Policy syntax, you should first understand the Policy characters and their usage rules.

  • Policy character
    JSON characters included in Policy: { } [ ] " , :.
    Description the special characters used by the syntax: = < > ( ) |.

Policy character usage rules

  • When an element allows multiple values, use commas and ellipses to express. For example:[ , , …].
Explanation:Among all elements that support multiple values, using single value expression is also effective, and both expressions have the same effect. For example: "Action": \[\]  and "Action":
  • An element with a question mark indicates that it is an optional element.
  • Multiple values are separated by a vertical bar (|), which means that only one of these values can be selected. For example: (“Allow” | “Deny”).
  • An element with double quotes indicates that this element is a text string. For example: = “Version” : (“1”).

Policy Syntax Description

Version: The Current supported policy version is 1.
Authorization statement: A Policy can have multiple authorization statements.

  • The effect of each authorization statement is Allow or Deny.
Explanation: In an authorization statement, both Action and Resource support multiple values.
  • Each authorization statement supports an independent condition (Condition) (not yet supported).
Explanation: A condition block can support multiple types of conditional operations and logical combinations of multiple conditions.

Deny priority principle: A user can be granted multiple permission Policy. When these permission Policy include both Allow and Deny, the Deny priority principle is Follow.
Element value:

  • When the value is a number (Number) or a Boolean (Boolean), similar to a character string, double quotation marks are required.
  • When the value of an element is a character string value (String), it supports fuzzy matching using * and ?.
  • Represents 0 or more arbitrary English letters.
Explanation: For example, ecs:Describe* represents all actions of ecs that start with Describe.
  • ? represents an arbitrary English letter.

Policy format check

IAM only supports JSON format. When creating or updating a permissions Policy, IAM first checks the JSON format for correctness.

  • Please refer to RFC 7159 for the syntax standard of JSON.
  • You can also use some online JSON format validators and edit to verify the validity of JSON text.
Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!

CDNetworks Inc., © 2025. 1840 Enterprise Way, Monrovia, CA 91016 – All rights reserved.