yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/kms/umn/dew_01_0161.html
qinweiwei 3e4721c813 KMS UMN 20251111 version 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qinweiwei <qinweiwei@huawei.com>
Co-committed-by: qinweiwei <qinweiwei@huawei.com>
2026-01-19 09:05:54 +00:00

69 lines
3.1 KiB
HTML
Raw Blame History

<a name="dew_01_0161"></a><a name="dew_01_0161"></a>
<h1 class="topictitle1">Creating a Custom KMS Policy</h1>
<div id="body8662426"><p id="dew_01_0161__p57510619287">Custom policies can be created as a supplement to the system policies of DEW. For details about the actions supported by custom policies, see "Permissions Policies and Supported Actions" in <i><cite id="dew_01_0161__cite10688222153919">Key Management Service API Reference</cite></i>.</p>
<p id="dew_01_0161__p276691522817">You can create custom policies in either of the following ways:</p>
<ul id="dew_01_0161__ul3766101542817"><li id="dew_01_0161__li19766915202816">Visual editor: You can select policy configurations without the need to know policy syntax.</li><li id="dew_01_0161__li197661815152811">JSON: Edit JSON policies from scratch or based on an existing policy. This section describes typical DEW custom policies.</li></ul>
<div class="section" id="dew_01_0161__en-us_topic_0195548199_section1435112710517"><h4 class="sectiontitle">Example Custom Policies of DEW</h4><ul id="dew_01_0161__en-us_topic_0195548199_ul62271559152"><li id="dew_01_0161__en-us_topic_0195548199_li1822710591952">Example: authorizing users to create and import keys<pre class="screen" id="dew_01_0161__screen1115880143016">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:cmk:create",
"kms:cmk:getMaterial",
"kms:cmkTag:create",
"kms:cmkTag:batch",
"kms:cmk:importMaterial"
]
}
]
}</pre>
</li></ul>
</div>
<ul id="dew_01_0161__en-us_topic_0195548199_ul129051927419"><li id="dew_01_0161__li18532145110130">Example: authorizing users to use keys<pre class="screen" id="dew_01_0161__screen96572672818">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:dek:crypto",
"kms:cmk:get",
"kms:cmk:crypto",
"kms:cmk:generate",
"kms:cmk:list"
]
}
]
}</pre>
</li><li id="dew_01_0161__li15528818102116">Example: multi-action policy<p id="dew_01_0161__en-us_topic_0195107214_p158662027183215"><a name="dew_01_0161__li15528818102116"></a><a name="li15528818102116"></a>A custom policy can contain actions of multiple services that are all of the global or project-level type. The following is a policy with multiple statements:</p>
<pre class="screen" id="dew_01_0161__screen1276474052213">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:task:list"
]
},
{
"Effect": "Allow",
"Action": [
"kms:dek:crypto",
"kms:cmk:get",
"kms:cmk:crypto",
"kms:cmk:generate",
"kms:cmk:list"
]
}
]
}</pre>
</li></ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dew_01_0133.html">Permission Control</a></div>
</div>
</div>
View Git Blame Copy Permalink