yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a41a4e0331fbc0beff63bb28fa59228cc9a751df
doc-exports/docs/dc/umn/dc_04_0902.html
fanqinying 0c32f72912 DC UMN 20241018 version 
Reviewed-by: Hajba, László Antal <laszlo-antal.hajba@t-systems.com>
Co-authored-by: fanqinying <fanqinying@huawei.com>
Co-committed-by: fanqinying <fanqinying@huawei.com>
2024-11-19 16:51:45 +00:00

66 lines
4.5 KiB
HTML
Raw Blame History

<a name="dc_04_0902"></a><a name="dc_04_0902"></a>
<h1 class="topictitle1">Example Custom Policies</h1>
<div id="body8662426"><p id="dc_04_0902__en-us_topic_0000001126412674_p188731016112412">Custom policies can be created to supplement the system-defined policies of Direct Connect.</p>
<p id="dc_04_0902__en-us_topic_0000001126412674_p2096715716469">You can create custom policies in either of the following ways:</p>
<ul id="dc_04_0902__en-us_topic_0000001126412674_ul169673794612"><li id="dc_04_0902__en-us_topic_0000001126412674_en-us_topic_0171307069_li5764181518386">Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.</li><li id="dc_04_0902__en-us_topic_0000001126412674_en-us_topic_0171307069_li546410135389">JSON: Edit JSON policies from scratch or based on an existing policy.</li></ul>
<p id="dc_04_0902__p6979983412">For details about how to create custom policies, see <a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0016.html" target="_blank" rel="noopener noreferrer">Creating a Custom Policy</a>. The following section contains examples of common Direct Connect custom policies.</p>
<div class="section" id="dc_04_0902__en-us_topic_0000001126412674_section3496952134619"><h4 class="sectiontitle">Example Custom Policies</h4><ul id="dc_04_0902__en-us_topic_0000001126412674_ul330092084719"><li id="dc_04_0902__en-us_topic_0000001126412674_li157994810234">Example 1: Allowing users to update a virtual gateway<pre class="screen" id="dc_04_0902__en-us_topic_0000001126412674_screen13635532133816">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dcaas:vgw:update"
]
}
]
}</pre>
</li></ul>
</div>
<ul id="dc_04_0902__en-us_topic_0000001126412674_ul186354327388"><li id="dc_04_0902__en-us_topic_0000001126412674_li1635193211389">Example 2: Denying users to modify a connection<p id="dc_04_0902__en-us_topic_0000001126412674_p1552125113327"><a name="dc_04_0902__en-us_topic_0000001126412674_li1635193211389"></a><a name="en-us_topic_0000001126412674_li1635193211389"></a>A policy with only Deny permissions must be used in conjunction with other policies to take effect. If permissions assigned to a user contain both Allow and Deny actions, the Deny action takes precedence over the Allow action.</p>
<p id="dc_04_0902__en-us_topic_0000001126412674_p513511241748">The following method can be used if you need to assign permissions of the <strong id="dc_04_0902__en-us_topic_0000001126412674_b10220125018107">DCAAS FullAccess</strong> policy to a user but also forbid the user from modifying connections. Create a custom policy for denying connection modification, and assign both policies to the group the user belongs to. Then the user can perform all operations on Direct Connect except modifying connections.</p>
<p id="dc_04_0902__en-us_topic_0000001126412674_p175211851103218">The following is an example of a deny policy:</p>
<pre class="screen" id="dc_04_0902__en-us_topic_0000001126412674_screen19521195116323">{
"Version": "1.1",
"Statement": [
{
"Effect": "Deny",
"Action": [
"dcaas:directConnect:update"
]
}
]
}</pre>
</li><li id="dc_04_0902__en-us_topic_0000001126412674_li05221851163216">Example 3: Defining permissions for multiple services in a policy<p id="dc_04_0902__en-us_topic_0000001126412674_p41401540444"><a name="dc_04_0902__en-us_topic_0000001126412674_li05221851163216"></a><a name="en-us_topic_0000001126412674_li05221851163216"></a>A custom policy can contain the actions of multiple services that are of the global or project-level type.</p>
<p id="dc_04_0902__en-us_topic_0000001126412674_p192581825133717">The following is an example policy containing actions of multiple services:</p>
<pre class="screen" id="dc_04_0902__en-us_topic_0000001126412674_screen194043875518">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"vpc:vpcs:list",
"vpc:subnets:get",
"vpc:routes:list"
]
},
{
"Effect": "Allow",
"Action": [
"dcaas:vif:list",
"dcaas:vgw:list",
"dcaas:directConnect:list"
]
}
]
}</pre>
</li></ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dc_03_0900.html">Permissions Management</a></div>
</div>
</div>
View Git Blame Copy Permalink