Docs
uproject
Policy Management

Policy Management

Permissions describe the relationship between users and resources, determining the user’s access and control capabilities for resources.

A policy is a collection of permissions constructed by syntax. It consists of five parts: V (version) E (effect) A (action) R (resource). It precisely describes under what conditions for which resources are allow / deny to implement what operation.

  • V (version) syntax version maintained by UCloud Global. System policy current version V1, it can’t be modified; after editing and saving custom policies, it will automatically generate new versions.
  • E (effect) execution force, Allow or Deny.
  • A (action) API names, support one or more.
  • R (resource) resources, represented by urn.

UCloud Global provides two modes of permission policies:

  • System policy —— Configured and managed by UCloud Global
  • Custom policy —— Configured and managed by users

Policy Levels

The policies can be divided into two levels according to the scope of effect, the global level and the project level.

  • The global level applies to the entire account’s global services and does not differentiate by project. The global level policy does not support project-level authorization;
  • The project level applies to specified projects, the project-level policy supports project-level authorization;
  • Note: Some system policies belong to the global level / project level, and you can’t create custom policies of these types.

View System Policy

The system policy is a set of permissions packed by operation type. Click “Details” to view the APIs included in the policy and the reference situation.

Create Custom Policy

A custom policy can specify to allow / deny the operation of specific APIs. For example, do not allow sub-users to create new cloud hosts.

  • Custom policies support editing and deleting.
  • After the permission policy content is modified, the system will automatically generate a new permission policy version, which becomes the current version.
  • Supports setting historical versions as the current version.

Authorize Sub-Users

When authorizing, you need to distinguish between global level / project level authorization. If you select the project level, you need to select some projects under that account correspondingly.

STSProject Management