更新时间:2025-11-03 gmt 08:00
appstage自定义策略-j9九游会登录
如果系统预置的appstage权限,不满足您的授权要求,可以创建自定义策略。目前华为云支持以下两种方式创建自定义策略:
- 可视化视图创建自定义策略:无需了解策略语法,按可视化视图导航栏选择云服务、操作、资源、条件等策略内容,可自动生成策略。
- json视图创建自定义策略:可以在选择策略模板后,根据具体需求编辑策略内容;也可以直接在编辑框内编写json格式的策略内容。
具体创建步骤请参考:创建自定义策略。本章为您介绍常用的appstage自定义策略样例。
appstage自定义策略样例
示例:授权用户应用平台管理员权限并授予依赖权限。
- 授权用户应用平台管理员权限。
appstage管理员权限为全局级权限。
{ "version": "1.1", "statement": [ { "action": [ "appstage:*:*" ], "effect": "allow" } ] } - 授予依赖的cbc权限。
需要授予cbc的如下权限,这些权限为项目级权限。
{ "version": "1.1", "statement": [ { "effect": "allow", "action": [ "bss:order:pay", "bss:order:view", "bss:balance:view", "bss:unsubscribe:update" ] } ] } - 授予依赖的iam权限。
需要授予iam的如下权限,这些权限为全局级权限。
{ "version": "1.1", "statement": [ { "effect": "allow", "action": [ "iam:credentials:listcredentials", "iam:permissions:grantroletoagencyondomain", "iam:credentials:updatecredential", "iam:agencies:listagencies", "iam:tokens:assume", "iam:roles:updaterole", "iam:roles:listroles", "iam:agencies:createagency", "iam:permissions:listrolesforagency", "iam:projects:listprojects", "iam:groups:listgroups", "iam:groups:creategroup", "iam:permissions:grantroletoagency", "iam:credentials:createcredential", "iam:credentials:deletecredential", "iam:agencies:updateagency", "iam:permissions:revokerolefromagency", "iam:roles:getrole", "iam:roles:createrole", "iam:permissions:listrolesforagencyondomain", "iam:roles:deleterole", "iam:identityproviders:createidentityprovider", "iam:identityproviders:createmapping", "iam:identityproviders:createprotocol", "iam:permissions:listrolesforgroupondomain" , "iam:permissions:listrolesforgrouponproject", "iam:permissions:grantroletogrouponproject", "iam:identityproviders:createidpmetadata", "iam:permissions:grantroletogroupondomain", "iam:identityproviders:getidentityprovider", "iam:identityproviders:getmapping", "iam:identityproviders:deleteprotocol", "iam:identityproviders:getprotocol" ] } ] }
相关文档
意见反馈
文档内容是否对您有帮助?
提交成功!非常感谢您的反馈,我们会继续努力做到更好!
您可在查看反馈及问题处理状态。
系统繁忙,请稍后重试
如您有其它疑问,您也可以通过华为云社区问答频道来与我们联系探讨
