平安云|Ping An Cloud- Building Your Smart Future

Products
- Recommended
- Cloud Essential Products
- Big Data
- Enterprise Applications
- Developer Services
No results found. Please try re-entering the product name
Popular Products

Elastic Compute Service HOT

Machine Vision HOT

IoT Platform HOT

Dedicated Host

API Gateway

Data Transmission Service

Key Management Service

E-MapReduce

Application Management Service

Latest Products

Voiceprint Recognition NEW

Cloud Digital Signature Service

Resource Orchestration Service

DB Backup and Recovery Service

Database Management Service

Omni-Sinitic

Registration

Recommended Services

Documentation

Partners

Computing

Elastic Compute Service HOT

Elastic GPU Service

Dedicated Host

Auto Scaling

Bare Metal Service

Pingan Kubernetes cluster Service

Storage

Elastic Block Storage

Object Based Storage

CloudNAS

Backup

DB Backup and Recovery Service

Network&CDN

Virtual Private Cloud

Elastic Load Balancing

Internet Gateway

NAT Gateway

Express Connect

VPN Gateway

Content Distribution Network

Security

Ping An Host Security NEW

Web Scan

Web Application Firewall

Ping An Security Center (PSC)

Certificate Authority Service

Security Expert Service

Web Application Firewall ( New )

Mobile Security

Database

RDS-PostgreSQL

RDS-MySQL

Redis

Document Database Service

TiDB

Database Management Service

PingAn Database Audit Service

Data Transmission Service

Advanced Database Service

Big Data Computing

E-MapReduce

Big Data Search and Analysis

Ping An Brain

Log Service

Big Data Application

Nebula BI

Big Data Solutions

Facial Recognition

Fake ID Identification

Voiceprint-based Verification

Domain Name and Website

Domain Name Service

Domain Name Registration NEW

Platform

IoT Platform

Edge Node Service (Beta) NEW

Communications

Direct Mail

Short Message Service

PAVIDEO

Intelligent Management

AnBot

Office Automation

Electronic Voucher Platform Core

Digital Signatures Certification System

ZHI NIAO

RPA Robee

Unified Collaborative Office Platform

Auto Service

Ping An Drive

Management & Monitoring

Key Management Service

Argus

Resource Access Management

Operation System Platform

Middleware

API Gateway

Message Queue

Message Queue Kafka (Beta)

IT Management & Tools

Wizard

ServiceBot

D7 Extended Deployment Automation

LINKDO

Application Management Service

Dynamic Traffic Distribution Platform

WiseAPM

WiseAPM Mobile

WiseAPM Browser

WiseAPM DialTest

WiseAPM Database
Solutions
- Universal Solutions
- Industry Solutions
Enterprise Service Solutions

Unified Platform

Collaborative Office

Swift Website Deployment

Hybrid Cloud Solutions

Cloud Migration

Big Data Solutions

Facial Recognition

Fake ID Identification

AI Solutions

AI-Smart Home

Security Solutions

Universal Security

Financial Cloud Security

Private Cloud Solutions

Ping An Private Cloud NEW

Financial Solutions

Bank

Insurance

Investment

Internet Finance

Smart City Solutions

Smart Public Security

Smart Penitentiary

Smart Airport

Smart Port

Smart Traffic

Smart Higher Education

Smart Community

Smart Building

Smart Scenic Areas

Smart Environment Protection

Medical Solutions

Smart Medical Platform

PACS Cloud Solution for Medical Imagery

Medical Active-Standby Cloud system
Customers
Pricing
Partners
Documentation
About Us

<p class="shortdesc"></p> <p class="p">One important concept of policy management is access policy. Access policy is a set of permission that is described by its language which can precisely describe the authorized resource set, operation set and authorization condition. </p> <p class="p">In RAM, access policy is a kind of resource entity which can be created, updated, deleted and viewed by users. RAM allows to create and manage multiple custom access policies of a master account or sub account and supports two types of access policies:</p> <ul class="ul" id="Access_policy__ul_jdw_s1d_flb"> <li class="li"><strong class="ph b">System access policy</strong> is a commonly used permission set created and managed by Ping AnCloud. It is mainly aimed at read-only permission or full operation permission of different service types such as ECS ReadOnlyAcess and ECSFullAccess. Users can only authorize rather than edit or modify the access policy provided by Ping AnCloud. Ping AnCloud will automatically update or modify the system access policy. In addition, if a sub-account is authorized with the super access policy named AdministratorAcess in the system access policy, it will have the full administration permission of all resources that is equivalent to the master account. </li> <li class="li"><strong class="ph b">Custom access policy</strong> is created and managed by users and serves as an extension and supplement of the system access policy. The permission described by the system access policy is coarse-grained. If users need fine-grained authorization description such as precisely controlling the permission or add authorization condition limitation of a certain ECS instance, they should create custom authorization policy. It requires to understand the basic structure and rules of authorization policy language when creating custom authorization policy (referring to <a class="xref" href="https://pingancloud.com/ssr/help/manage/ram/appendix.authorizepolicy" target="_blank">Authorization Policy Language</a> in the appendix). Each access policy is essentially a set of permission.</li> </ul> <div class="note note note_note"><span class="note__title">Note:</span> When an authorization policy includes Allow and Deny authorization language, Deny is prioritized. </div>

Did the above content solve your problem? Yes No

Please complete information！

Ok Cancel