Access Policy

<p class="shortdesc"></p> <p class="p">One important concept of policy management is access policy. Access policy is a set of permission that is described by its language which can precisely describe the authorized resource set, operation set and authorization condition. </p> <p class="p">In RAM, access policy is a kind of resource entity which can be created, updated, deleted and viewed by users. RAM allows to create and manage multiple custom access policies of a master account or sub account and supports two types of access policies:</p> <ul class="ul" id="Access_policy__ul_jdw_s1d_flb"> <li class="li"><strong class="ph b">System access policy</strong> is a commonly used permission set created and managed by Ping AnCloud. It is mainly aimed at read-only permission or full operation permission of different service types such as ECS ReadOnlyAcess and ECSFullAccess. Users can only authorize rather than edit or modify the access policy provided by Ping AnCloud. Ping AnCloud will automatically update or modify the system access policy. In addition, if a sub-account is authorized with the super access policy named AdministratorAcess in the system access policy, it will have the full administration permission of all resources that is equivalent to the master account. </li> <li class="li"><strong class="ph b">Custom access policy</strong> is created and managed by users and serves as an extension and supplement of the system access policy. The permission described by the system access policy is coarse-grained. If users need fine-grained authorization description such as precisely controlling the permission or add authorization condition limitation of a certain ECS instance, they should create custom authorization policy. It requires to understand the basic structure and rules of authorization policy language when creating custom authorization policy (referring to <a class="xref" href="https://pingancloud.com/ssr/help/manage/ram/appendix.authorizepolicy" target="_blank">Authorization Policy Language</a> in the appendix). Each access policy is essentially a set of permission.</li> </ul> <div class="note note note_note"><span class="note__title">Note:</span> When an authorization policy includes Allow and Deny authorization language, Deny is prioritized. </div>
Did the above content solve your problem? Yes No
Please complete information!

Call us

400-151-8800

Email us

cloud@pingan.com

Online customer service

Instant reply

Technical Support

cloud products