[IAM] Policy

Policy refers to the scope of privileges that APS can perform, and is used when you create a Role to assign to a user.

What is policy?

Policy refers to the scope of privileges that APIs can perform. There are managed/custom types of policies.

DefinitionThis is a globally defined policy in a repository service,
and it is managed and shared directly by the overall system administrator.
This is a common policy that is convenient for most users.
It is a self-defined policy per domain,
and is useful when managing detailed privileges for each domain.
Create, edit, deleteX (Possible)O (Impossible)
ReadO (Possible)O (Possible)

For detailed information, see [Understanding policy] (/ko/docs/concepts/identity/rbac/understanding-policy).

Viewing policy

After clicking the policy type you want to check, you can enter the policy detail page through an ID field linked to a table.


Creating policy

Enter the page to create a policy by using the [Create] button on the right.


You can create a policy after entering a name, description, and privileges.

Multiple privileges can be entered, separated by newlines.

Examples of privileges are as follows, and they have a ‘{service}.{resource}.{action}’ format:

ExampleDescription of examples
identity.Project.*Full privileges to take whatever types of actions over project resources
identity.ProjectGroup.*Full privileges over all project group resources
identity.User.getPrivilege to obtain user resources
identity.User.updatePrivilege to update user resources
identity.User.listPrivilege to list user resources

For detailed information on services, resources, etc., see [here].

Editing policy

Enter the page of the policy you want to edit

Editing policy name

After clicking the edit icon button on the right side of a title, you can edit the name of the policy in a created modal dialog.


Editing policy content

You can edit the description of a policy in the input box of a description field.

You can edit privileges from code blocks at the bottom. Multiple privileges are separated by newlines.


Removing policy

Enter the policy page you want to delete.

After clicking the delete icon button, you can delete the policy from a created modal dialog.


Since a policy connected to a role is impossible to remove, visit and review the role page if you have any issues removing a policy.