Help Center > > User Guide> IAM Permissions Management> Syntax of RBAC Policies

Syntax of RBAC Policies

Updated at: Dec 31, 2019 GMT+08:00

Policy Structure

An RBAC policy consists of a Version, a Statement, and Depends.

Figure 1 Policy structure

Policy Syntax

When selecting a policy for a user group, click below the policy to view the details of the policy. The MRS Administrator policy is used as an example to describe the syntax of RBAC policies.

Figure 2 Viewing policy details
{
        "Version": "1.0",
        "Statement": [
                {
                        "Effect": "Allow",
                        "Action": [
                                "MRS:MRS:*"
                        ]
                }
        ],
        "Depends": [
                {
                        "catalog": "BASE",
                        "display_name": "Server Administrator"
                },
                {
                        "catalog": "BASE",
                        "display_name": "Tenant Guest"
                }
        ]
}
Table 1 Parameter description

Parameter

Meaning

Value

Version

Policy version

The value is fixed to 1.0.

Statement

Action

Operations to be performed on MRS

Format: Service name:Resource type:Operation.

MRS:MRS:*: Permissions for performing all operations on all resource types in MRS.

Effect

Determines whether the operation defined in an action is allowed.

  • Allow
  • Deny

Depends

catalog

Name of the service to which dependencies of a policy belong

Service name

Example: BASE

display_name

Name of a dependent policy

Policy name

Example: Tenant Administrator

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel