A rule (also known as an IAM rule) is the part of a policyOpen in new context that defines the permissions of the policy's principalOpen in new context, and the scope of these permissions. A policy can have one or many rules. Each rule consists of:
-
A scope, which defines where the permission sets should apply. At Scaleway, a scope can be at ProjectOpen in new context or OrganizationOpen in new context level.
- Projects group your Scaleway resources (eg. Instances, Object Storage buckets, Managed Databases etc.) together. An Organization may have many Projects, or just one default Project. If you choose to define scope at Project level, you can select one, many, or all Projects. When you then define the permission setsOpen in new context for this scope, you can give access to different resources within the Project(s).
- An Organization is made of one or several Projects. Billing, IAM, Project management and support are all managed at Organization level, so choose the Organization scope to give access to these features.
-
One or more permission setsOpen in new context (eg. "list all Instances"). A permission set consists of one or multiple permissionsOpen in new context to perform actions on resources or features. Each permission set has a clear description, e.g.
InstancesFullAccess,InstancesReadOnly,RelationalDatabasesFullAccess,BillingReadOnly.
List rules of a given policy
List the rules of a given policy. By default, the rules listed are ordered by creation date in ascending order. This can be modified via the order_by field. You must define the policy_id in the query path of your request.
query Parameters
policy_idId of policy to search.
page_sizeNumber of results per page. Value must be between 1 and 100.
pagePage number. Value must be greater than 1.
List rules of a given policy › Responses
Rules of the policy.
total_countTotal count of rules.
Set rules of a given policy
Overwrite the rules of a given policy. Any information that you add using this command will overwrite the previous configuration. If you include some of the rules you already had in your previous configuration in your new one, but you change their order, the new order of display will apply. While policy rules are ordered, they have no impact on the access logic of IAM because rules are allow-only.
Set rules of a given policy › Request Body
policy_idId of policy to update.
Rules of the policy to set.
Set rules of a given policy › Responses
Rules of the policy.