How to create an IAM policy
An IAM policy is used to define the permissions of users, groups and applications in a given Organization. A policy is composed of a principal (the user, group or application to which it applies) and one or more IAM rules (which describe the permission sets the principal should have, and the scope of those permission sets).
Click the Policies tab. A list of the Organization’s existing policies displays:
Click the «Plus Icon» button to create a new IAM policy. The policy creation wizard displays:
Complete the steps of the first page of the creation wizard:
- Enter a name for the policy.
- Enter a description (optional).
- Select a principal, who will be the target of your policy. The principal should be the user, application or group who you want to give certain permissions to via this policy.
You can choose to create a policy without a principal for now, and attach the principal later. Be aware that the policy will have no effect until a principal is attached. A policy can only be attached to one principal at a time.
Click Add rules to progress to the next part of the policy creation wizard.Tip:
Rules define the actions that the attached principal will be able to carry out within the Organization. When creating a rule, you first set the scope of the rule, and then select the permission sets to apply within the scope. See our dedicated documentation for more help with policies, rules, scopes and permission sets.
Select a scope for the rule:
- To give the principal permissions to view, create, edit and/or delete resources, select the Access to resources scope. Then, select the Project in which you want the permissions to apply. You can select from all current and future Projects, all current Projects or select specific Projects.
- To give the principal permissions to Organization-level features such as IAM, billing, support & abuse tickets and project management, select the Access to Organization features scope.
Click Validate to continue.
Choose the permission sets for the rule by selecting the required boxes. You can select as many permission sets as you like. The principal will have the rights defined in these permission sets within the scope you set in step 6. See our dedicated documentation for more help with permission sets.
Click Validate. The rule, with its scope and permission sets, is added to the list of the policy’s rules.
Click Add new rule and repeat steps 6-8 as many times as required to add multiple rules to your policy.Tip:
You can delete «Delete Icon» or edit «Edit Icon» an existing rule by clicking the relevant button in the top right corner of the rule’s summary.
Click Create policy to finish.
You are returned to the Policies tab, where the newly-created policy now appears in the list.Note:
The application of Object Storage permissions can take up to 5 minutes.