Skip to navigationSkip to main contentSkip to footerScaleway Docs
Log inSign up

How to manage IAM policies

You can manage IAM policies in an Organization if you are the Owner of that Organization, or if you have sufficient permissions (via existing policies) to do so. Management actions including editing, attaching and detaching policies to/from groups and deleting groups from the Organization.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization

How to access the policy overview

  1. Click IAM & API keys on the top-right drop-down menu of the Scaleway console. The Users tab of the Identity and Access Management dashboard displays.
  2. Click the Policies tab. A list of the Organization's IAM policies displays.
  3. Click the name of the policy you want to manage. Alternatively, click more icon next to the policy, and select Overview. Either way, you are taken to the policy's Overview page. Follow the steps below depending on the management action you wish to take.

How to edit a policy's name and description

From the policy's Overview page:

  • Click directly on the policy name at the top of the page (instance-manager in the example above) to edit it, and click validate icon when finished.
  • Click directly on the policy description in the Policy Information panel (data-project-group in the example above) to edit it, and click validate icon when finished.

How to edit a policy's rules

  1. From the policy's Overview page, scroll down to the Rules panel and click edit icon next to the rule you want to edit.
  2. Edit the rule as required. You can edit the scope, permission sets and conditions.
    Important

    Conditions can only be edited using the Advanced editor. You must update the CEL expression in the editor to update the condition. Refer to the Understanding policy conditions documentation page for more details about how to write condition expressions, as well as examples of conditions.

  3. Click Validate to finish.
    Tip

    See our documentation about creating policies for more help with building rules.

How to detach a policy from a user

  1. Click the x button next to the policy you want to detach from the user. A pop-up displays asking you to confirm the action.
  2. Click Detach policy to confirm.
    Important

    Since policies can only be attached to one principal at a time, detaching a policy from the user means that the policy becomes orphaned. The policy will remain in your list of policies, but will have no effect until you attach it to another principal.

How to attach another policy to a user

A user may be attached to multiple policies.

  1. Click Attach a policy to attach another policy to the user. A pop-up displays.

  2. Select an action between: creating a new policy, selecting an unassigned policy or duplicating an existing policy.

    Note

    When you create a new policy or duplicate an existing one, you are redirected to the IAM policies page. The following steps apply when you choose to select an unassigned policy.

  3. Select the policy you want to attach to the user from the drop-down list.

  4. Click Validate to finish. The selected policy is attached to the user.

How to delete a policy

Important

Be aware that when deleting a policy, all permissions it gives to its principal (user, group, or application) will be revoked.

  1. From the policy's Overview page, scroll down to the Delete policy panel.
  2. Click Delete policy. A warning displays, asking you to confirm your action.
  3. Type DELETE to confirm, and click Delete policy to validate.
See Also
How to create a policyHow to view event logs
Still need help?

Create a support ticket
No Results