The page has been translated by Gen AI.

Policy

The user can enter the required information of the policy and select detailed options through the Samsung Cloud Platform Console to create the corresponding service.

Create a policy

To create a policy, follow the following procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click the Create Policy button. It moves to the Create Policy page.

Basic Information Input, Additional Information Input area, enter the required information, then click the Next button. It moves to the Permission Setting area.

Classification	Mandatory	Detailed Description
Policy Name	Required	Policy Name Input Use Hangul, English, numbers, and special characters (`+=,.@-_`) to enter a value between 3 and 128 characters
Description	Selection	A detailed description of the policy name A detailed description of the policy name, up to 1,000 characters can be entered
tag	selection	policy to add tag up to 50 tags can be added per resource

Table. Policy Creation Information Input Items - Basic Information and Additional Information

Select the service for which you want to set permissions. The permission settings item will be displayed under the name of the selected service.

You can select the desired service or set up all services.

Permission Setting area, please enter the required information.

Classification	Mandatory	Detailed Description
control type	required	policy control type selection Allow policy: a policy that allows the defined authorities Deny policy: a policy that denies the defined authorities the deny policy is applied first to the same target
Action	Required	Select actions provided for each service Actions that allow individual resource selection are displayed in purple Actions that target all resources are displayed in black Add Action Directly: Multiple actions can be specified at once using the Wildcard `*`
Applied Resource	Required	Resource to which the action is applied All Resources: Apply to all resources for the selected action Individual Resource: Apply only to the specified resource for the selected action Individual resources are only possible when selecting individual resources during purple action selection Click the Add Resource button to specify the target resource by resource type For more information on Add Resource, see Registering individual resources as applied resources
Authentication Type	Required	Authentication method for the target users to apply the policy All Authentication: Applies regardless of authentication method API Key Authentication: Applies to users who use API key authentication Session Key Authentication, Console Login: Applies to users who use session key authentication or console login
Applied IP	Required	IP that allows policy application Custom IP: IP that users directly register and manage Applied IP: IP that users directly register and apply policies, which can be registered in IP address or range format Excluded IP: IP to be excluded from Applied IP, which can be registered in IP address or range format All IP: Does not restrict IP access Allows access to all IPs, but if an exception is needed, Excluded IP can be registered to restrict access to registered IPs
Additional Conditions	Select	Add conditions for Attribute-Based Access Control (ABAC) Condition Key: Select from Global Condition Key and Service Condition Key list Qualifier: Default, Any value in request, All values in request Operator: Bool, Null Value: True, False

Table. Policy Creation Information Input Items - Authority Settings

Caution

In the authority setting, it provides basic mode and JSON mode.

Basic Mode에서 작성 후 JSON Mode 진입 또는 화면 이동 시, becomes * When entering JSON Mode or moving the screen after writing in Basic Mode, identical services are integrated into one and services with incomplete settings are deleted.
JSON mode content written in a format that does not match JSON format cannot be converted to default mode.

Authority Setting area, please select the service to set the authority first.

Policy Import allows you to create a policy by importing an existing registered policy. For more information on Policy Import, please refer to Policy Import.

Next button will be clicked. It moves to the Input Information Confirmation page.
Check the input information and click the Complete button. It will move to the Policy List page.

Policy Import

You can bring in existing policies and refer to them when creating policies. To bring in existing policies, follow these steps.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click the Create Policy button. It moves to the Create Policy page.
Basic Information Input, Additional Information Input area, please enter the necessary information.
Next button click. It moves to the Permission Settings area.
Policy Import button is clicked. Policy Import popup window opens.
The list of policies registered in the Account will be retrieved. Select the policy you want to import and click Confirm.
The imported policy is entered in the permission setting area and can be edited.

Note

Policy Import will be executed, then all previously entered contents will be deleted and replaced with the setting values of the selected policy.

Registering individual resources as applied resources

Authority Setting area where you can register individual resources as applied resources. To register individual resources as applied resources, follow the next procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click the Create Policy button. Move to the Create Policy page.
Basic Information Input, Additional Information Input area, please enter the necessary information.
Next button click. It moves to the Permission Settings area.
Authorization settings area, select the service to set authorization.
Action 선택에서 Individual Resource 선택이 가능한 Action을 선택하세요.

Actions that allow individual resource selection are displayed in purple.

Applied Resources에서 Individual Resource을 클릭하세요.
Resource Addition button should be clicked. Resource Addition popup window will be opened.
Resource Addition tab where you add resources to apply policies. Resource addition is possible in two ways: Resource Selection, Direct Input.

Resource Selection: Checks and selects resources retrieved by resource type.
Direct Input: Add the target resource by directly entering it by resource type.
Wildcard *, ? can be used. Select all is checked, all resources of the corresponding resource type are added, and subsequently newly added resources are also automatically included.

Reference

When you change the additional method, the entered contents will be deleted.

Check the input information and click the Confirm button.

Check policy details

In the policy, you can check and modify the policy list and detailed information. The policy details page consists of basic information, permissions, connected targets, tags tabs.

To check the detailed information of the policy service, follow the next procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click on the policy name to check the detailed information. It moves to the Policy Details page.

Policy Details page displays basic information, and consists of Basic Information, Authorities, Connection Targets, Tags tabs.

Basic Information

Policy List page where you can check the basic information of the selected policy and modify the policy name and description if necessary.

Classification	Detailed Description
Service	Service Name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name In policies, it means policy name
Resource ID	Unique Resource ID
Creator	The user who created the service
Creation Time	The time when the service was created
Editor	User who modified the service information
Revision Time	The time when service information was revised
Policy Name	The name of the policy
Policy Type	Type of policy Basic: basic policy provided by Samsung Cloud Platform User-defined: policy created directly by the user
Description	Description of the policy name

Table. Policy Details - Basic Information Tab Items

Authority

Policy List page where you can check the authority information of the selected policy and modify the authority if necessary.

Authority information to confirm the service name’s unfold button is clicked, detailed policy information will be displayed.

Note

In the permission settings, it provides basic mode and JSON mode.

Classification	Detailed Description
Modify Authority	Authority modification is possible When the button is clicked, it moves to the Authority Modification page For more information on authority modification items, refer to Create Policy
View Mode	Policy Control Type Default Mode: Displays policy items and detailed information in the default UI JSON Mode: Displays in JSON editor style
Control Type	Policy Control Type Allow Policy: a policy that allows defined authorities Deny Policy: a policy that denies defined authorities
Action	Functions provided for each service that is the target of the policy
Applied Resource	Resource to which the action is applied All Resources: Apply to all resources for the selected action Individual Resource: Apply only to the specified resource for the selected action
Authentication Type	Authentication method for the target users to apply the policy All Authentication: Applies regardless of the authentication method API Key Authentication: Applies to users who use API key authentication Temporary Key Authentication, Console Login: Applies to users who use temporary key authentication or console login
Applied IP	IP that allows policy application Custom IP: IP that users directly register and manage Applied IP: IP that users directly register for policy application, which can be registered in IP address or range format Excluded IP: IP to be excluded from Applied IP, which can be registered in IP address or range format All IP: Does not restrict IP access Allows access to all IPs, but if an exception is needed, Excluded IP can be registered to restrict access to the registered IP

Table. Policy Details - Permissions Tab Items

Connection target

Policy List page where you can check the user groups registered for the selected policy, and add or exclude user groups as needed.

User Group details can be found in User Group please refer to it.

Classification	Detailed Description
User	List of users connected to the policy User name, user group, and creation time can be checked When the Connect User button is clicked, it moves to the Connect User page For more information about connecting users, refer to Connect User Disconnect is possible by selecting a user from the list and clicking the Disconnect button
User Group	List of user groups linked to the policy User group name, linked policy, description, and modification time can be checked When the Link User Group button is clicked, it moves to the Link User Group page For more information about linking user groups, refer to Linking User Groups It is possible to unlink by selecting a user group from the list and clicking the Unlink button
Role	Display a list of roles linked to the policy Role name, linked policy, description, and modification time can be checked When the Role Link button is clicked, it moves to the Role Link page For more information on role linking, refer to Linking Roles It is possible to disconnect the link by selecting a role from the list and clicking the Disconnect button

Classification

Detailed Description

User

List of users connected to the policy

User name, user group, and creation time can be checked

When the Connect User button is clicked, it moves to the Connect User page
- For more information about connecting users, refer to Connect User

Disconnect is possible by selecting a user from the list and clicking the Disconnect button

User Group

List of user groups linked to the policy

User group name, linked policy, description, and modification time can be checked

When the Link User Group button is clicked, it moves to the Link User Group page
- For more information about linking user groups, refer to Linking User Groups

It is possible to unlink by selecting a user group from the list and clicking the Unlink button

Role

Display a list of roles linked to the policy

Role name, linked policy, description, and modification time can be checked

When the Role Link button is clicked, it moves to the Role Link page
- For more information on role linking, refer to Linking Roles

It is possible to disconnect the link by selecting a role from the list and clicking the Disconnect button

Table. Policy Details - Connected Target Tab Items

Classification	Detailed Description
Tag List	Tag list Check Key, Value information of tag possible Up to 50 tags can be added per resource Search and select from existing Key and Value lists when entering tags

Managing Policies

You can change the name of the policy, or modify permissions, connection targets, or tags. If management of policies is required, you can perform tasks from the policy list or policy details page.

Modify basic information

You can modify the name and description of the policy. To modify the policy name and description, follow the following procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click the policy name to modify the basic information. It moves to the Policy Details page.
Policy Details page, check the basic information to be modified, and then click the Modify button.

Policy Name: You can change the policy name. When the Edit button is clicked, the Edit Policy Name popup window opens.
Description: You can modify the description of the policy. When the Modify button is clicked, the Description Modification popup window opens.

Modify the content to be changed in the popup window, then click the Confirm button.

Managing Permissions

You can modify the authority of the policy. To modify the authority of the policy, follow the following procedure.

All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the policy menu. It moves to the policy list page.
Policy List page, click the policy name to modify the policy authority. It moves to the Policy Details page.
Policy Details page, click the Authority tab. It moves to the Connection Authority tab.
Policy Details page, click the Edit Permissions button. It moves to the Edit Permissions page.
Modify Authority page where you modify the necessary authority, click the Next button. It moves to the Check Input Information page.

For a detailed description of each item in the authorization information, please refer to Creating a Policy.

Input Information Confirmation page, confirm the modified authority information and click the Complete button. Move to the Authority tab.

Managing User Connections

Policy > Connected Targets tab where you can check the users registered in the policy and connect or disconnect users as needed.
User for more information about the user, please refer to User

Connect User

To connect a user to a policy, follow the next procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home 페이지에서 Policy 메뉴를 클릭하세요. Policy List 페이지로 이동합니다. should be translated to: 2. Service Home page, click the Policy menu. It moves to the Policy List page. So the correct translation is: 2. Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click the policy name to link the user. It moves to the Policy Details page.
Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
Connection Target tab, click the User Connection button, move to the User Connection page.
User Connection page’s User list, select the user you want to connect to, then click the Complete button. A pop-up window announcing the user connection will open.

Classification	Detailed Description
Connected User Group	Display users connected to the policy
User Group	Select a user to link the policy from the list of users registered in the Account When you select a check box, the selected user name is displayed at the top of the list You can cancel the selected user by clicking the X button for the added user name at the top of the list or by unchecking the check box in the user list If the desired user is not available, you can click the Create User item at the bottom of the user list to register a new user first After user creation is complete, you can refresh the user list and select the created user For more information on creating a user, see Create a User

Classification

Detailed Description

Connected User Group

Display users connected to the policy

User Group

Select a user to link the policy from the list of users registered in the Account

When you select a check box, the selected user name is displayed at the top of the list

You can cancel the selected user by clicking the X button for the added user name at the top of the list or by unchecking the check box in the user list

If the desired user is not available, you can click the Create User item at the bottom of the user list to register a new user first
- After user creation is complete, you can refresh the user list and select the created user
- For more information on creating a user, see Create a User

Table. User Connection Details

7. Click the Confirm button in the pop-up window that notifies the user connection. You can check the connected user in the list of the User tab.

Disconnecting the user

To disconnect a user’s connection linked to the policy, follow the next procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the policy menu. It moves to the policy list page.
Policy List page, click the policy name to disconnect the user connection. It moves to the Policy Details page.
Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
Connection Target tab, select the user to disconnect from the list of user groups, then click the Disconnect button. A pop-up window notifying disconnection will open.
Click the Confirm button in the pop-up window to notify the disconnection. The connection of the selected user will be released and the user group list will be refreshed.

Managing User Group Connections

Policy > Connected Targets tab where you can check the user groups registered in the policy, and connect or disconnect user groups as needed.
User Group details can be found in the User Group guide.

Connect User Group

To link a user group to a policy, follow these procedures.

All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click on the policy name to link the user group. It moves to the Policy Details page.
Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
Connection Target tab, click the User Group Connection button, and move to the User Group Connection page.
User Group Linking page, select the user group you want to link from the User Group list, then click the Complete button. A popup window announcing the user group connection will open.

Classification	Detailed Description
Connected User Group	Displays the user group connected to the policy
User Group	Select a user group to link the policy from the list of user groups registered in the Account When you select the check box, the selected user group name is displayed at the top of the list You can cancel the selected user group by clicking the X button for the added user group name at the top of the list or by unchecking the check box in the user group list If the desired user group is not available, you can click the Create User Group item at the bottom of the user group list to register a new user group first After creating a user group, you can refresh the user group list and select the created user group For more information on creating a user group, see Creating a User Group

Classification

Detailed Description

Connected User Group

Displays the user group connected to the policy

User Group

Select a user group to link the policy from the list of user groups registered in the Account

When you select the check box, the selected user group name is displayed at the top of the list

You can cancel the selected user group by clicking the X button for the added user group name at the top of the list or by unchecking the check box in the user group list

If the desired user group is not available, you can click the Create User Group item at the bottom of the user group list to register a new user group first
- After creating a user group, you can refresh the user group list and select the created user group
- For more information on creating a user group, see Creating a User Group

Table. User Group Link Details

7. Click the Confirm button in the popup window notifying the user group connection. You can check the connected user group in the list of the User Group tab.

Disconnecting User Groups

To disconnect the connection of the user group connected to the policy, follow the following procedure.

All services > Management > IAM menu should be clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the policy menu. It moves to the policy list page.
Policy List page, click the policy name to release the user group link, it moves to the Policy Details page.
Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
Connection Target tab, select the user group to disconnect from the list of user groups, then click the Disconnect button. A pop-up window notifying disconnection will open.
Click the Confirm button in the pop-up window to notify the disconnection. The connection of the selected user group will be released and the user group list will be refreshed.

Role Connection Management

Policy > Connected Targets tab where you can check the roles registered in the policy, and connect or disconnect roles as needed.
Role details can be found in the role guide.

Connecting Roles

To link a role to a policy, follow these procedures.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the policy menu. It moves to the policy list page.
Policy List page, click on the policy name to link the role. It moves to the Policy Details page.
Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
Connection Target tab, click the Role Binding button, move to the Role Binding page.
Role Connection page’s Role list, select the role you want to connect, then click the Complete button. A pop-up window announcing the role connection will open.

Classification	Detailed Description
Connected Role	Display roles connected to the policy
Role	Select a role to link policies from the list of roles registered in the Account When you select the check box, the selected role is displayed at the top of the list You can cancel the role by clicking the X button added to the top of the role name list or by unchecking the check box in the role If the desired role is not available, you can click the Create Role item at the bottom of the role list to register a new role first After role creation is complete, you can refresh the role list and select the created role For more information on creating a role, see Creating a Role

Classification

Detailed Description

Connected Role

Display roles connected to the policy

Role

Select a role to link policies from the list of roles registered in the Account

When you select the check box, the selected role is displayed at the top of the list

You can cancel the role by clicking the X button added to the top of the role name list or by unchecking the check box in the role

If the desired role is not available, you can click the Create Role item at the bottom of the role list to register a new role first
- After role creation is complete, you can refresh the role list and select the created role
- For more information on creating a role, see Creating a Role

Table. Detailed Items of Role Linkage

7. Click the Confirm button in the popup window notifying the role connection. You can check the connected role in the list of the Role tab.

Disconnecting Roles

To disconnect the connection of a role connected to a policy, follow the following procedure.

All services > Management > IAM menu should be clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click the policy name to release the role link, it will move to the Policy Details page.
Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
Connection Target tab, select the role to disconnect from the list of roles and click the Disconnect button. A pop-up window notifying disconnection will open.
Click the Confirm button in the pop-up window to notify the disconnection. The connection of the selected role will be released and the role list will be refreshed.

Tag management

You can modify the tags of the policy.

To modify tags in the policy, follow the following procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click the policy name to add a user. It moves to the Policy Details page.
Policy Details page, click the Tags tab. It moves to the Tags tab.
Tag tab, click the Edit Tag button.
After adding or modifying the tag, click the Save button. A popup window announcing the tag modification will open.

You can modify the Key, Value of the previously registered tag.
Add tag button to click on to add a new tag.
Clicking the X button in front of the added tag will delete the tag.

Confirm button, you can check the modified tag information from the list.

Policy deletion

To delete a policy, follow the following procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the Policy menu. It moves to the Policy List page.
Policy List page, click the policy name to be deleted. It moves to the Policy Details page.
Policy Details page, click the Delete Policy button.
The policy is deleted, and it moves to the policy list page.

To delete multiple policies at the same time, follow the following procedure.

All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the policy menu. It moves to the policy list page.
Select the policy to delete from the policy list.
Confirm the selected policies and click the policy deletion button.
The selected policies are deleted and the policy list page is newly retrieved.

User

Role