The page has been translated by Gen AI.

Policy

Users can enter required information for policies and select detailed options through the Samsung Cloud Platform Console to create the corresponding service.

Creating a Policy

To create a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the Create Policy button on the Policy List page. You will be navigated to the Create Policy page.

Enter the required information in the Enter Basic Information, Enter Additional Information areas, then click the Next button. You will be navigated to the Permission Settings area.

Category	Required	Description
Policy Name	Required	Enter policy name Enter a value between 3-128 characters using Korean, English, numbers, and special characters (`+=,.@-_`)
Description	Optional	Description of the policy name Enter up to 1,000 characters as a detailed description of the policy name
Tags	Optional	Tags to add to the policy Up to 50 tags can be added per resource

Table. Policy Creation Information Entry Items - Basic Information and Additional Information

Select the service for which to set permissions. Permission setting items are displayed under the selected service name.
- You can select the desired service or set it for all services.

Enter the required information in the Permission Settings area.

Category	Required	Description
Control Type	Required	Select policy control type Allow Policy: Policy that allows defined permissions Deny Policy: Policy that denies defined permissions Deny policy takes precedence for the same target
Action	Required	Select actions provided by each service Actions where individual resource selection is possible are displayed in purple Actions targeting all resources are displayed in black Add Action Directly: Can specify multiple actions at once using wildcard `*`
Applied Resource	Required	Resource to which the action is applied All Resources: Apply to all resources for the selected action Individual Resource: Apply only to specified resources for the selected action Individual resources are only possible when selecting purple actions where individual resource selection is possible among actions Click the Add Resource button to specify target resources by resource type For details on Add Resource, refer to Registering Individual Resources as Applied Resources
Authentication Type	Required	Authentication method of the target to which the policy is applied All Authentication: Apply regardless of authentication method Authentication Key Authentication: Apply to authentication key authentication users Temporary Key Authentication, Console Login: Apply to temporary key authentication or Console login users
Applied IP	Required	IP that allows policy application User-defined IP: User directly registers and manages IP Applied IP: IP to which the policy is applied by user registration, can be registered in IP address or range format Excluded IP: IP to exclude from Applied IP, can be registered in IP address or range format All IP: Do not restrict IP access Allow access for all IPs, but if an exception is needed, register Excluded IP to restrict access for registered IPs
Additional Conditions	Optional	Add conditions for Attribute-Based Access Control (ABAC) Condition Key: Select from Global condition Key and service condition Key lists Qualifier: Default, any value in request, all values in request Operator: Bool, Null Value: True, False

Table. Policy Creation Information Entry Items - Permission Settings

Caution

Permission settings provide Basic Mode and JSON Mode.

After writing in Basic Mode, when entering JSON Mode or moving screens, services with the same conditions are merged into one and services where settings are not completed are deleted.
If content written in JSON Mode does not match JSON format, you cannot switch to Basic Mode.

In the Permission Settings area, first select the Service for which to set permissions.
- You can create a policy by loading an existing registered policy through Load Policy. For details on Load Policy, refer to Loading Policy.
Click the Next button. You will be navigated to the Confirm Entered Information page.
After confirming the entered information, click the Create button.
When a popup window announcing policy creation opens, click the OK button. You will be navigated to the Policy List page.

Loading Policy

You can load an existing policy to reference it for policy creation. To load an existing policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the Create Policy button on the Policy List page. You will be navigated to the Create Policy page.
Enter the required information in the Enter Basic Information, Enter Additional Information areas.
Click the Next button. You will be navigated to the Permission Settings area.
Click the Load Policy button. The Load Policy popup window will open.
A list of policies registered in the Account is displayed. Select the policy you want to load and click OK.
The loaded policy is entered in the Permission Settings area and can be edited.

Note

When you execute Load Policy, all previously entered content is deleted and replaced with the settings of the selected policy.

Registering Individual Resources as Applied Resources

You can register individual resources as applied resources in the Permission Settings area. To register individual resources as applied resources, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the Create Policy button on the Policy List page. You will be navigated to the Create Policy page.
Enter the required information in the Enter Basic Information, Enter Additional Information areas.
Click the Next button. You will be navigated to the Permission Settings area.
Select the Service for which to set permissions in the Permission Settings area.
In Action selection, select an Action where Individual Resource selection is possible.
- Actions where individual resource selection is possible are displayed in purple.
Click Individual Resource in Applied Resource.
Click the Add Resource button. The Add Resource popup window will open.
Add resources to which the policy will be applied in the Add Resource tab. Adding resources is possible in two ways: Select Resource and Direct Input.
- Select Resource: Check and select resources displayed by Resource Type.
- Direct Input: Directly enter target resources by Resource Type to add them.
  - Wildcards *, ? can be used. If you check Select All, all resources of that resource type are added, and newly added resources thereafter are automatically included.
    Note
    When changing the addition method, entered content is deleted.
After confirming the entered information, click the OK button.

Viewing Policy Details

In policies, you can view the policy list and detailed information and modify them. The Policy Details page consists of Basic Information, Permissions, Connected Targets, Tags tabs.

To view detailed information of the policy service, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name for which you want to view detailed information on the Policy List page. You will be navigated to the Policy Details page.
- The Policy Details page displays basic information and consists of Basic Information, Permissions, Connected Targets, Tags tabs.

Basic Information

On the Policy List page, you can view the basic information of the selected policy and, if necessary, modify the policy name and description.

Category	Description
Service	Service name
Resource Type	Resource type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource name In policies, refers to policy name
Resource ID	Unique resource ID
Creator	User who created the service
Creation Date/Time	Date/Time when the service was created
Modifier	User who modified the service information
Modification Date/Time	Date/Time when the service information was modified
Policy Name	Name of the policy
Policy Type	Type of the policy Basic: Basic policy provided by Samsung Cloud Platform Custom: Policy directly created by the user
Description	Description of the policy name

Table. Policy Details - Basic Information Tab Items

Permissions

On the Policy List page, you can view the permission information of the selected policy and, if necessary, modify permissions.

Click the Expand button of the service name for which you want to view permission information to display detailed policy information.

Note

Permission settings provide basic mode and JSON mode.

Category	Description
Edit Permissions	Permissions can be edited Clicking the button navigates to the Edit Permissions page For details on edit permission items, refer to Creating a Policy
View Mode	Policy control type Basic Mode: Display policy items and detailed information in basic UI JSON Mode: Display in JSON editor format
Control Type	Policy control type Allow Policy: Policy that allows defined permissions Deny Policy: Policy that denies defined permissions
Action	Provided functions for each service that is the target of the policy
Applied Resource	Resource to which the action is applied All Resources: Apply to all resources for the selected action Individual Resource: Apply only to specified resources for the selected action
Authentication Type	Authentication method of the target to which the policy is applied All Authentication: Apply regardless of authentication method Authentication Key Authentication: Apply to authentication key authentication users Temporary Key Authentication, Console Login: Apply to temporary key authentication or Console login users
Applied IP	IP that allows policy application User-defined IP: User directly registers and manages IP Applied IP: IP to which the policy is applied by user registration, can be registered in IP address or range format Excluded IP: IP to exclude from Applied IP, can be registered in IP address or range format All IP: Do not restrict IP access Allow access for all IPs, but if an exception is needed, register Excluded IP to restrict access for registered IPs

Table. Policy Details - Permissions Tab Items

Connected Targets

On the Policy List page, you can view the user groups registered to the selected policy and, if necessary, add or exclude user groups.

For details on User Groups, refer to User Groups.

Category	Description
Users	List of users connected to the policy Can view username, user group, creation date/time Clicking the Connect User button navigates to the Connect User page For details on connecting users, refer to Connecting Users After selecting a user from the list, can disconnect by clicking the Disconnect button
User Groups	List of user groups connected to the policy Can view user group name, connected policies, description, modification date/time Clicking the Connect User Group button navigates to the Connect User Group page For details on connecting user groups, refer to Connecting User Groups After selecting a user group from the list, can disconnect by clicking the Disconnect button
Roles	Display list of roles connected to the policy Can view role name, connected policies, description, modification date/time Clicking the Connect Role button navigates to the Connect Role page For details on connecting roles, refer to Connecting Roles After selecting a role from the list, can disconnect by clicking the Disconnect button

Category

Description

Users

List of users connected to the policy

Can view username, user group, creation date/time

Clicking the Connect User button navigates to the Connect User page
- For details on connecting users, refer to Connecting Users

After selecting a user from the list, can disconnect by clicking the Disconnect button

User Groups

List of user groups connected to the policy

Can view user group name, connected policies, description, modification date/time

Clicking the Connect User Group button navigates to the Connect User Group page
- For details on connecting user groups, refer to Connecting User Groups

After selecting a user group from the list, can disconnect by clicking the Disconnect button

Roles

Display list of roles connected to the policy

Can view role name, connected policies, description, modification date/time

Clicking the Connect Role button navigates to the Connect Role page
- For details on connecting roles, refer to Connecting Roles

After selecting a role from the list, can disconnect by clicking the Disconnect button

Table. Policy Details - Connected Targets Tab Items

Category	Description
Tag List	Tag list Can view Key, Value information of tags Up to 50 tags can be added per resource When entering tags, search and select from previously created Key and Value lists

Managing Policies

You can change the name of a policy or modify permissions, connected targets, and tags. If policy management is needed, you can perform tasks on the Policy List or Policy Details page.

Modifying Basic Information

You can modify the name and description of a policy. To modify the name and description of a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name for which you want to modify basic information on the Policy List page. You will be navigated to the Policy Details page.
After viewing the basic information to modify on the Policy Details page, click the Edit button.
- Policy Name: Can change the policy name. Clicking the Edit button opens the Edit Policy Name popup window.
- Description: Can modify the description of the policy. Clicking the Edit button opens the Edit Description popup window.
Modify to the content you want to change in the popup window, then click the OK button.

Managing Permissions

You can modify the permissions of a policy. To modify the permissions of a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name for which you want to modify policy permissions on the Policy List page. You will be navigated to the Policy Details page.
Click the Permissions tab on the Policy Details page. You will be navigated to the Connected Permissions tab.
Click the Edit Permissions button on the Policy Details page. You will be navigated to the Edit Permissions page.
After modifying the necessary permissions on the Edit Permissions page, click the Next button. You will be navigated to the Confirm Entered Information page.
- For detailed descriptions of each item in permission information, refer to Creating a Policy.
After confirming the modified permission information on the Confirm Entered Information page, click the Complete button. You will be navigated to the Permissions tab.

Managing User Connections

On the Policy > Connected Targets tab, you can view users registered to the policy and, if necessary, connect or disconnect users.
For details on Users, refer to Users.

Connecting Users

To connect users to a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name to which you want to connect users on the Policy List page. You will be navigated to the Policy Details page.
Click the Connected Targets tab on the Policy Details page. You will be navigated to the Connected Targets tab.
Click the Connect User button on the Connected Targets tab. You will be navigated to the Connect User page.

Select the user you want to connect from the Users list on the Connect User page, then click the Complete button. A popup window announcing user connection opens.

Category	Description
Connected User Groups	Display users connected to the policy
User Groups	Select a user to connect the policy from the list of users registered in the Account When a checkbox is selected, the selected username is displayed at the top of the list Click the X button of the username added at the top of the list or uncheck the checkbox in the user list to cancel that user If the desired user does not exist, click the Create User item at the bottom of the user list to first register a new user After user creation is complete, refresh the user list and select the created user For details on creating users, refer to Creating a User

Category

Description

Connected User Groups

Display users connected to the policy

User Groups

Select a user to connect the policy from the list of users registered in the Account

When a checkbox is selected, the selected username is displayed at the top of the list

Click the X button of the username added at the top of the list or uncheck the checkbox in the user list to cancel that user

If the desired user does not exist, click the Create User item at the bottom of the user list to first register a new user
- After user creation is complete, refresh the user list and select the created user
- For details on creating users, refer to Creating a User

Table. User Connection Detail Items

Click the OK button in the popup window announcing user connection. You can view the connected user in the list on the Users tab.

Disconnecting Users

To disconnect users connected to a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name for which you want to disconnect user connections on the Policy List page. You will be navigated to the Policy Details page.
Click the Connected Targets tab on the Policy Details page. You will be navigated to the Connected Targets tab.
Select the user to disconnect from the user group list on the Connected Targets tab, then click the Disconnect button. A popup window announcing disconnection opens.
Click the OK button in the popup window announcing disconnection. The connection of the selected user is disconnected and the user group list is refreshed.

Managing User Group Connections

On the Policy > Connected Targets tab, you can view user groups registered to the policy and, if necessary, connect or disconnect user groups.
For details on User Groups, refer to User Groups.

Connecting User Groups

To connect user groups to a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name to which you want to connect user groups on the Policy List page. You will be navigated to the Policy Details page.
Click the Connected Targets tab on the Policy Details page. You will be navigated to the Connected Targets tab.
Click the Connect User Group button on the Connected Targets tab. You will be navigated to the Connect User Group page.

Select the user group you want to connect from the User Groups list on the Connect User Group page, then click the Complete button. A popup window announcing user group connection opens.

Category	Description
Connected User Groups	Display user groups connected to the policy
User Groups	Select a user group to connect the policy from the list of user groups registered in the Account When a checkbox is selected, the selected user group name is displayed at the top of the list Click the X button of the user group name added at the top of the list or uncheck the checkbox in the user group list to cancel that user group If the desired user group does not exist, click the Create User Group item at the bottom of the user group list to first register a new user group After user group creation is complete, refresh the user group list and select the created user group For details on creating user groups, refer to Creating a User Group

Category

Description

Connected User Groups

Display user groups connected to the policy

User Groups

Select a user group to connect the policy from the list of user groups registered in the Account

When a checkbox is selected, the selected user group name is displayed at the top of the list

Click the X button of the user group name added at the top of the list or uncheck the checkbox in the user group list to cancel that user group

If the desired user group does not exist, click the Create User Group item at the bottom of the user group list to first register a new user group
- After user group creation is complete, refresh the user group list and select the created user group
- For details on creating user groups, refer to Creating a User Group

Table. User Group Connection Detail Items

Click the OK button in the popup window announcing user group connection. You can view the connected user group in the list on the User Groups tab.

Disconnecting User Groups

To disconnect user groups connected to a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name for which you want to disconnect user group connections on the Policy List page. You will be navigated to the Policy Details page.
Click the Connected Targets tab on the Policy Details page. You will be navigated to the Connected Targets tab.
Select the user group to disconnect from the user group list on the Connected Targets tab, then click the Disconnect button. A popup window announcing disconnection opens.
Click the OK button in the popup window announcing disconnection. The connection of the selected user group is disconnected and the user group list is refreshed.

Managing Role Connections

On the Policy > Connected Targets tab, you can view roles registered to the policy and, if necessary, connect or disconnect roles.
For details on Roles, refer to Roles.

Connecting Roles

To connect roles to a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name to which you want to connect roles on the Policy List page. You will be navigated to the Policy Details page.
Click the Connected Targets tab on the Policy Details page. You will be navigated to the Connected Targets tab.
Click the Connect Role button on the Connected Targets tab. You will be navigated to the Connect Role page.

Select the role you want to connect from the Roles list on the Connect Role page, then click the Complete button. A popup window announcing role connection opens.

Category	Description
Connected Roles	Display roles connected to the policy
Roles	Select a role to connect the policy from the list of roles registered in the Account When a checkbox is selected, the selected role is displayed at the top of the list Click the X button of the role name added at the top of the list or uncheck the checkbox in the role list to cancel that role If the desired role does not exist, click the Create Role item at the bottom of the role list to first register a new role After role creation is complete, refresh the role list and select the created role For details on creating roles, refer to Creating a Role

Category

Description

Connected Roles

Display roles connected to the policy

Roles

Select a role to connect the policy from the list of roles registered in the Account

When a checkbox is selected, the selected role is displayed at the top of the list

Click the X button of the role name added at the top of the list or uncheck the checkbox in the role list to cancel that role

If the desired role does not exist, click the Create Role item at the bottom of the role list to first register a new role
- After role creation is complete, refresh the role list and select the created role
- For details on creating roles, refer to Creating a Role

Table. Role Connection Detail Items

Click the OK button in the popup window announcing role connection. You can view the connected role in the list on the Roles tab.

Disconnecting Roles

To disconnect roles connected to a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name for which you want to disconnect role connections on the Policy List page. You will be navigated to the Policy Details page.
Click the Connected Targets tab on the Policy Details page. You will be navigated to the Connected Targets tab.
Select the role to disconnect from the role list on the Connected Targets tab, then click the Disconnect button. A popup window announcing disconnection opens.
Click the OK button in the popup window announcing disconnection. The connection of the selected role is disconnected and the role list is refreshed.

Managing Tags

You can modify the tags of a policy.

To modify tags in a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name to which you want to add users on the Policy List page. You will be navigated to the Policy Details page.
Click the Tags tab on the Policy Details page. You will be navigated to the Tags tab.
Click the Edit Tags button on the Tags tab.
After adding or modifying tags, click the Save button. A popup window announcing tag modification opens.
- You can modify the Key, Value of previously registered tags.
- You can add a new tag by clicking the Add Tag button.
- Clicking the X button in front of the added tag deletes that tag.
Click the OK button. You can view the modified tag information in the list.

Deleting a Policy

To delete a policy, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Click the policy name to delete on the Policy List page. You will be navigated to the Policy Details page.
Click the Delete Policy button on the Policy Details page.
The policy is deleted and you will be navigated to the Policy List page.

To delete multiple policies simultaneously, follow these steps:

Click the All Services > Management > IAM menu. You will be navigated to the Service Home page of Identity and Access Management (IAM).
Click the Policy menu on the Service Home page. You will be navigated to the Policy List page.
Select the policies to delete from the policy list.
After confirming the selected policies, click the Delete Policy button.
The selected policies are deleted and the Policy List page is refreshed.

User

Role