The page has been translated by Gen AI.

Policy

Users can create the service by entering the required policy information and selecting detailed options through the Samsung Cloud Platform Console.

Create Policy

To create a policy, follow these steps.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).

  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.

  3. On the Policy List page, click the Create Policy button. You will be taken to the Create Policy page.

  4. After entering the required information in the Basic Information Input and Additional Information Input sections, click the Next button. You will be taken to the Permission Settings section.

    Category
    Required
    		Detailed description
    Policy NameRequiredEnter policy name
    • using Korean, English, numbers, and special characters (+=,.@-_) as a value of 3 to 128 characters
    ExplanationSelectDescription of the policy name
    • Enter a detailed description of the policy name, up to 1,000 characters
    tagSelectionTags to add to the policy
    • Tags can be added up to a maximum of 50 per resource
    Table. Policy creation information input fields - basic information and additional information

  5. Select the service for which you want to set permissions. The permission settings will be displayed below the selected service name.

    • You can select a desired service or configure all services.

  6. Enter the required information in the Permission Settings area.

    Category
    Required status
    		Detailed description
    Control TypeRequiredSelect policy control type
    • Allow Policy: A policy that permits the defined permissions
    • Deny Policy: A policy that denies the defined permissions
    For the same target, the deny policy takes precedence
    ActionRequiredSelect actions provided per service
    • Actions that can select individual resources are shown in purple
    • Actions that target all resources are shown in black
    • Add Action Directly: Use the wildcard * to specify multiple actions at once
    Applied resourceRequiredResources to which the action applies
    • All resources: Apply the selected action to all resources
    • Individual resource: Apply the selected action only to the specified resources
      • Individual resources are only available when selecting a purple action that allows individual resource selection
      • Click the Add resource button to specify target resources by resource type
    Authentication TypeRequiredAuthentication method of the user target to which the policy will be applied
    • All authentication: Apply regardless of authentication method
    • Authentication key authentication: Apply to users authenticated with an authentication key
    • Temporary key authentication, Console login: Apply to users with temporary key authentication or Console login
    Applied IPRequiredIP that allows policy application
    • Custom IP: Users directly register and manage the IP
      • Applied IP: IP to which the policy is applied, which users can register directly as an IP address or range
      • Excluded IP: IP to be excluded from Applied IP, which can be registered as an IP address or range
    • All IP: No IP access restriction
      • Access is allowed for all IPs, but if exceptions are required, you can register Excluded IP to restrict access for those IPs
    Additional conditionSelectionAdd conditions for attribute-based access control (ABAC)
    • Condition Key: Select from the list of Global condition keys and service condition keys
    • Qualifier: Default value, arbitrary value in the request, all values in the request
    • Operator: Bool, Null
    • Value: True, False
    Table. Policy creation information input fields - Permission settings

Caution

In permission settings, Basic Mode and JSON Mode are provided.

  • In Basic Mode, after writing and entering JSON Mode or navigating the screen, services with identical conditions are merged into one, and services that have not completed configuration are deleted.
  • If the content written in JSON mode does not conform to JSON format, you cannot switch to basic mode.
  1. In the Permission Settings area, first select the service for which you want to set permissions.
    • You can load an existing registered policy and create a policy using Load Policy. For detailed information about Load Policy, refer to Load Policy.
  2. Click the Next button. It navigates to the Check Input Information page.
  3. After reviewing the input information, click the Create button.
  4. When the popup notifying policy creation opens, click the Confirm button. You will be redirected to the Policy List page.

Load Policy

You can load an existing policy to refer to when creating a new policy. To load an existing policy, follow these steps.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. On the Policy List page, click the Create Policy button. You will be taken to the Create Policy page.
  4. Enter the required information in the Basic Information Input, Additional Information Input sections.
  5. Click the Next button. Go to the Permission Settings area.
  6. Load Policy button, click it. Load Policy popup opens.
  7. The list of policies registered in the Account is displayed. Select the policy you want to load and click Confirm.
  8. The loaded policy is entered into the Permission Settings area and can be edited.
Reference
When you execute Load Policy, all previously entered content will be deleted and replaced with the settings of the selected policy.

Register individual resources as applied resources

In the Permission Settings area, you can register individual resources as applied resources. To register an individual resource as an applied resource, follow these steps.

  1. Click the All Services > Management > IAM menu. Go to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. On the Policy List page, click the Create Policy button. You will be taken to the Create Policy page.
  4. Basic Information Input, Additional Information Input Enter the required information in the area.
  5. Click the Next button. Navigate to the Permission Settings area.
  6. In the Permission Settings area, select the service to configure permissions.
  7. Select an Action that allows selecting individual resources in the Action selection.
    • Actions that allow individual resource selection are displayed in purple.
  8. In Applied Resource, click Individual Resource.
  9. Click the Add Resource button. The Add Resource popup window opens.
  10. Add Resource In the Add Resource tab, add the resources to which the policy will be applied. Resource addition can be done in two ways: Select Resource, Direct Input.
    • Resource Selection: Check the resources retrieved for each Resource Type and select them.
    • Manual entry: Add the target resource by manually entering it for each resource type.
      • Wildcard *, ? can be used. Checking Select All adds all resources of that resource type, and any resources added later are automatically included.
Reference
When changing the addition method, the entered content will be deleted.
  1. Check the input information and click the Confirm button.

Check detailed policy information

In the policy, you can view and edit the policy list and detailed information. The Policy Details page consists of Basic Information, Permissions, Connected Targets, Tags tabs.

To view detailed information of the policy service, follow these steps.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. Navigate to the Policy List page.
  3. Click the policy name on the Policy List page to view its details. You will be taken to the Policy Details page.
    • Policy Details page displays basic information and consists of Basic Information, Permissions, Connected Targets, Tags tabs.

Basic Information

Policy List page allows you to view the basic information of the selected policy and, if needed, edit the policy name and description.

CategoryDetailed description
ServiceService name
Resource TypeResource Type
SRNUnique resource ID in Samsung Cloud Platform
Resource nameResource name
  • In the policy, it means the policy name
Resource IDUnique Resource ID
constructorUser who created the service
Creation date and timeService creation date and time
EditorUser who edited the service information
Modification date and timeDate and time the service information was modified
Policy NamePolicy name
Policy typePolicy Types
  • Default: The default policy provided by Samsung Cloud Platform
  • Custom: A policy created directly by the user
descriptionDescription of the policy name
Table. Policy Details - Basic Information Tab Items

Permission

On the Policy List page, you can view the permission information of the selected policy and modify the permissions if needed.

  • Click the Expand button of the service name to view permission information, and the detailed policy information will be displayed.
Reference
In permission settings, both the default mode and JSON mode are provided.
CategoryDetailed description
Edit permissionsPermission editing is possible
  • Click the button to go to the Permission Edit page
  • For detailed information on permission edit items, refer to Create Policy
View modePolicy control type
  • Basic mode: Displays policy items and detailed information in the default UI
  • JSON mode: Displays in JSON editor mode
Control TypePolicy control type
  • Allow policy: Policy that allows the defined permissions
  • Deny policy: Policy that denies the defined permissions
ActionThe functions provided by each service that are subject to the policy
Applied resourceResources to which the action applies
  • All resources: Apply to all resources for the selected action
  • Individual resources: Apply only to the specified resources for the selected action
Authentication TypeAuthentication method of the user target to which the policy will be applied
  • All authentication: applies regardless of authentication method
  • API key authentication: applies to users with API key authentication
  • Temporary password authentication, Console login: applies to users with temporary password authentication or Console login
Applied IPIP that permits policy application
  • Custom IP: User registers and manages the IP directly
    • Applied IP: User can directly register the IP address or range that the policy applies to
    • Excluded IP: IP addresses or ranges that can be registered as exclusions from the Applied IP
  • All IPs: No IP access restriction
    • Access is allowed for all IPs, but if exceptions are needed, register Excluded IP to restrict access for those IPs
Table. Policy Details - Permissions Tab Items

Connection target

Policy List page allows you to view the user groups registered to the selected policy, and, if necessary, add or remove user groups.

CategoryDetailed description
UserList of users connected to the policy
  • User name, user group, and creation time can be viewed
  • Click the User Connection button to go to the User Connection page
  • After selecting a user from the list, click the Disconnect button to disconnect
User groupList of user groups linked to the policy
  • User group name, linked policy, description, and modification date can be viewed
  • Click the User Group Connect button to go to the User Group Connect page
  • After selecting a user group from the list, click the Disconnect button to disconnect
roleDisplay list of roles attached to the policy
  • Role name, attached policy, description, and modification timestamp are viewable
  • Attach Role button click moves to Attach Role page
    • For more information on role attachment, refer to Connect Role
  • After selecting a role from the list, click the Detach button to detach
Table. Policy Details - Connected Target Tab Items

tag

Policy List page allows you to view the tag information of the selected policy, and you can add, modify, or delete it.

CategoryDetailed description
Tag listTag list
  • You can view the Key and Value information of the tag
  • Up to 50 tags can be added per resource
  • When entering a tag, you can search and select from the list of previously created Keys and Values
Table. Policy Details - Tag Tab Items

Manage Policies

You can change the policy name, as well as modify permissions, connection targets, and tags. If policy management is required, you can perform tasks on the Policy List or Policy Details page.

Edit Basic Information

You can edit the policy’s name and description. To modify the policy’s name and description, follow the steps below.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. Policy List page, click the policy name whose basic information you want to edit. You will be taken to the Policy Details page.
  4. On the Policy Details page, after confirming the basic information to be edited, click the Edit button.
    • Policy Name: You can change the policy name. Edit button click opens the Edit Policy Name popup.
    • Description: You can edit the policy description. Edit button click opens the Edit Description popup.
  5. After editing the content to be changed in the popup window, click the Confirm button.

Managing Permissions

You can modify the policy’s permissions. To modify the policy’s permissions, follow the steps below.

  1. All Services > Management > IAM Click the menu. Navigate to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. On the Policy List page, click the policy name whose permissions you want to edit. You will be taken to the Policy Details page.
  4. On the Policy Details page, click the Permissions tab. Navigate to the Connection Permissions tab.
  5. On the Policy Details page, click the Edit Permissions button. You will be taken to the Edit Permissions page.
  6. On the Permission Modification page, after modifying the required permissions, click the Next button. You will be taken to the Input Information Confirmation page.
    • For detailed explanations of each item in the permission information, refer to Creating a Policy.
  7. On the Check Input Information page, verify the updated permission information and click the Done button. Then go to the Permissions tab.

Managing User Connections

  • In the Policy > Connection Targets tab, you can view the users registered to the policy and, if necessary, connect or disconnect users.
  • For detailed information about User, please refer to 사용자.

Connect User

To attach a user to the policy, follow these steps.

  1. All Services > Management > IAM menu, click it. Go to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. Policy List page, click the policy name to link the user. You will be taken to the Policy Details page.
  4. On the Policy Details page, click the Connection Target tab. You will be taken to the Connection Target tab.
  5. In the Connection Target tab, click the User Connection button. Go to the User Connection page.
  6. On the User Connection page, select the user you want to connect from the User list, then click the Done button. A popup notifying the user connection will open.
    CategoryDetailed description
    Connected user groupDisplay users linked to the policy
    User groupSelect the user to attach the policy from the list of users registered in the Account
    • When you select the checkbox, the selected user’s name appears at the top of the list
    • You can remove the user by clicking the X button next to the added user name at the top of the list, or by unchecking the checkbox in the user list
    • If the desired user is not present, you can click the Create User item at the bottom of the user list to register a new user first
      • After creating the user, refresh the user list and then you can select the newly created user
      • For detailed information on creating users, see Create User
    Table. User connection details
  7. In the popup that notifies you of a user connection, click the Confirm button. You can view the connected user in the list on the User tab.

Disconnect User

To disconnect a user linked to the policy, follow these steps.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. Policy List page, click the policy name to disconnect the user. You will be taken to the Policy Details page.
  4. On the Policy Details page, click the Target Connection tab. You will be taken to the Target Connection tab.
  5. In the Connection Target tab’s user group list, select the user to disconnect, then click the Disconnect button. A popup confirming the disconnection will appear.
  6. Click the Confirm button in the popup that notifies of disconnection. The selected user’s connection will be terminated and the user group list will be refreshed.

Manage user group connections

  • In the Policy > Connection Targets tab, you can view the user groups registered to the policy and, if needed, connect or disconnect user groups.
  • User Group for detailed information, please refer to User Group.

Connect User Group

To connect a user group to a policy, follow the steps below.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. Policy List page, click the policy name to associate the user group. You will be taken to the Policy Details page.
  4. Policy Details page, click the Connection Target tab. You will be taken to the Connection Target tab.
  5. In the Connection Target tab, click the User Group Connection button. Navigate to the User Group Connection page.
  6. On the User Group Connection page, select the user group you want to connect from the User Group list, then click the Done button. A popup notifying the user group connection will open.
    CategoryDetailed description
    Connected user groupDisplay user groups linked to the policy
    User groupSelect the user group to which the policy will be attached from the list of user groups registered in the Account
    • When you select the check box, the selected user group’s name appears at the top of the list
    • You can remove the added user group at the top of the list by clicking its X button or by unchecking the box in the user group list
    • If the desired user group is not present, you can first register a new user group by clicking the Create User Group item at the bottom of the user group list
      • After creating the user group, refresh the user group list and then select the newly created user group
    Table. User Group Connection Details
  7. Click the Confirm button in the popup that notifies you of the user group connection. You can view the connected user group in the list under the User Group tab.

Disconnect User Group

To disconnect the user groups linked to the policy, follow these steps.

  1. Click the All Services > Management > IAM menu. Then go to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. Click the policy name to detach the user group connection on the Policy List page. You will be taken to the Policy Details page.
  4. On the Policy Details page, click the Target Connection tab. You will be taken to the Target Connection tab.
  5. In the user group list of the Connection Target tab, select the user group to disconnect, then click the Disconnect button. A popup confirming the disconnection will appear.
  6. Click the Confirm button in the popup that notifies of disconnection. The selected user group’s connection will be disconnected, and the user group list will be refreshed.

Manage Role Bindings

  • Policy > Connected Targets tab, you can view the roles registered to the policy and, if needed, connect or disconnect roles.
  • For detailed information about role, please refer to 역할.

Connect role

To attach a role to a policy, follow these steps.

  1. Click the All Services > Management > IAM menu. Navigate to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. On the Policy List page, click the policy name to which you want to assign a role. You will be taken to the Policy Details page.
  4. On the Policy Details page, click the Connection Target tab. You will be taken to the Connection Target tab.
  5. In the Connection Target tab, click the Role Binding button. You will be taken to the Role Binding page.
  6. On the Role Connection page, select the role you want to connect from the Role list, then click the Complete button. A popup notifying you of the role connection will open.
    CategoryDetailed description
    Linked roleDisplay roles linked to the policy
    roleSelect the role to attach the policy from the list of roles registered in the Account
    • When you select the checkbox, the selected role appears at the top of the list
    • You can cancel the role by clicking the X button next to the role name added at the top of the list, or by unchecking the checkbox for the role
    • If the desired role is not available, you can click the Create Role item at the bottom of the role list to create a new role first
      • After role creation is complete, refresh the role list and then you can select the newly created role
      • For detailed information on creating roles, see Create Role
    Table. Role Connection Detailed Items
  7. In the popup that notifies role linking, click the Confirm button. You can view the linked role in the list under the Roles tab.

Unlink role

To detach the role linked to the policy, follow these steps.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. Navigate to the Policy List page.
  3. On the Policy List page, click the policy name to detach role connections. You will be taken to the Policy Details page.
  4. On the Policy Details page, click the Target Connection tab. You will be taken to the Target Connection tab.
  5. After selecting the role to disconnect from the list in the Connection Target tab, click the Disconnect button. A popup notifying the disconnection will open.
  6. Click the Confirm button in the popup that notifies you of the disconnection. The selected role’s connection will be removed and the role list will be refreshed.

Tag Management

You can edit the policy’s tags.

To modify tags in the policy, follow the steps below.

  1. All Services > Management > IAM Click the menu. Navigate to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. On the Policy List page, click the policy name to add a user. You will be taken to the Policy Details page.
  4. On the Policy Details page, click the Tag tab. You will be taken to the Tag tab.
  5. Click the Edit Tag button in the Tag tab.
  6. After adding or editing a tag, click the Save button. A popup notifying you of the tag edit will open.
    • You can modify the Key and Value of an already registered tag.
    • You can add a new tag by clicking the Add Tag button.
    • Click the X button in front of the added tag to delete that tag.
  7. Click the Confirm button. You can view the edited tag information in the list.

Delete Policy

To delete a policy, follow the steps below.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. Policy List page, click the policy name to delete. You will be taken to the Policy Details page.
  4. On the Policy Details page, click the Delete Policy button.
  5. The policy is deleted, and you are taken to the Policy List page.

To delete multiple policies simultaneously, follow these steps.

  1. Click the All Services > Management > IAM menu. You will be taken to the Service Home page of Identity and Access Management (IAM).
  2. On the Service Home page, click the Policy menu. You will be taken to the Policy List page.
  3. Select the policy to delete from the policy list.
  4. Verify the selected policies and click the Delete Policy button.
  5. The selected policies are deleted and the Policy List page is reloaded.
Users
Role