The page has been translated by Gen AI.

Organization Control Policy

You can check and manage the control policies of Organization.

Organization Create control policy

Organization’s control policies can be created.

To create a control policy, follow the steps below.

  1. All Services > Management > Organization Please click the menu. Navigate to Organization’s Service Home page.

  2. Click the Control Policy menu on the Service Home page. Navigate to the Control Policy List page.

  3. Click the Create Control Policy button on the Control Policy List page. It navigates to the Create Control Policy page.

  4. After entering items in the Basic Information area, click the Next button.

    Category
    Required
    		Detailed description
    Control Policy NameRequiredEnter the name of the control policy
    • Enter using English letters, numbers, and special characters (+=-_@,.) within 3~128 characters
    DescriptionSelectEnter a description of the organizational unit within 1,000 characters
    Table. Organization Control Policy Creation - Basic Information Settings

  5. After selecting the control policy setting method and the service to apply in the Control Requirements Setting area, click the Next button.

    Category
    Required
    		Detailed description
    Load Control PolicySelectEnter the name of the control policy
    • When loading a policy, all previously entered content will be deleted
    • For more details, refer to Load Policy
    Basic Mode/JSON ModeRequiredSelect policy setting method
    • Basic Mode: Set using the mode provided by the Console
    • JSON Mode: Set directly using the JSON Editor
    ServiceRequiredSelect the service to set the control policy
    • Add Service: Add a service to set the control policy
    Table. Organization Control Policy Creation - Service Settings

Caution

In the control policy settings, Basic Mode and JSON Mode are provided.

  • After writing in Basic Mode, when entering JSON Mode or moving screens, services with duplicate control requirements are merged into one, and services that have not completed configuration are deleted.
  • JSON mode If the content written in JSON mode does not conform to JSON format, it cannot be switched to basic mode.

  1. After setting the permissions, click the Next button.

    Category
    Required
    		Detailed description
    Control TypeRequiredSelect control policy type
    • Allow Policy: Control policy that allows defined permissions
    • Deny Policy: Control policy that denies defined permissions
    For the same target, the deny policy takes precedence
    ActionRequiredSelect actions provided per service
    • Actions that can select individual resources are displayed in purple
    • Actions that target all resources are displayed in black
    • Add action directly: Using the wildcard *, multiple actions can be specified at once
    Applied ResourceRequiredResources to which the action applies
    • All Resources: Apply to all resources for the selected action
    • Individual Resources: Apply only to specified resources for the selected action
      • Individual resources are only possible when selecting the purple action that allows individual resource selection
      • Click the Add Resource button to specify target resources by resource type
    Authentication TypeRequiredAuthentication method of the user target to which the control policy will be applied
    • All authentication: Apply regardless of authentication method
    • Authentication key authentication: Apply to authentication key authentication users
    • Temporary key authentication, Console login: Apply to temporary key authentication or Console login users
    Applied IPRequiredIP that allows control policy application
    • Custom IP: User directly registers and manages IP
      • Applied IP: IP that the user directly registers for control policy application, can be registered as IP address or range format
      • Excluded IP: IP to be excluded from Applied IP, can be registered as IP address or range format
    • All IP: No IP access restriction
      • Access is allowed for all IPs, but if an exception is needed, register Excluded IP to restrict access for the registered IPs
    Additional ConditionSelectAdd condition for Attribute-Based Access Control (ABAC)
    • Condition Key: Select from Global Condition Keys and Service Condition Keys list
    • Qualifier: Default value, arbitrary value in request, all values in request
    • Operator: Bool, Null
    • Value: True, False
    Table. Organization Control Policy Creation - Permission Settings

  2. Check Input Information After confirming the information entered on the page, click the Complete button.

  3. When the popup notifying the creation of a control policy opens, click the Confirm button. It navigates to the Integrated Policy List page.

Load Control Policy

When creating a control policy, you can modify the policy requirements of an existing policy to create it.

Note
Load Policy when executed, all previously entered content will be deleted and replaced with the selected policy’s setting values.

To load an existing policy and create a 통저 policy, follow the steps below.

  1. All Services > Management > Organization Click the menu. Navigate to Organization’s Service Home page.

  2. Click the Control Policy menu on the Service Home page. Navigate to the Control Policy List page.

  3. Control Policy List page, click the Create Control Policy button. Navigate to the Create Control Policy page.

  4. After entering items in the Basic Information area, click the Next button.

    Category
    Required
    		Detailed description
    Control Policy NameRequiredEnter the name of the control policy
    • Enter using English letters, numbers, and special characters(+=-_@,.) within 3 to 128 characters
    DescriptionSelectEnter a description of the organizational unit within 1,000 characters
    Table. Organization Control Policy Creation - Basic Information Settings

  5. Control Requirement Setting area, click the Load Control Policy button. The Load Control Policy popup window opens.

  6. Click the Load Policy button. The Load Control Policy popup opens.

  7. After selecting the control policy to load from the control policy list, click the Confirm button. The settings of the loaded policy will be entered automatically.

  8. After editing the information that needs to be changed, click the Next button.

  9. After confirming the information entered on the Input Information Confirmation page, click the Complete button. You will be taken to the Integrated Policy List page.

Register individual resources as applied resources

Permission setting during which you can register individual resources as applied resources.

To register an individual resource as an applied resource, follow the steps below.

  1. All Services > Management > Organization Click the menu. Go to Organization’s Service Home page.

  2. Service Home page, click the Control Policy menu. Navigate to the Control Policy List page.

  3. Click the Create Control Policy button on the Control Policy List page. It navigates to the Create Control Policy page.

  4. After entering items in the Basic Information area, click the Next button.

    Category
    Required
    		Detailed description
    Control Policy NameRequiredEnter the name of the control policy
    • Use English letters, numbers, special characters(+=-_@,.) within 3~128 characters
    DescriptionSelectEnter a description of the organizational unit within 1,000 characters
    Table. Organization Control Policy Creation - Basic Information Settings

  5. Control Requirement Setting In the area, after selecting the service to which the control policy will be applied, click the Next button.

  6. Load Policy Click the button. Load Control Policy The popup window opens.

  7. After selecting the control policy to load from the control policy list, click the Confirm button. The settings of the loaded policy will be entered automatically.

  8. After editing the information that needs to be changed, click the Next button.

  9. After verifying the entered information on the Check Input Information page, click the Complete button. You will be redirected to the Integrated Policy List page.

  10. In the Action selection, select the Action that can select individual resources.

    • Actions that allow individual resource selection are displayed in purple.

  11. Click Individual Resource in Applied Resources.

  12. Add Resource Click the button. Add Resource The popup window opens.

    Category
    Required
    		Detailed description
    Jawin typeRequiredSelect the type of resource to add
    SRN-Unique resource ID in Samsung Cloud Platform
    • Automatically updated according to the input items below
    AccountRequiredSet Account ID
    • Current Account: Current Account ID is auto-filled and cannot be edited
    • All Accounts: Add to all Accounts (not recommended)
    • Manual Input: Manually enter the Account ID using lowercase English letters and numbers, up to 100 characters (wildcard input not allowed)
    RegionSelectDirectly input the resource’s region information within 100 characters
    • Select All when checked, add resources of all regions
    Resource IDRequiredEnter the resource ID to add directly within 100 characters
    • Select All when checked, adds all resources of the corresponding resource type
    Table. Organization Control Policy Creation - Basic Information Settings

  13. When the setup is complete, click the Next button. It will navigate to the Check Input Information page.

  14. After verifying the entered information, click the Complete button. You will be redirected to the Integrated Policy List page.

Check detailed control policy information

Control Policy Details page allows you to view and edit detailed information of the control policy.

To view detailed information of the control record, follow the steps below.

  1. All Services > Management > Organization Click the menu. Go to Organization’s Service Home page.
  2. Click the Control Policy menu on the Service Home page. Navigate to the Control Policy List page.
  3. Click the control policy to view detailed information on the Control Policy List page. You will be taken to the Control Policy Details page.
    • Policy Details page displays basic information, and consists of Basic Information tab, Control Requirements tab, Connected Targets tab.

Basic Information

Check the basic information of the control policy, and if necessary, you can edit the policy name and description.

CategoryDetailed description
serviceservice name
Resource TypeResource Type
SRNUnique resource ID in Samsung Cloud Platform
Resource NameResource Name
  • In control policies, it means the policy name
Resource IDUnique Resource ID
CreatorUser who created the service
Creation timeService creation time
EditorUser who edited the service information
Modification DateDate Service Information Modified
Control Policy NameControl Policy’s Name
  • Click the Edit button to change the name
TypeControl Policy Type
  • Basic: Basic control policy provided by Samsung Cloud Platform
  • Custom: Control policy directly created by the user
DescriptionExplanation of control policy
  • Click the Edit button to change the description
Table. Control Policy Basic Information Tab Items

Control Requirements

You can view services with permissions set in the current control policy.

  • Basic mode and JSON mode can be checked.
  • Clicking the arrow to the right of the service name will display the control requirements set for that service.
Note
Click the Edit button to modify the control requirements. For details on the edit items, see Create Control Policy.
CategoryDetailed description
Control TypeControl Policy Control Type
  • Allow Policy: Control policy that allows the defined permissions
  • Deny Policy: Control policy that denies the defined permissions
ActionProvided functions of each service that are subject to the control policy
Applicable ResourcesResources to which the action is applied
  • All Resources: Applied to all resources for the selected action
  • Individual Resources: Applied only to specified resources for the selected action
Authentication TypeAuthentication method of the user target to which the control policy will be applied
  • All authentication: Apply regardless of authentication method
  • Authentication key authentication: Apply to authentication key authentication users
  • Temporary key authentication, Console login: Apply to temporary key authentication or Console login users
Applicable IPIP that permits the application of control policies
  • Custom IP: User registers and manages IP directly
    • Applied IP: User can directly register IP address or range format as an IP to which the control policy is applied
    • Excluded IP: Can be registered as an IP address or range to be excluded from Applied IP
  • All IPs: No IP access restriction
    • Access is allowed for all IPs, but if exceptions are needed, register Excluded IP to restrict access for those IPs
Table. Control Policy's Control Requirements Tab Items

Connection Target

You can view the organizational units and accounts directly linked to the control policy.

Reference
Policies linked to Root and organizational units are inherited by child items.
CategoryDetailed description
RootRoot connection status and the number of control policies connected to Root are displayed
  • Connect or Disconnect button can be clicked to connect or disconnect from Root
Organization UnitCurrent control policy linked organization unit and total number of control policies linked to that organization unit
  • Disconnect: Disconnect the selected organization unit in the organization unit list
  • Connect Organization Unit: Go to the Connect Organization Unit page
AccountNumber of total control policies linked to the Account currently connected and the total number of control policies linked to that Account
  • Disconnect: Disconnect the selected Account from the Account list
  • Account Connect: Go to the Account Connect page
Table. Policy's linked target tab items

Connect organization unit

You can link organizational units to the control policy.

To connect the organizational unit, follow the steps below.

  1. All Services > Management > Organization Click the menu. Navigate to Organization’s Service Home page.
  2. Service Home page, click the Control Policy menu. Navigate to the Control Policy List page.
  3. Control Policy List page, click the control policy to connect the organizational unit. Control Policy Details page will be displayed.
  4. Click the Connection Target tab on the Control Policy Details page.
  5. Click the Organizational Unit Connection button in the Organizational Unit area. You will be taken to the Organizational Unit Connection page.
  6. After selecting the organizational unit to connect, click the Complete button.
    CategoryDetailed description
    Organization Unit/Account NameDisplay the organization unit and account names in a measurement structure format
    • Click the +, - buttons to expand or collapse the hierarchy
    ID/emailOrganization unit shows ID, Account shows ID and email
    Creation DateThe date the organizational unit was created is the creation date, and for Account it shows the creation or registration date
    Table. Organizational Unit Connection Items

7.Account When the popup notifying the connection opens, click the Confirm button.

Account Connect

You can link an Account to a control policy.

To connect Account, follow the steps below.

  1. All Services > Management > Organization Click the menu. Navigate to the Service Home page of Organization.

  2. Service Home on the page click the Control Policy menu. Control Policy List navigate to the page.

  3. Control Policy List page, click the control policy to link the Account. Control Policy Details page will be displayed.

  4. Control Policy Details page, click the Connection Target tab.

  5. Click the Account Connection button in the Account area. You will be taken to the Account Connection page.

  6. After selecting the Account to connect, click the Done button.

    CategoryDetailed description
    Organization Unit/Account NameDisplay the organization unit and account names in a measurement structure format
    • Click the +, - buttons to expand or collapse the hierarchy
    ID/emailOrganization unit shows ID, Account shows ID and email
    Creation DateThe date the organizational unit was created is the creation date, and for Account it shows the creation or registration date
    Table. Account connection items

  7. When a popup notifying the connection opens, click the Confirm button.

Delete control policy

You can delete the control policy.

Notice
To delete a control policy, there must be no elements linked to the control policy.

To delete the control policy, follow the steps below.

  1. All Services > Management > Organization Click the menu. Navigate to Organization’s Service Home page.
  2. Service Home page, click the Control Policy menu. Navigate to the Control Policy List page.
  3. Click the control policy to delete on the Control Policy List page. Navigate to the Control Policy Details page.
  4. Control Policy Details page, click the Delete Control Policy button.
  5. When the popup notifying the deletion of the control policy opens, click the Confirm button.
Organization composition information
Release Note