The page has been translated by Gen AI.

Organization Control Policy

You can view and manage the Organization’s control policies.

Create Organization Control Policy

You can create control policies for the Organization.

To create a control policy, follow these steps.

Click the All Services > Management > Organization menu. Navigate to the Service Home page of Organization.
On the Service Home page, click the Control Policy menu. You will be taken to the Control Policy List page.
On the Control Policy List page, click the Create Control Policy button. You will be taken to the Create Control Policy page.

After entering items in the Basic Information area, click the Next button.

Category	Required status	Detailed description
Control Policy Name	Required	Enter the name of the control policy English letters, numbers, special characters(`+=-_@,.`) within 3 to 128 characters
Explanation	Select	Enter a description of the organizational unit within 1,000 characters.

Table. Create organization control policy - set basic information

In the Control Requirement Setting area, after selecting the control policy configuration method and the service to apply, click the Next button.

Category	Required status	Detailed description
Load control policy	Select	Enter the name of the control policy When loading a policy, all previously entered content will be deleted For more details, see Load Policy
Basic mode/JSON mode	Required	Select the policy configuration method Basic Mode: Configure using the mode provided by the Console JSON Mode: Configure directly using the JSON Editor
Service	Required	Select the service to set the control policy Add Service: Add a service to configure the control policy

Category

Required status

Detailed description

Load control policy

Select

Enter the name of the control policy

When loading a policy, all previously entered content will be deleted
For more details, see Load Policy

Basic mode/JSON mode

Required

Select the policy configuration method

Basic Mode: Configure using the mode provided by the Console

JSON Mode: Configure directly using the JSON Editor

Service

Required

Select the service to set the control policy

Add Service: Add a service to configure the control policy

Table. Organization control policy creation - service configuration

Caution

In the control policy settings, Basic Mode and JSON Mode are provided.

After writing in Basic Mode and entering JSON Mode or navigating the screen, services with duplicate control requirements are merged into one, and services that have not completed configuration are deleted.
If the content written in JSON mode does not conform to JSON format, you cannot switch to basic mode.

After setting the permissions, click the Next button.

Category	Required	Detailed description
Control Type	Required	Select control policy type Allow Policy: Control policy that allows the defined permissions Deny Policy: Control policy that denies the defined permissions For the same target, the deny policy takes precedence
Action	Required	Select actions provided for each service Actions that allow selection of individual resources are shown in purple Actions that target all resources are shown in black Add Action Directly: Use the wildcard `*` to specify multiple actions at once
Applied resource	Required	Resources to which the action applies All resources: Apply to all resources for the selected action Individual resources: Apply only to the specified resources for the selected action Individual resources are only available when selecting the purple action that allows individual resource selection Click the Add resource button to specify target resources by resource type For more details on Add resource, see Register individual resources as applicable resources
Authentication Type	Required	Authentication method of the user target to which the control policy will be applied All authentication: Applies regardless of authentication method Authentication key authentication: Applies to users with authentication key authentication Temporary key authentication, Console login: Applies to users with temporary key authentication or Console login
Applied IP	Required	IP that allows the application of control policies Custom IP: User registers and manages the IP directly Applied IP: User can directly register the IP address or range that the control policy applies to Excluded IP: IP addresses or ranges that can be registered as exclusions from the Applied IP All IPs: No IP access restriction Access is allowed for all IPs, but if exceptions are needed, register Excluded IP to restrict access for the registered IPs
Additional condition	Select	Add conditions for attribute-based access control (ABAC) Condition Key: Select from Global condition keys and service condition keys list Qualifier: Default value, arbitrary value in the request, all values in the request Operator: Bool, Null Value: True, False

Table. Create organization control policy - set permissions

On the Check Input Information page, after confirming the entered information, click the Create button.
When the popup notifying the creation of a control policy opens, click the Confirm button. You will be taken to the Integrated Policy List page.

Load control policy

When creating a control policy, you can generate it by modifying the policy requirements of an existing policy.

Reference

When you run Load Policy, all previously entered content will be deleted and replaced with the selected policy’s settings.

To load an existing policy and create a control policy, follow these steps.

Click the All Services > Management > Organization menu. Navigate to the Service Home page of Organization.
On the Service Home page, click the Control Policy menu. You will be taken to the Control Policy List page.
On the Control Policy List page, click the Create Control Policy button. You will be taken to the Create Control Policy page.

After entering items in the Basic Information area, click the Next button.

Category	Required status	Detailed description
Control Policy Name	Required	Enter the control policy name English letters, numbers, and special characters (`+=-_@,.`) within 3 to 128 characters
description	Select	Enter a description of the organizational unit within 1,000 characters.

Table. Create organization control policy - set basic information

In the Control Requirement Setting area, click the Load Control Policy button. The Load Control Policy popup window opens.
Click the Load Policy button. The Load Control Policy popup opens.
After selecting the control policy to load from the control policy list, click the Confirm button. The loaded policy’s settings will be entered automatically.
After editing the information that needs to be changed, click the Next button.
Check Input Information page, verify the entered information and click the Complete button. You will be taken to the Integrated Policy List page.

Register individual resources as applied resources

Permission Settings allows you to register individual resources as applied resources. To register individual resources as applied resources, follow the steps below.

Click the All Services > Management > Organization menu. Navigate to the Service Home page of Organization.
On the Service Home page, click the Control Policy menu. You will be taken to the Control Policy List page.
On the Control Policy List page, click the Create Control Policy button. You will be taken to the Create Control Policy page.

After entering items in the Basic Information area, click the Next button.

Category	Required status	Detailed description
Control Policy Name	Required	Enter the control policy name using English letters, numbers, special characters (`+=-_@,.`) within 3~128 characters
description	Selection	Enter a description of the organizational unit within 1,000 characters.

Table. Create organization control policy - set basic information

In the Control Requirement Setting area, after selecting the service to which the control policy will be applied, click the Next button.
Click the Load Policy button. The Load Control Policy popup opens.
After selecting the control policy to load from the control policy list, click the Confirm button. The loaded policy’s settings will be entered automatically.
After editing the information that needs to be changed, click the Next button.
On the Check Input Information page, verify the entered information and click the Complete button. You will be taken to the Integrated Policy List page.
Select an Action that allows selecting individual resources in the Action selection.
- Actions that allow individual resource selection are displayed in purple.
Click Individual Resource in Applied Resource.

Click the Add Resource button. The Add Resource popup window opens.

Category	Whether required	Detailed description
Self type	Required	Select the resource type to add
SRN	-	Unique resource ID in Samsung Cloud Platform Automatically updated according to the input fields below
Account	Required	Account ID Settings Current Account: Current Account ID is auto-filled and cannot be edited All Accounts: Add to all Accounts (not recommended) Manual Input: Manually enter the Account ID using lowercase English letters and numbers, up to 100 characters (wildcard input not allowed)
Region	Select	Enter the resource’s region information directly within 100 characters Select All When checked, add resources from all regions
Resource ID	Required	Enter the resource ID to add directly, up to 100 characters Select All when checked adds all resources of that resource type

Table. Create organization control policy - set basic information

After the settings are completed, click the Next button. You will be taken to the Check Input Information page.
After reviewing the entered information, click the Complete button. You will be taken to the Integrated Policy List page.

Check detailed information of control policy

On the Control Policy Details page, you can view and edit the detailed information of the control policy. To view detailed information of the control log, follow the steps below.

All Services > Management > Organization Click the menu. Go to the Service Home page of Organization.
On the Service Home page, click the Control Policy menu. You will be taken to the Control Policy List page.
Control Policy List page, click the control policy you want to view detailed information for. You will be taken to the Control Policy Details page.
- The Policy Details page displays basic information and consists of the Basic Information tab, the Control Requirements tab, and the Connected Targets tab.

Basic Information

You can view the basic information of the control policy and, if necessary, edit the policy name and description.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name In the control policy, it refers to the policy name
Resource ID	Unique Resource ID
constructor	User who created the service
Creation date and time	Service creation date and time
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
Control Policy Name	Name of the control policy Edit Click the button to change the name
type	Types of control policies Default: The default control policy provided by Samsung Cloud Platform Custom: A control policy created directly by the user
Explanation	Description of the control policy Edit button can be clicked to change the description

Table. Basic Information Tab Items of Control Policy

Control Requirements

You can view the services with permissions configured in the current control policy.

You can check in Basic mode and JSON mode.
Click the arrow to the right of the service name to display the control requirements set for that service.

Reference

Click the Edit button to modify the control requirements. For detailed information about the edit items, please refer to Create Control Policy.

Category	Detailed description
Control Type	Control Policy Types Allow Policy: Control policy that allows the defined permissions Deny Policy: Control policy that denies the defined permissions
action	Features provided by each service that are subject to the control policy
Applied resource	Resources to which the action applies All resources: applied to all resources for the selected action Individual resources: applied only to the specified resources for the selected action
Authentication type	Authentication method for the user target to which the control policy will be applied All authentication: Applied regardless of authentication method API key authentication: Applied to users with API key authentication Temporary credential authentication, Console login: Applied to users with temporary credential authentication or Console login
Applied IP	IP that permits the application of control policies Custom IP: The user directly registers and manages the IP Applied IP: An IP that the user registers directly, to which the control policy is applied; can be registered as an IP address or a range Excluded IP: An IP to be excluded from the Applied IP, can be registered as an IP address or a range All IPs: No IP access restriction Access is allowed for all IPs, but if an exception is needed, register an Excluded IP to restrict access for the registered IPs

Table. Control policy control requirements tab items

Connection target

You can view the organizational units and accounts directly linked to the control policy.

Reference

Policies attached to the root and organizational units are inherited by child items.

Category	Detailed description
Root	The connection status of the Root and the number of control policies attached to the Root are displayed Click the Connect or Disconnect button to connect to or disconnect from the Root
organizational unit	The organizational units currently linked to the control policy and the total number of control policies linked to those units Disconnect: Unlink the selected organizational unit from the organizational unit list Organizational Unit Link: Navigate to the Organizational Unit Link page
Account	The Account currently linked to the control policy and the total number of control policies linked to that Account Disconnect: Disconnect the selected Account from the list Account Connection: Go to the Account Connection page

Connect organization unit

You can associate an organizational unit with a control policy. To connect an organizational unit, follow the steps below.

Click the All Services > Management > Organization menu. Go to the Service Home page of Organization.
On the Service Home page, click the Control Policy menu. You will be taken to the Control Policy List page.
On the Control Policy List page, click the control policy to link the organizational unit. You will be taken to the Control Policy Details page.
On the Control Policy Details page, click the Connection Target tab.
Click the Organization Unit Connection button in the Organization Unit area. You will be taken to the Organization Unit Connection page.

After selecting the organization unit to connect, click the Complete button.

Category	Detailed description
Organization unit/Account name	Display the names of organizational units and Accounts in a measurement structure format Click the +, - button to expand or collapse the hierarchy
ID/Email	Organizational units display ID, and accounts display ID and email.
Creation date and time	The creation date and time of the organizational unit is the creation timestamp, and for Account it displays the creation or registration timestamp.

Table. Organization Unit Connection Items

When the popup notifying the organization unit connection opens, click the Confirm button.

Connect Account

You can link an Account to a control policy. To connect the Account, follow these steps.

Click the All Services > Management > Organization menu. Go to the Service Home page of Organization.
On the Service Home page, click the Control Policy menu. You will be taken to the Control Policy List page.
On the Control Policy List page, click the control policy to link the Account. You will be taken to the Control Policy Details page.
On the Control Policy Details page, click the Connection Target tab.
Click the Account Connect button in the Account area. You will be taken to the Account Connect page.

After selecting the Account to connect, click the Done button.

Category	Detailed description
Organization unit/Account name	Display the names of organizational units and Accounts in a measurement structure format Click the +, - buttons to expand or collapse the hierarchy
ID/Email	Organizational units display ID, and Accounts display ID and email.
Creation date and time	The creation date and time of the organizational unit is the creation date and time, and Account displays the creation or registration date and time.

Table. Account linking items

When a popup notifying the Account connection opens, click the Confirm button.

Delete control policy

You can delete the control policy.

Information

To delete a control policy, there must be no elements linked to the control policy.

To delete a control policy, follow these steps.

Click the All Services > Management > Organization menu. Navigate to the Service Home page of Organization.
On the Service Home page, click the Control Policy menu. You will be taken to the Control Policy List page.
On the Control Policy List page, click the control policy you want to delete. You will be taken to the Control Policy Details page.
Click the Delete Control Policy button on the Control Policy Details page.
When the popup informing you that the control policy will be deleted opens, click the Confirm button.

Organization Configuration Information

Release Note