Creating an IAM Policy
Describes the procedure to create an IAM policy.
Prerequisites
About this task
You can create an IAM policy that comprises one or more statements for different resource types. Resources are of the following types:
- Fabric
- Volumes
- Buckets
For instance, you can allow a set of fabric-level permissions for multiple fabrics, including external S3 servers and/or external NFS servers by selecting the resource type as fabric for your statement. Another statement can be added for denial of various actions or operations related to specified buckets for the selected fabrics in the same policy.
An IAM policy is enforced when it is active and is attached or assigned to an identity like an SSO user, SSO group, and/or a user-defined role. The selected actions are allowed on the selected resources to the SSO users and/or SSO groups, when the policy is tagged/assigned to a user-defined role.
Follow the steps given below to create a IAM policy.
Procedure
- Log on to the Data Fabric UI.
- Select Fabric Manager for the fabric manager view.
- Click the Administration tab.
- On the IAM Policies card, click Create Policy.
- Enter the Name and Description for the IAM policy.
- Turn the Active toggle off, if you wish to make the policy inactive. The Active toggle is on, by default.
- Click Manage Resources and select the resource and the respective operations to allow or deny permissions on.
- Click Add for Statements to add a statement to the policy.
- Select the Resource type . Select fabric to add fabric-level permissions, volume to add permissions specific to volumes, or bucket to add permissions specific to buckets.<add link>.
- If you have chosen volume or bucket as the resource, select one or more Fabrics from the Fabric dropdown to which the volumes or buckets belong, and then click Apply.
- Click Add for Selected Resources, select one or more fabrics or volumes or buckets, depending the resource type selected.
- Select the resource-type specific actions that are to be allowed or denied on the selected resources.
- Select the Effect. Select Deny to deny the selected actions on the selected resources. Allow is the default value.
- Repeat steps 7 through 12 to add more statements, if required.
- Click Save.