You can create a custom control policy to limit some operations on some resources. Custom control policies only define the permission boundaries for folders and member accounts in a resource directory.

Background information

Procedure

  1. Log on to the Resource Management console.
  2. In the left-side navigation pane, choose Resource Directory > Control Policy.
  3. On the Policies tab, click Create Policy.
  4. On the page that appears, enter Name and Description.
  5. Specify the policy document in JSON format.
    Note You can construct only statements that contain "Effect": "Deny" for custom control policies.
  6. Click OK.

What to do next

After you create a custom control policy, you must attach the policy to folders or member accounts. After that, the policy can take effect. For more information, see Attach a custom control policy.