This topic describes how to manage both system and inline policies.

Add or remove a system policy

  1. Log on to the CloudSSO console.
  2. In the left-side navigation pane, click Access Configuration Management.
  3. On the Access Configuration Management page, click the name of the required access configuration.
  4. On the page that appears, click the Details tab and then the System Policy tab.
  5. Add or remove a system policy.
    • Add a system policy
      1. Click Add.
      2. In the Add System Policy panel, select system policies and click Add.
        Note You can select a maximum of five system policies at a time. You can configure a maximum of 20 system policies for each access configuration.
      3. Click Close.
    • Remove a system policy
      1. Find the required system policy and click Remove in the Actions column.
      2. In the Remove System Policy message, click OK.

If you add or remove a system policy to or from an access configuration and the access configuration has been provisioned for the accounts in your resource directory, you must re-provision the access configuration for the modification to take effect. For more information, see Re-provision an access configuration.

Create, modify, or delete an inline policy

  1. Log on to the CloudSSO console.
  2. In the left-side navigation pane, click Access Configuration Management.
  3. On the Access Configuration Management page, click the name of the required access configuration.
  4. On the page that appears, click the Details tab and then the Inline Policy tab.
  5. Manage inline policies.
    • Create an inline policy
      1. Click Create Inline Policy.
      2. In the Create Inline Policy panel, edit the policy document and click OK.

        For more information about the policy syntax, see Policy structure and syntax.

    • Modify an inline policy
      1. Click Edit.
      2. In the Edit Inline Policy panel, modify the policy document and click OK.

        For more information about the policy syntax, see Policy structure and syntax.

    • Delete an inline policy
      1. Click Delete.
      2. In the Delete Inline Policy message, click OK.

If you create, modify, or delete an inline policy for an access configuration and the access configuration has been provisioned for the accounts in your resource directory, you must re-provision the access configuration for the modification to take effect. For more information, see Re-provision an access configuration.