This topic describes how to create a custom policy after you create a Resource Access Management (RAM) user.


  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. On the Policies page, click Create Policy.
  4. On the Create Custom Policy page, enter a policy name and note, select Script as Configuration Mode, enter a script in the Policy Document field, and then click OK.
    The following script provides an example of a custom policy:
    Parameter Description Example
    Action Specifies the operation that is allowed or denied. In this example, the Action element is prefixed with mns:. mns:*
    Note Example: mns:SendMessage. mns:SendMessage indicates the operation of sending messages. The corresponding MNS API operations include SendMessage and BatchSendMessage. For more information, see Mappings between MNS API operations and RAM permissions.
    Effect Specifies whether to allow or deny the operation. Valid values: Allow and Deny.
    • Allow: allows the operation.
    • Deny: denies the operation.
    Resource Specifies the Alibaba Cloud resources that are covered in the statement. In this example, the RAM user is allowed to access the MNS resources of the Alibaba Cloud account. acs:mns:*:*:*"
    Note The asterisk (*) wildcard character indicates all available resources.