Custom policies of Anti-DDoS Native
Resource Access Management (RAM) policies fall into two categories: system policies and custom policies. When system policies do not meet your access control requirements, create a custom policy based on the principle of least privilege to grant fine-grained permissions to specific principals and improve resource access security.
Key concepts
System policies are predefined by Alibaba Cloud and cover common permission sets.
Custom policies are fully managed by you. Use them when you need to grant a permission set that no system policy covers, scoped precisely to what each role requires.
How custom policies work
After you create a custom policy, attach it to a RAM user, RAM user group, or RAM role. The permissions defined in the policy are then granted to that principal.
To remove a custom policy:
-
If the policy is not attached to any principal, delete it directly.
-
If the policy is attached to a principal, detach it from the principal first, then delete it.
Custom policies support version control. Use the version management mechanism provided by RAM to track changes and roll back to a previous version.
What's next
To create and manage custom policies for Anti-DDoS Native, complete the following tasks in order:
-
Review the Anti-DDoS Native RAM authorization reference to identify the actions and resources your policy needs to cover. See RAM authorization.
-
Create a custom policy in the RAM console.
-
Attach the policy to the target RAM user, user group, or role.
For ongoing policy maintenance, see: