The Control Policy feature is disabled by default. You can use this feature after you enable it.

Background information

After the Control Policy feature is enabled, a resource directory has the following changes:

  • The system automatically attaches the system access control policy FullAliyunAccess to folders and members in the resource directory. This policy allows all operations on all your cloud resources.
  • When you create a folder or member, the system automatically attaches the system access control policy FullAliyunAccess to the folder or member.
  • After an invited Alibaba Cloud account joins a resource directory, the system automatically attaches the system access control policy FullAliyunAccess to this member.
  • When you remove a member, the system automatically detaches all access control policies that are attached to this member.

Procedure

  1. Log on to the Resource Management console.
  2. In the left-side navigation pane, choose Resource Directory > Control Policy.
  3. In the upper part of the Control Policy page, click Enable Control Policy.
  4. In the message that appears, click OK.
  5. Click the Refresh icon and view the status of the Control Policy feature.

What to do next

You can create a custom access control policy. For example, you can forbid an operation on a resource in this policy. Then, you can attach this policy to a folder or member in the resource directory to manage the operation permissions of the members on this resource. For more information, see the following topics: