To use the Control Policy feature, you must first enable it.
Effects of enabling control policy
After you enable the Control Policy feature for your Resource Directory, the following changes occur:
-
The
FullAliyunAccesssystem policy is automatically attached to all existing folders and members in your Resource Directory. This policy grants full access to all your Alibaba Cloud resources. -
When you create a folder or member, the
FullAliyunAccesssystem policy is automatically attached to it. -
When an invited Alibaba Cloud account joins your Resource Directory, the
FullAliyunAccesssystem policy is automatically attached to the new member. -
When you remove a member, all Control Policies attached to that member are automatically detached.
Procedure
-
Sign in to the Resource Management console.
-
In the left-side navigation pane, choose .
-
Click Enable Control Policy.
-
In the Enable Control Policy dialog box, click OK.
-
Click Refresh to view the enablement status.
Next steps
After you enable Control Policy, you can create a custom control policy to define specific permission boundaries. For example, you can create a policy that denies a specific action on a resource. You can then attach the policy to a folder or member in your Resource Directory.