All Products
Search
Document Center

Resource Management:Enable control policy

Last Updated:Jun 20, 2026

To use the Control Policy feature, you must first enable it.

Effects of enabling control policy

After you enable the Control Policy feature for your Resource Directory, the following changes occur:

  • The FullAliyunAccess system policy is automatically attached to all existing folders and members in your Resource Directory. This policy grants full access to all your Alibaba Cloud resources.

  • When you create a folder or member, the FullAliyunAccess system policy is automatically attached to it.

  • When an invited Alibaba Cloud account joins your Resource Directory, the FullAliyunAccess system policy is automatically attached to the new member.

  • When you remove a member, all Control Policies attached to that member are automatically detached.

Procedure

  1. Sign in to the Resource Management console.

  2. In the left-side navigation pane, choose Resource Directory > Control Policy.

  3. Click Enable Control Policy.

  4. In the Enable Control Policy dialog box, click OK.

  5. Click Refresh to view the enablement status.

Next steps

After you enable Control Policy, you can create a custom control policy to define specific permission boundaries. For example, you can create a policy that denies a specific action on a resource. You can then attach the policy to a folder or member in your Resource Directory.