Creates a custom policy
POSThttps://apis.<domain>/iam/policies
Creates a custom IAM policy used to control permissions. A policy is composed of one or more statements that grant permissions to a set of members. Each statement contains a role as well as a list of tenants.
The role defines a set of actions that the statement is scoped to.
The tenant list defines the set of resources that the statement is scoped to.
Pass "tenants": ["*"]
to scope a statement to every tenant.
A policy's top-level tenants list defines which tenants the policy belongs to (for filtering policies by their tenants), whereas the statement-level tenants list defines which tenants the statement applies to.
The example creates a new policy not associated with any tenant (because the top-level tenants
property is empty) that grants the viewer
role
on a few tenants for all local teams and a custom role myRole
on a specific tenant.
Authorization Action:
iam:policies:create
Request
- application/json
Body
required
Does not contain type as the enduser can only create 'custom' policies.
Unique ID. Cannot be changed.
Name for the policy.
Members affected by this policy.
statements object[]required
List of tenants this policy belongs to.
Responses
- 200
- default
A successful response.
- application/json
- Schema
- Example (from schema)
Schema
policy object
{
"name": "My Viewer Policy",
"id": "custom-viewer-policy",
"members": [
"team:local:*"
],
"statements": [
{
"role": "viewer",
"tenants": [
"tenant1",
"tenant2"
],
"effect": "ALLOW"
},
{
"role": "myRole",
"tenants": [
"exampleTenant"
],
"effect": "ALLOW"
}
],
"tenants": []
}
An unexpected error response.
- application/json
- Schema
- Example (from schema)
Schema
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- curl
- python
- go
- nodejs
- ruby
- csharp
- php
- java
- powershell
- CURL
curl -L -X POST 'https://apis.<domain>/iam/policies' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
--data-raw '{
"name": "My Viewer Policy",
"id": "custom-viewer-policy",
"members": [
"team:local:*"
],
"statements": [
{
"role": "viewer",
"tenants": [
"tenant1",
"tenant2"
],
"effect": "ALLOW"
},
{
"role": "myRole",
"tenants": [
"exampleTenant"
],
"effect": "ALLOW"
}
],
"tenants": []
}'