Overview
Follow the steps below to create a policy defining access permissions to any Control Plane resource for any principal (user, service account, group, and identity).Prerequisites
- Review the policy reference page
- Permissions to create a policy
- Optional:
- Install the CLI
Create using the UI Console
- Create a new policy by either:
- Clicking
Policiesin the left menu and clickNew, or - Click the
Createdropdown in the upper right corner and selectPolicy
- Clicking
- Select Resource Type:
- Enter a policy name and optional description
- Select a target resource type
- Choose one of the resource types that you’d like to control access to
- You have the option to select specific resources or target all the resources in your org by turning on the
Target Allswitch - If you are targeting all the resources, click
Nextand skip to step 4. - Click
Next
- Select Specific Resources:
- Choose one or both of the following methods to select resources:
- Directly assigned:
- A list of available resources will be shown and can be selected
- Dynamically assigned:
- Using the tag query form, configure the match by rule.
- Directly assigned:
- Click
Next
- Choose one or both of the following methods to select resources:
- Add a Binding:
- At least one binding is required. Click
Add Binding. - Select one or more permissions. These permissions are specific to the selected resource type.
- Browse through the principal tabs and select at least one principal. Click
Add. - If required, add additional bindings. Note: The bindings must have a unique set of permissions. Click
Create. - The policy has been created and is now active
- At least one binding is required. Click