Overview
Follow the steps below to create a policy defining access permissions to any Control Plane resource for any principal (user, service account, group, and identity).Prerequisites
- Review the policy reference page.
- Have permissions to create a policy.
- Optional: Install the CLI.
Create using the Console
- Create a new policy using one of the following methods:
- Click
Policiesin the left menu, then clickNew. - Click the
Createdropdown in the upper right corner and selectPolicy.
- Click
- Configure the policy:
- Enter a policy name and optional description.
- Click
Targetand select the target kind you want to control access to.- You have the option to select specific resources or target all the resources in your org for that kind by turning on the
Target All Itemsswitch. - If you are targeting all the resources, skip the next step.
- You have the option to select specific resources or target all the resources in your org for that kind by turning on the
- Select resources:
- Choose one or both of the following methods to select resources:
- For direct assignment: Click
Itemsand then click theAddbutton and select from the available resources. ClickOK. - For dynamic assignment: Click
Queryand then configure match rules using tag queries, properties, or relations. ClickOk.
- For direct assignment: Click
- Choose one or both of the following methods to select resources:
- Add a binding:
- Select
Bindings. - At least one binding is required. Click
Add Binding. - Select one or more permissions. These permissions are specific to the selected kind.
- Browse through the principal tabs and select at least one principal. Click
OK. - If required, add additional bindings. Each binding must have a unique set of permissions. Click
Create. - The policy has been created and is now active.
- Select