Create policy

Article summary

Did you find this summary helpful?

Thank you for your feedback

Available in Classic and VPC

Create a User Created policy.

Note

Up to 500 policies can be created.

Request

This section describes the request format. The method and URI are as follows:

Method	URI
POST	/api/v1/policies

Request headers

For information about the headers common to all Sub Account APIs, see Sub Account request headers.

Request body

You can include the following data in the body of your request:

Field	Type	Required	Description
`policyName`	String	Required	Policy name 3-30 characters using Korean, English uppercase and lowercase letters, Japanese, and special characters . _ - First letter must be Korean, English uppercase and lowercase letter, or Japanese
`description`	String	Optional	Description of the policy (byte) 0-300
`permissions`	Array	Required	Allowed permission list

`permissions`

The following describes permissions.

Field	Type	Required	Description
`effect`	String	Required	Permission allowance `Allow` (Valid value)
`targets`	Array	Required	Permission allowance target
`condition`	Object	Optional	Policy condition
`condition.{operator}`	Object	Optional	Policy condition operator
`condition.{operator}.{key}`	Object	Optional	Policy condition key
`condition.{operator}.{value}`	Array	Optional	Policy condition value

`targets`

The following describes targets.

Field	Type	Required	Description
`product`	String	Required	Allowable service code See Permission information by service
`actions`	Array	Required	Allowable action See Permission information by service to apply as follows Detailed action unit: Enter the action name All query units: Enter `View` All change units: Enter `Change` Service unit: Enter an asterisk (*)
`resourceNrns`	Array	Required	NAVER Cloud Platform resource identification value for the allowable target Enter an asterisk (*) when not specifying

Request example

The request example is as follows:

curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/policies' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
    "policyName": "mypolicy2",
    "permissions": [
        {
            "effect": "Allow",
            "targets": [
                {
                    "product": "AiTEMS",
                    "actions": [
                        "View*", "Change*"
                    ],
                    "resourceNrns": [
                        "*"
                    ]
                }
            ]
        }
    ],
}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field	Type	Required	Description
`policyId`	String	-	Policy ID
`policyName`	String	-	Policy Name
`description`	String	-	Policy description
`validationResult`	Object	-	Validity check results
`validationResult.details`	Array	-	Validity check detailed results
`validationResult.success`	Boolean	-	Validity check results `true` \| `false` `true`: valid `false`: invalid

`validationResult.details`

The following describes validationResult.details.

Field	Type	Required	Description
`type`	String	-	Check result type `INFO` \| `WARNING` \| `ERROR` `ERROR` indicates a failed validity check
`code`	String	-	Detailed code
`location`	String	-	Check location
`message`	String	-	Check result message

Response status codes

For information about the HTTP status codes common to all Sub Account APIs, see Sub Account status codes.

Response example

The response example is as follows:

{
    "policyId": "ec5a5dd0-****-****-****-246e966ebeb4",
    "policyName": "mypolicy2",
    "validationResult": {
        "details": [],
        "success": true
    }
}

Was this article helpful?

What's Next

Edit policy

Table of contents

Request
Response