MENU
      Create policy

        Create policy


        Article summary

        Available in Classic and VPC

        Create a User Created policy.

        Note

        Up to 500 policies can be created.

        Request

        This section describes the request format. The method and URI are as follows:

        MethodURI
        POST/api/v1/policies

        Request headers

        For information about the headers common to all Sub Account APIs, see Sub Account request headers.

        Request body

        You can include the following data in the body of your request:

        FieldTypeRequiredDescription
        policyNameStringRequiredPolicy name
        • 3-30 characters using Korean, English uppercase and lowercase letters, Japanese, and special characters . _ -
        • First letter must be Korean, English uppercase and lowercase letter, or Japanese
        descriptionStringOptionalDescription of the policy (byte)
        • 0-300
        permissionsArrayRequiredAllowed permission list

        permissions

        The following describes permissions.

        FieldTypeRequiredDescription
        effectStringRequiredPermission allowance
        • Allow (Valid value)
        targetsArrayRequiredPermission allowance target
        conditionObjectOptionalPolicy condition
        condition.{operator}ObjectOptionalPolicy condition operator
        condition.{operator}.{key}ObjectOptionalPolicy condition key
        condition.{operator}.{value}ArrayOptionalPolicy condition value

        targets

        The following describes targets.

        FieldTypeRequiredDescription
        productStringRequiredAllowable service code
        actionsArrayRequiredAllowable action
        • See Permission information by service to apply as follows
          • Detailed action unit: Enter the action name
          • All query units: Enter View*
          • All change units: Enter Change*
          • Service unit: Enter an asterisk (*)
        resourceNrnsArrayRequiredNAVER Cloud Platform resource identification value for the allowable target
        • Enter an asterisk (*) when not specifying

        Request example

        The request example is as follows:

        curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/policies' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'Accept: application/json' \
        --header 'Content-Type: application/json' \
        --data '{
            "policyName": "mypolicy2",
            "permissions": [
                {
                    "effect": "Allow",
                    "targets": [
                        {
                            "product": "AiTEMS",
                            "actions": [
                                "View*", "Change*"
                            ],
                            "resourceNrns": [
                                "*"
                            ]
                        }
                    ]
                }
            ],
        }'
        Shell

        Response

        This section describes the response format.

        Response body

        The response body includes the following data:

        FieldTypeRequiredDescription
        policyIdString-Policy ID
        policyNameString-Policy Name
        descriptionString-Policy description
        validationResultObject-Validity check results
        validationResult.detailsArray-Validity check detailed results
        validationResult.successBoolean-Validity check results
        • true | false
          • true: valid
          • false: invalid

        validationResult.details

        The following describes validationResult.details.

        FieldTypeRequiredDescription
        typeString-Check result type
        • INFO | WARNING | ERROR
        • ERROR indicates a failed validity check
        codeString-Detailed code
        locationString-Check location
        messageString-Check result message

        Response status codes

        For information about the HTTP status codes common to all Sub Account APIs, see Sub Account status codes.

        Response example

        The response example is as follows:

        {
            "policyId": "ec5a5dd0-****-****-****-246e966ebeb4",
            "policyName": "mypolicy2",
            "validationResult": {
                "details": [],
                "success": true
            }
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.