Last updated：2021-10-29 17:57:25
Which policy creation method should I use?
Currently, you can create a custom policy by selecting required services and features, in the visual configuration mode, and by directly editing the policy document.
We recommend that you preferentially create a custom policy in the visual configuration mode, which is easy and flexible. You only need to select services and actions, and specify resources. The system automatically generates the policy for you.
IAM now supports creating a custom policy by selecting required services and features, which is also a recommended method. You can control the permission granularity by selecting services and features. This method is suitable for customers who need to control permissions but the requirements are not complex.
The method of creating a custom policy by directly editing the policy document is intended for advanced users. This method allows you to control the permission granularity in a flexible way, and is suitable for customers who need more fine-grained permission control.
What is a personalized IAM user login URL?
To make login information simpler and easier to remember, Kingsoft Cloud offers each Kingsoft Cloud account a personalized IAM user login URL: https://signin.ksyun.com/u/XXXXXX. In the URL, XXXXX is the username of a Kingsoft Cloud account.
What will happen if a policy attached to an IAM user conflicts with a policy attached to a group to which the IAM user belongs?
IAM evaluates all policies attached to an IAM user based on the default/implicit deny rule and determines whether a request of an IAM user is allowed as follows:
If the request is explicitly denied, IAM returns an authorization failure. Otherwise, IAM goes to the next step.
If the request is explicitly allowed, IAM returns an authorization success. Otherwise, IAM goes to the next step.
IAM returns an authorization failure because it implicitly denies all requests by default.
That is, a request that is explicitly denied in a policy will be denied even though it is explicitly allowed in another policy. If a request is not explicitly allowed in any policy, the request is implicitly denied by default.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.