All Documents
Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Found 0 result in total

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Identity and Access Management

View more results
Document title with current keyword not found
Directory
Expand AllFold All Up
No products found with this keyword
Documentation Identity and Access Management Permission Policy Management Permission evaluation logic

Permission evaluation logic

Last updated:2021-10-29 17:57:34

This topic describes the permission evaluation logic of IAM.

  1. If you use the AccessKey of your Kingsoft Cloud account to generate a signature and initiate an access request, and the resource belongs to your Kingsoft Cloud account, access will be allowed. Otherwise, access will be denied.
  2. If you use the AccessKey of an IAM user to generate a signature and initiate an access request, and the resource belongs to the Kingsoft Cloud account of the IAM user, the system will call the permission evaluation operation to verify the policies attached to the IAM user and determine whether to allow the access.

  3. IAM evaluates all policies attached to an IAM user based on the default/implicit deny rule and determines whether a request of an IAM user is allowed as follows:

    • 3.1 If the request is explicitly denied, IAM returns an authorization failure. Otherwise, IAM goes to the next step.
    • 3.2 If the request is explicitly allowed, IAM returns an authorization success. Otherwise, IAM goes to the next step.
    • 3.3 IAM returns an authorization failure because it implicitly denies all requests by default.

    That is, a request that is explicitly denied in a policy will be denied even though it is explicitly allowed in another policy. If a request is not explicitly allowed in any policy, the request is implicitly denied by default.

On this page
Previous:Policy elements
Next:Global system policies
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback