If the default policies cannot meet the requirements on fine-grained access control, you can create custom policies and assign the policies to the user group.
For example, when creating a fine-grained policy ("evs:volumes:create") for Elastic Volume Service (EVS), which is a project-level service, set Scope to Project-level service. If the policy will take effect for multiple projects, authorization is required for each of the projects.
Policies support only API-level authorization. You need to fill the Action field with the permissions in the API permissions table of the specific service. IAM then implements fine-grained authorization by calling the corresponding APIs in the table. For details, see: .
Section API Permissions in the Elastic Cloud Server API Reference
Section API Permissions in the Virtual Private Cloud API Reference
Section API Permissions in the Elastic Volume Service API Reference
If a message is displayed indicating that the syntax is incorrect, modify policy information according to the policy syntax.
The custom policy is created successfully. You can select a custom policy from the user group to implement fine-grained authorization.
You can modify custom policies if user permissions have changed.
On the Policies page, click Modify in the Operation column of the target policy, and modify the name, description, and policy information.
You can delete custom policies if they are no longer needed.
On the Policies page, click Delete in the Operation column of the target policy to delete it.