NavigationContentFooter
Suggest an edit

How to create an IAM policy

Reviewed on 26 June 2024Published on 20 June 2022

An IAM policy is used to define the permissions of users, groups, and applications in a given Organization. A policy is composed of a principal (the user, group, or application to which it applies) and one or more IAM rules (which describe the permission sets the principal should have, and the scope of those permission sets).

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization

  1. Click Identity and Access Management (IAM) from the top-right of your Organization Dashboard in the Scaleway console. The Users tab of the Identity and Access Management dashboard displays.

  2. Click the Policies tab. A list of the Organization’s existing policies displays:

  3. Click Create policy. The creation wizard displays:

  4. Complete the steps on the first page of the creation wizard:

    • Enter a name for the policy,
    • Add a tag (optional),
    Note

    Tags are key/value pairs that help you organize your users. Keep in mind that:

    • You can assign up to 10 tags per user
    • Tag values must be between 1 and 70 characters long, including key and value
    • The same tag cannot be used twice
    • Enter a description (optional),
    • Select a principal, who will be the target of your policy. The principal should be the user, application, or group who you want to grant specific permissions to through this policy.
    Important

    You can choose to create a policy without a principal for now, and attach the principal later. Be aware that the policy will have no effect until a principal is attached. A policy can only be attached to one principal at a time.

  5. Click Add rules to progress to the next part of the policy creation wizard.

    Tip

    Rules define the actions that the attached principal will be able to carry out within the Organization. When creating a rule, you first set the scope of the rule, and then select the permission sets to apply within the scope. See our dedicated documentation for more help with policies, rules, scopes and permission sets.

  6. Select a scope for the rule:

    • To give the principal permissions to view, create, edit and/or delete resources, select the Access to resources scope. Then, select the Project in which you want the permissions to apply. You can select from all current and future Projects, all current Projects or select specific Projects.
    • To give the principal permissions to Organization-level features such as IAM, billing, support & abuse tickets and project management, select the Access to Organization features scope.

  7. Click Validate to continue.

  8. Choose the permission sets for the rule by selecting the required boxes. You can select as many permission sets as you like. The principal will have the rights defined in these permission sets within the scope you set in step 6. See our dedicated documentation for more help with permission sets.

  9. Click Validate. The rule, with its scope and permission sets, is added to the list of the policy’s rules.

  10. Click Add new rule and repeat steps 6-8 as many times as required to add multiple rules to your policy.

    Tip

    You can delete «Delete Icon» or edit «Edit Icon» an existing rule by clicking the relevant button in the top right corner of the rule’s summary.

  11. Click Create policy to finish.

    You are returned to the Policies tab, where the newly-created policy now appears in the list.

    Note

    The application of Object Storage permissions can take up to 5 minutes.

See also
How to manage groupsHow to manage policies
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway