All Products
Search
Document Center

Logic Composer:Customize authorization policies

Last Updated:Jan 19, 2023

The default authorization policies provided by Logic Composer are coarse-grained. If these coarse-grained authorization policies cannot meet your needs, you can customize authorization policies. For example, if you want to manage the operation permissions of a RAM identity on a workflow, you must customize authorization policies to meet this fine-grained requirement.

Background information

For more information about how to create a custom policy, see Create a custom policy.

If you set the configuration mode to JSON when you create a custom policy, you must understand the structure and syntax of the policy. For more information, see Policy structure and syntax. The following table describes values of the Action and Resource parameters in a statement.

API operations for authorization

API

Authorized action

Authorized resource

Description

ListFlows

composer:ListFlows

acs:composer:$regionid:$accountid:flow/*

Queries workflows.

GetFlow

composer:GetFlow

acs:composer:$regionid:$accountid:flow/$flowId

Queries the details of a workflow.

CreateFlow

composer:CreateFlow

acs:composer:$regionid:$accountid:flow/*

Creates a workflow.

DeleteFlow

composer:DeleteFlow

acs:composer:$regionid:$accountid:flow/$flowId

Deletes a workflow.

UpdateFlow

composer:UpdateFlow

acs:composer:$regionid:$accountid:flow/$flowId

Modifies a workflow.

CloneFlow

composer:CloneFlow

acs:composer:$regionid:$accountid:flow/*

Copies a workflow.

InvokeFlow

composer:InvokeFlow

acs:composer:$regionid:$accountid:flow/$flowId

Runs a workflow.

ListVersions

composer:ListVersions

acs:composer:$regionid:$accountid:flow/$flowId

Queries all versions of a workflow.

GetVersion

composer:GetVersion

acs:composer:$regionid:$accountid:flow/$flowId

Queries a specific version of a workflow.