If system policies cannot meet your business requirements, you can create a custom policy to grant the minimum permissions. Custom policies help you implement fine-grained permission management, which efficiently improves resource access security. This topic describes the scenarios where you can use the custom policies of Network Intelligence Service (NIS).
What is a custom policy?
Resource Access Management (RAM) policies are classified into system policies and custom policies. You need to maintain custom policies.
After you create a custom policy, you need to attach it to a RAM user, a user group, or a RAM role so that the permissions specified in the policy can be granted to the principal.
You can delete a RAM policy that is not attached to a principal. If the RAM policy is attached to a principal, you must detach the RAM policy from the principal before you can delete the RAM policy.
Custom policies support version control. You can manage custom policy versions based on the version management mechanism provided by RAM.
References
Authorization information
Before you use a custom policy, you must understand your business requirements for permission management and the authorization information of NIS. For more information, see RAM authorization.
