This topic explains the grammar for EIM policy documents, based on JSON format and composed of different elements specifying EIM identities, actions and resources the permissions relate to.

Policy Documents Language

Policy documents are written in JSON. The following table presents the different characters used in policy documents, that are part of JSON basic rules:

Character

Character Name

User

 

Whitespace

To separate individual entities.

" "

Quotation marks

To enclose values (optional for numeric and boolean values).

{ }

Braces

To enclose JSON blocks containing key-value elements.

[ ]

Square brackets

To specify a JSON array as an element value. Arrays let you specify one or more values for a same element (if the element supports it).

,

Comma

To separate values in a JSON array or to separate JSON blocks.

Policy General Grammar

Permissions are declared in policy documents, that contain one or more individual statements defining the permissions in terms of actions and resources. To define permissions contained in a policy, you must set the policy-document attribute as in the following format:

EIM policies are case sensitive. All elements must start with an upper-case letter.


{"Statement":[
              {
               "Action":["xxx","yyy"],
               "Effect":"allow",
               "Resource":[ ],
              },
              {
               "Action":["xxx","yyy"],
               "Effect":"deny",
               "Resource":[ ]
              }
            ]
}

For more information about the different policy document elements, see EIM Policy Elements.