You can attach custom access control policies to folders or members.
Background information
By default, the system access control policy FullAliyunAccess is attached to each folder and member.
The access control policy that is attached to a folder also applies to all its subfolders and all members in the subfolders.
Methods
Choose in the left-side navigation pane. On the page that appears, click the name of a policy. On the details page of the policy, click the Principals tab and click Add Principal to attach the policy to folders or members.
Choose in the left-side navigation pane. On the page that appears, click Resource Organization View in the upper-right corner. In the left-side navigation tree, click a folder. On the Policy tab, attach a policy to the folder. In this example, this method is used.
Choose in the left-side navigation pane. On the page that appears, click Member List View in the upper-right corner. On the page that appears, click the ID of a member. On the Policy tab of the member details page, attach a policy to the member.
Procedure
Use the management account of your resource directory to log on to the Resource Management console.
In the left-side navigation pane, choose .
In the upper-right corner of the page that appears, click Resource Organization View. In the left-side navigation tree, click a folder.
In the right-side pane, click the Policy tab. Then, click Attach Policy.
In the Attach Policy panel, select the policy that you want to attach to the folder and click OK.
After the policy is attached to the folder, the operations performed on resources by using members in the folder and members in its subfolders are limited by the policy. Make sure that the attached policy meets your expectations. Otherwise, your business may be affected.