# Managing Policies

In Impossible Cloud Storage, **IAM policies** are used to define and manage access permissions for specific resources. These policies follow the **Industry S3 policy standard**, ensuring compatibility and familiarity for users with experience in other environments. Each policy is written in **JSON format**, allowing for precise and structured permission definitions.

IAM Policy management at Impossible Cloud Storage Console can be done in **Policies** tab. From there, you can **add, filter, delete** as well as **edit** an existing policy.&#x20;

The **Policies** tab is only visible for root users - and accordingly, also conducting any of the above actions.

## Creating a Policy

To simplify policy creation, the Impossible Cloud Storage Console includes a built-in JSON editor. This editor provides a convenient interface for writing and editing policies directly within the Console, making it easy to define access rules according to your requirements.

To create a policy, follow these instructions:

1. Navigate to the **Policies** tab in left-pane menu.
2. Click the **Add Policy** button on the top-right of the console.&#x20;

* Fill in the **Policy name**&#x20;
* (Optional) Fill in the **description** of the policy.&#x20;

{% hint style="info" %}
The policy name must consist of alphanumeric characters (upper and lowercase) with no spaces. Once created, the policy name and description cannot be changed.
{% endhint %}

3. **Write** the S3 policy in the built-in JSON editor.&#x20;
4. Click **Create Policy** on the top-right corner of your screen to confirm the creation of the policy.

## Updating a Policy

When you update a policy using the Graphical User Interface (GUI) in the Impossible Cloud Storage Console, a new version of that policy is automatically created. This versioning system allows you to easily revert to a previous version if needed.

To **edit a policy**, follow these instructions:

1. Navigate to the **Policies** tab in left-pane menu.
2. Click the **Edit** button next to the policy you want to modify.&#x20;
3. You can **edit** the policy using the built-in JSON editor, just like when creating a new policy.
4. Click the **Save** button in the top-right corner to create a new version.
5. Click on the newly created version and **set it as the default** to activate the version.&#x20;

{% hint style="info" %}
The Storage Console supports a maximum of 5 (five) policy versions. If this limit is reached, you must remove an existing version before creating a new one.
{% endhint %}

## Deleting a Policy

Deleting a policy will automatically remove the access and permissions for the corresponding group(s) of users.

To delete a policy, follow these instructions:

1. Navigate to the **Policies** tab in left-pane menu.
2. Click on the **Delete** button next to the policy.&#x20;
3. **Confirm** the deletion.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.impossiblecloud.com/impossible-cloud-help/security/identity-access-management-iam/managing-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.