> For the complete documentation index, see [llms.txt](https://docs.impossiblecloud.com/impossible-cloud-help/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.impossiblecloud.com/impossible-cloud-help/security/identity-access-management-iam/managing-policies.md).

# Managing Policies

In Impossible Cloud Storage, **IAM policies** are used to define and manage access permissions for specific resources. These policies follow the **Industry S3 policy standard**, ensuring compatibility and familiarity for users with experience in other environments. Each policy is stored in **JSON format**, but the Storage Console lets you author policies through a visual interface or by writing the JSON directly.

IAM Policy management at Impossible Cloud Storage Console can be done in **Policies** tab. From there, you can **add, filter, delete** as well as **edit** an existing policy.

The **Policies** tab is only visible for root users - and accordingly, also conducting any of the above actions.

## Creating a Policy

The Impossible Cloud Storage Console offers two ways to author a policy. Use the **Visual Policy Builder** to configure statements through dropdowns and search fields, or the **JSON editor** to write the raw policy document directly. A **Visual | JSON** toggle at the top of the policy editor switches between them, and both views share the same underlying policy.

For a full walkthrough, see [Visual Policy Builder](/impossible-cloud-help/security/identity-access-management-iam/managing-policies/visual-policy-builder.md).

To create a policy, follow these instructions:

1. Navigate to the **Policies** tab in left-pane menu.
2. Click the **Add Policy** button on the top-right of the console.

* Fill in the **Policy name**
* (Optional) Fill in the **description** of the policy.

{% hint style="info" %}
The policy name must consist of alphanumeric characters (upper and lowercase) with no spaces. Once created, the policy name and description cannot be changed.
{% endhint %}

3. Select a mode with the **Visual | JSON** toggle, then **define** the policy. Use the **Visual Policy Builder** for a guided, statement-based interface, or the **JSON editor** to write the policy document directly.
4. Click **Create Policy** on the top-right corner of your screen to confirm the creation of the policy.

## Updating a Policy

When you update a policy in the Impossible Cloud Storage Console, a new version of that policy is automatically created. This versioning system allows you to easily revert to a previous version if needed.

To **edit a policy**, follow these instructions:

1. Navigate to the **Policies** tab in left-pane menu.
2. Click the **Edit** button next to the policy you want to modify.
3. You can **edit** the policy in either Visual or JSON mode, just like when creating a new policy.
4. Click the **Save** button in the top-right corner to create a new version.
5. Click on the newly created version and **set it as the default** to activate the version.

{% hint style="info" %}
The Storage Console supports a maximum of 5 (five) policy versions. If this limit is reached, you must delete an existing version before creating a new one.
{% endhint %}

## Deleting a Policy

Deleting a policy will automatically remove the access and permissions for the corresponding group(s) of users.

To delete a policy, follow these instructions:

1. Navigate to the **Policies** tab in left-pane menu.
2. Click on the **Delete** button next to the policy.
3. **Confirm** the deletion.<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.impossiblecloud.com/impossible-cloud-help/security/identity-access-management-iam/managing-policies.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
