ovh · Y0Coss · Jul 23, 2025 · Jul 23, 2025
diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.de-de.md b/...ount_and_service_management/account_information/iam-policies-api/guide.de-de.md
@@ -1,7 +1,7 @@
 ---
 title: Verwendung von IAM-Richtlinien mit der OVHcloud API (EN)
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...nt_and_service_management/account_information/iam-policies-api/guide.en-asia.md b/...nt_and_service_management/account_information/iam-policies-api/guide.en-asia.md
@@ -1,7 +1,7 @@
 ---
 title: How to use IAM policies using the OVHcloud API
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.en-au.md b/...ount_and_service_management/account_information/iam-policies-api/guide.en-au.md
@@ -1,7 +1,7 @@
 ---
 title: How to use IAM policies using the OVHcloud API
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.en-ca.md b/...ount_and_service_management/account_information/iam-policies-api/guide.en-ca.md
@@ -1,7 +1,7 @@
 ---
 title: How to use IAM policies using the OVHcloud API
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.en-gb.md b/...ount_and_service_management/account_information/iam-policies-api/guide.en-gb.md
@@ -1,7 +1,7 @@
 ---
 title: How to use IAM policies using the OVHcloud API
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,84 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Conditions
+
+It is possible to add conditions to policies. The policy will only be valid if the conditions are met.
+Conditions are added to an access policy in the following form:
+
+```json
+{
+  "operator": "AND",
+  "conditions": [
+    {
+        "operator": "MATCH",
+        "values": {
+            "resource.Tag(environment)": "prod",
+            "resource.Type": "dnsZone"
+      }
+    },
+    {
+      "operator": "NOT",
+      "conditions": [
+        {
+            "operator": "MATCH",
+            "values": {
+                "date(Europe/Paris).WeekDay.IN": "Saturday,Sunday"
+          }
+        }
+      ]
+    }
+  ]
+}
+```
+
+For example, a policy with this condition is valid if the targeted resources are of type **dnsZone** with the tag **"environment:prod"**, except on **Saturday and Sunday** in the Paris time zone.
+
+The operator field specifies how the conditions will be evaluated:
+
+- **AND**: All conditions must be validated
+- **NOT**: None of the conditions must be validated
+- **OR**: At least one condition must be validated
+- **MATCH**: Condition evaluation operator
+
+The available conditions are:
+
+|       Condition        |                         Operator                          | Data Type |            Description             |                   Example                   |
+| :--------------------: | :--------------------------------------------------------: | :--------: | :--------------------------------: | :-----------------------------------------: |
+|  date(location).Date   |               EQ <br>BEFORE <br>AFTER <br>IN               |  YYYY-MM-DD  |  Filter on calendar days   | "date.Date(America/New_York)": "2024-12-25" |
+|  date(location).Hour   | EQ <br>BEFORE <br>AFTER <br>GE <br>LE <br>GT <br>LT <br>IN |     int      |       Filter on hours        |   "date(Europe/Paris).Hour.IN" : "7,8,9"    |
+| date(location).WeekDay | EQ <br>BEFORE <br>AFTER <br>GE <br>LE <br>GT <br>LT <br>IN |    string    | Filter on days of the week | "date(Europe/Berlin).WeekDay.AFTER": "monday" |
+| resource.Tag(tag_key)  |              EQ <br>STARTS_WITH <br>ENDS_WITH              |    string    |        Filter on tags         |      "resource.Tag(environment): "dev"      |
+|     resource.Name      |          EQ <br>IN <br>STARTS_WITH <br>ENDS_WITH           |    string    | Filter on resource names  |     "resource.Name.Start_with": "vps-"      |
+|     resource.Type      |          EQ <br>IN <br>STARTS_WITH <br>ENDS_WITH           |    string    |  Filter on resource types  |      "resource.Type.In": "dnsZone,vps"      |
+|       request.IP       |                   EQ <br>IN <br>IN_RANGE                   |    IP v4     |  Filter on client source IP  |    "request.IP.IN_RANGE": "10.23.0.0/16"    |
+
+Dates use time zones based on [IANA database names](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). If not specified, the date will be evaluated in UTC time zone.
+
+The available operators for condition types are:
+
+- **EQ**: The value must exactly match the specified value
+- **BEFORE** or **LT** (less than): The value must be strictly less than
+- **AFTER** or **GE** (greater or equal): The value must be equal to or greater than
+- **GT** (greater than): The value must be strictly greater than
+- **LE** (less or equal): The value must be equal to or less than
+- **IN**: The value must be included in the list
+- **START_WITH**: The value must start with the specified value
+- **END_WITH**: The value must end with the specified value
+- **IN_RANGE**: The value must be in the specified IP subnet
+
+If not specified, the default operator is **EQ**.
+
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.
@@ -723,4 +801,4 @@ Here is a part of the output:
 
 ## Go further
 
-Join our [community of users](/links/community).
+Join our [community of users](/links/community).
diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.en-ie.md b/...ount_and_service_management/account_information/iam-policies-api/guide.en-ie.md
@@ -1,7 +1,7 @@
 ---
 title: How to use IAM policies using the OVHcloud API
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.en-sg.md b/...ount_and_service_management/account_information/iam-policies-api/guide.en-sg.md
@@ -1,7 +1,7 @@
 ---
 title: How to use IAM policies using the OVHcloud API
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.en-us.md b/...ount_and_service_management/account_information/iam-policies-api/guide.en-us.md
@@ -1,7 +1,7 @@
 ---
 title: How to use IAM policies using the OVHcloud API
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.es-es.md b/...ount_and_service_management/account_information/iam-policies-api/guide.es-es.md
@@ -1,7 +1,7 @@
 ---
 title: "Cómo utilizar las políticas de IAM con la API de OVHcloud (EN)"
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.es-us.md b/...ount_and_service_management/account_information/iam-policies-api/guide.es-us.md
@@ -1,7 +1,7 @@
 ---
 title: "Cómo utilizar las políticas de IAM con la API de OVHcloud (EN)"
 excerpt: "Find out how to give specific access rights to users from an OVHcloud account"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objective
@@ -357,6 +357,16 @@ The available operators for condition types are:
 
 If not specified, the default operator is **EQ**.
 
+#### Policies targeting other OVHcloud customer accounts
+
+Access policies can target other OVHcloud customer accounts.  
+The targeted account of this policy will be able to manage the rights received that way on its own policies, but will never be able to override the rights set on the access policy.
+
+For example, an account **xx1111-ovh** gives rights on `vps:apiovh:ips/*` to account **xx2222-ovh**:  
+Account **xx2222-ovh** will be able to give the right `vps:apiovh:ips/delete` to its own users, but will never be able to grant the right `vps:apiovh:reboot`.
+
+Access to the support will still be reserved to the owner of the resource.
+
 ### Identities
 
 Policies apply to users, which can be accounts, users or user groups.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.fr-ca.md b/...ount_and_service_management/account_information/iam-policies-api/guide.fr-ca.md
@@ -1,7 +1,7 @@
 ---
 title: "Comment utiliser les politiques IAM via l’API OVHcloud"
 excerpt: "Découvrez comment donner des droits d'accès spécifiques aux utilisateurs d'un compte OVHcloud"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objectif
@@ -359,6 +359,16 @@ Les opérateurs disponibles pour les types de conditions sont :
 
 S'il n'est pas précisé, l'opérateur par défaut est **EQ**.
 
+#### Cas des politiques ciblant d'autres comptes clients OVHcloud
+
+Les politiques d'accès peuvent cibler d'autres comptes clients.
+Le compte destinataire de cette politique pourra gérer les droits ainsi reçus dans ses propres politiques d'accès, mais ne pourra jamais outrepasser les droits tels que défini dans la politique d'accès.
+
+Par exemple un compte **xx1111-ovh** donnant des droits `vps:apiovh:ips/*` au compte **xx2222-ovh**.
+Le compte **xx2222-ovh** pourra donner le droit `vps:apiovh:ips/delete` à ses propres utilisateurs, mais ne pourra jamais donner le droit `vps:apiovh:reboot`.
+
+L'accès au support restera réservé au compte propriétaire de la ressource.
+
 ### Identités
 
 Les politiques s'appliquent aux utilisateurs, qui peuvent être des comptes, des utilisateurs ou des groupes d'utilisateurs.

diff --git a/...ount_and_service_management/account_information/iam-policies-api/guide.fr-fr.md b/...ount_and_service_management/account_information/iam-policies-api/guide.fr-fr.md
@@ -1,7 +1,7 @@
 ---
 title: "Comment utiliser les politiques IAM via l’API OVHcloud"
 excerpt: "Découvrez comment donner des droits d'accès spécifiques aux utilisateurs d'un compte OVHcloud"
-updated: 2025-07-17
+updated: 2025-08-18
 ---
 
 ## Objectif
@@ -359,6 +359,16 @@ Les opérateurs disponibles pour les types de conditions sont :
 
 S'il n'est pas précisé, l'opérateur par défaut est **EQ**.
 
+#### Cas des politiques ciblant d'autres comptes clients OVHcloud
+
+Les politiques d'accès peuvent cibler d'autres comptes clients.
+Le compte destinataire de cette politique pourra gérer les droits ainsi reçus dans ses propres politiques d'accès, mais ne pourra jamais outrepasser les droits tels que défini dans la politique d'accès.
+
+Par exemple un compte **xx1111-ovh** donnant des droits `vps:apiovh:ips/*` au compte **xx2222-ovh**.
+Le compte **xx2222-ovh** pourra donner le droit `vps:apiovh:ips/delete` à ses propres utilisateurs, mais ne pourra jamais donner le droit `vps:apiovh:reboot`.
+
+L'accès au support restera réservé au compte propriétaire de la ressource.
+
 ### Identités
 
 Les politiques s'appliquent aux utilisateurs, qui peuvent être des comptes, des utilisateurs ou des groupes d'utilisateurs.