# Identity-based policy examples for Amazon WorkSpaces Secure Browser
<a name="security_iam_id-based-policy-examples"></a>

By default, users and roles don't have permission to create or modify WorkSpaces Secure Browser resources. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies.

To learn how to create an IAM identity-based policy by using these example JSON policy documents, see [Create IAM policies (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html) in the *IAM User Guide*.

For details about actions and resource types defined by WorkSpaces Secure Browser, including the format of the ARNs for each of the resource types, see [Actions, resources, and condition keys for Amazon WorkSpaces Secure Browser](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonworkspacesweb.html) in the *Service Authorization Reference*.

**Topics**
+ [Identity-based policy best practices for Amazon WorkSpaces Secure Browser](security_iam_service-with-iam-policy-best-practices.md)
+ [Using the Amazon WorkSpaces Secure Browser console](security_iam_id-based-policy-examples-console.md)
+ [Allowing users to view their own permissions for Amazon WorkSpaces Secure Browser](security_iam_id-based-policy-examples-view-own-permissions.md)