File: //usr/share/doc/awscli/examples/iotsitewise/create-access-policy.rst
**Example 1: To grant a user administrative access to a portal**
The following ``create-access-policy`` example creates an access policy that grants a user administrative access to a web portal for a wind farm company. ::
    aws iotsitewise create-access-policy \
        --cli-input-json file://create-portal-administrator-access-policy.json
Contents of ``create-portal-administrator-access-policy.json``::
    {
        "accessPolicyIdentity": {
            "user": { 
                "id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
            }
        },
        "accessPolicyPermission": "ADMINISTRATOR",
        "accessPolicyResource": { 
            "portal": { 
                "id": "a1b2c3d4-5678-90ab-cdef-aaaaaEXAMPLE"
            }
        }
    }
Output::
    {
        "accessPolicyId": "a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE",
        "accessPolicyArn": "arn:aws:iotsitewise:us-west-2:123456789012:access-policy/a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE"
    }
For more information, see `Adding or removing portal administrators <https://docs.aws.amazon.com/iot-sitewise/latest/userguide/administer-portals.html#portal-change-admins>`__ in the *AWS IoT SiteWise User Guide*.
**Example 2: To grant a user read-only access to a project**
The following ``create-access-policy`` example creates an access policy that grants a user read-only access to a wind farm project. ::
    aws iotsitewise create-access-policy \
        --cli-input-json file://create-project-viewer-access-policy.json
Contents of ``create-project-viewer-access-policy.json``::
    {
        "accessPolicyIdentity": {
            "user": { 
                "id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
            }
        },
        "accessPolicyPermission": "VIEWER",
        "accessPolicyResource": { 
            "project": { 
                "id": "a1b2c3d4-5678-90ab-cdef-eeeeeEXAMPLE"
            }
        }
    }
Output::
    {
        "accessPolicyId": "a1b2c3d4-5678-90ab-cdef-dddddEXAMPLE",
        "accessPolicyArn": "arn:aws:iotsitewise:us-west-2:123456789012:access-policy/a1b2c3d4-5678-90ab-cdef-dddddEXAMPLE"
    }
For more information, see `Assigning project viewers <https://docs.aws.amazon.com/iot-sitewise/latest/appguide/assign-project-viewers.html>`__ in the *AWS IoT SiteWise Monitor Application Guide*.