liangxiaobi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0123.html
zhangyue 7492b7b30f OBS UMN doc 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2023-02-27 19:04:41 +00:00

118 lines
18 KiB
HTML
Raw Blame History

<a name="obs_03_0123"></a><a name="obs_03_0123"></a>
<h1 class="topictitle1">Configuring a Custom Bucket Policy (Common Mode)</h1>
<div id="body1499753333226"><p class="MsoNormal" id="obs_03_0123__p398813105457">If you want to grant special permissions to specific users, you can configure custom bucket policies. If a standard bucket policy conflicts with a custom bucket policy, the authorization priority is given to the custom bucket policy and then the standard bucket policy.</p>
<p class="MsoNormal" id="obs_03_0123__p3712241">This topic describes how to configure a custom bucket policy in common mode (GUI).</p>
<div class="section" id="obs_03_0123__section1761505716442"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0123__ol2431779016442"><li id="obs_03_0123__li99821455306"><span>In the bucket list, click the bucket you want to operate. The <strong id="obs_03_0123__obs_03_0307_b1395123914108">Overview</strong> page of the bucket is displayed.</span></li><li id="obs_03_0123__li13508181724617"><span>In the navigation pane on the left, click <strong id="obs_03_0123__obs_03_0142_b63882047163712">Permissions</strong> to go to the permission management page.</span></li><li id="obs_03_0123__li1568715376490"><span>On the <strong id="obs_03_0123__b25185174103">Bucket Policies</strong> tab page, configure a custom bucket policy according to your needs.</span><p><p id="obs_03_0123__p173901896189">On the right of <strong id="obs_03_0123__b9368111971014">Custom Bucket Policies</strong>, select <strong id="obs_03_0123__b536961911101">Common mode</strong> to configure the policy in the GUI mode.</p>
</p></li><li id="obs_03_0123__li1948691455110"><span>Click <strong id="obs_03_0123__b19810858145319">Create Bucket Policy</strong>. Select a proper policy mode as required. Valid values are as follows:</span><p><ul id="obs_03_0123__ul6489914125113"><li id="obs_03_0123__li194921514175111"><strong id="obs_03_0123__b125231032193417">Read-only</strong>: The authorized user will be granted with the read permission on the bucket and objects. For subsequent operations, see <a href="#obs_03_0123__li3552175452220">5</a>.</li><li id="obs_03_0123__li1949713143512"><strong id="obs_03_0123__b8639102763418">Read and write</strong>: The authorized user will be granted with read and write permissions on the bucket and objects. For subsequent operations, see <a href="#obs_03_0123__li3552175452220">5</a>.</li><li id="obs_03_0123__li17501101418511"><strong id="obs_03_0123__b15554073410">Customized</strong>: The authorized user will be granted with customized permissions on the bucket and objects. For detailed configuration, see <a href="#obs_03_0123__li588503161565">6</a>.</li></ul>
<div class="note" id="obs_03_0123__note650419148512"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0123__p20506131415113">Only one bucket policy mode can be configured at a time.</p>
</div></div>
</p></li><li id="obs_03_0123__li3552175452220"><a name="obs_03_0123__li3552175452220"></a><a name="li3552175452220"></a><span>For the read-only and read and write modes, enter information about the authorized user in the following format and click <strong id="obs_03_0123__b1816403753815">OK</strong>.</span><p><div class="fignone" id="obs_03_0123__fig3744459165110"><span class="figcap"><b>Figure 1 </b>Parameter settings of a custom bucket policy in the read-only or read and write mode</span><br><span><img id="obs_03_0123__image197441359115115" src="en-us_image_0189170143.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0123__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters in bucket policies</caption><thead align="left"><tr id="obs_03_0123__row27504174239"><th align="left" class="cellrowborder" valign="top" width="15.151515151515152%" id="mcps1.3.3.2.5.2.2.2.4.1.1"><p id="obs_03_0123__p107559176234">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="37.37373737373738%" id="mcps1.3.3.2.5.2.2.2.4.1.2"><p id="obs_03_0123__p37601517192320">Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="47.474747474747474%" id="mcps1.3.3.2.5.2.2.2.4.1.3"><p id="obs_03_0123__p1976317170239">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0123__row8783617122317"><td class="cellrowborder" valign="top" width="15.151515151515152%" headers="mcps1.3.3.2.5.2.2.2.4.1.1 "><p id="obs_03_0123__p478519172231">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="37.37373737373738%" headers="mcps1.3.3.2.5.2.2.2.4.1.2 "><ul id="obs_03_0123__ul278810179232"><li id="obs_03_0123__li1578941718233"><strong id="obs_03_0123__b8700129123916">Include</strong> or <strong id="obs_03_0123__b13701149143915">Exclude</strong></li><li id="obs_03_0123__li14773155954215"><strong id="obs_03_0123__b20217128143219">Cloud service user</strong>, <strong id="obs_03_0123__b3946133123218">Federated user</strong><ul id="obs_03_0123__ul15575185754819"><li id="obs_03_0123__li162698114912">If you select <strong id="obs_03_0123__b1719003851715">Cloud service user</strong>, you can specify the user to be the <strong id="obs_03_0123__b13691182461815">Current account</strong> or <strong id="obs_03_0123__b811012284185">Other account</strong>.<p id="obs_03_0123__p6813111014299">If you select <strong id="obs_03_0123__b19285104818530">Other account</strong>, enter the account ID, which is the <strong id="obs_03_0123__b1854913415546">Domain ID</strong> on the <strong id="obs_03_0123__b314165115542">My Credential</strong> page.</p>
</li><li id="obs_03_0123__li869675384816">If you select <strong id="obs_03_0123__b10799136191814">Federated user</strong>, you can specify the user to be an <strong id="obs_03_0123__b14629912194">Identity provider</strong> or a <strong id="obs_03_0123__b1312311791912">User group</strong>.</li></ul>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="47.474747474747474%" headers="mcps1.3.3.2.5.2.2.2.4.1.3 "><p id="obs_03_0123__p19808171717235">Specifies users on whom this bucket policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication.</p>
<ul id="obs_03_0123__ul20673512167"><li id="obs_03_0123__li9670511619"><strong id="obs_03_0123__b1104616143714">Include</strong>: Specifies the user on whom the bucket policy statement takes effect.</li><li id="obs_03_0123__li479685931620"><strong id="obs_03_0123__b970317196371">Exclude</strong>: Specifies that on all users except the specified user the bucket policy statement takes effect.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row081741752319"><td class="cellrowborder" valign="top" width="15.151515151515152%" headers="mcps1.3.3.2.5.2.2.2.4.1.1 "><p id="obs_03_0123__p15821617102320">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="37.37373737373738%" headers="mcps1.3.3.2.5.2.2.2.4.1.2 "><ul id="obs_03_0123__ul2824151742319"><li id="obs_03_0123__li282651720239"><strong id="obs_03_0123__b41985308397">Include</strong> or <strong id="obs_03_0123__b111991430193912">Exclude</strong></li><li id="obs_03_0123__li1482910177236">Input format: <p id="obs_03_0123__p12830717162315"><a name="obs_03_0123__li1482910177236"></a><a name="li1482910177236"></a>Object: <em id="obs_03_0123__i1428683216397">object name</em></p>
<p id="obs_03_0123__p68341917112319">Object set: <em id="obs_03_0123__i847916338396">object name prefix*</em>, <em id="obs_03_0123__i1848013313917">*object name suffix</em>, or *</p>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="47.474747474747474%" headers="mcps1.3.3.2.5.2.2.2.4.1.3 "><p id="obs_03_0123__p2084119170234">Indicates the resource that a bucket policy applies to. With the read-only mode and read and write mode, the policy can only apply to objects.</p>
<ul id="obs_03_0123__ul7274173411710"><li id="obs_03_0123__li7274634171715"><strong id="obs_03_0123__b24951819019">Include</strong>: Specifies the OBS resources on which the bucket policy statement takes effect.</li><li id="obs_03_0123__li260555313171"><strong id="obs_03_0123__b172155361308">Exclude</strong>: Specifies that on all OBS resources except the specified ones the bucket policy statement takes effect.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0123__li588503161565"><a name="obs_03_0123__li588503161565"></a><a name="li588503161565"></a><span>For the customized mode, set parameters based on the site requirements and click <strong id="obs_03_0123__b15327583219">OK</strong>.</span><p><div class="fignone" id="obs_03_0123__fig53211555145821"><span class="figcap"><b>Figure 2 </b>Parameter settings of a custom bucket policy in the customized mode</span><br><span><img id="obs_03_0123__image776514418538" src="en-us_image_0132032277.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="p" id="obs_03_0123__p520275017208"><a href="#obs_03_0123__table25824246144542">Table 2</a> lists the meaning of each parameter.
<div class="tablenoborder"><a name="obs_03_0123__table25824246144542"></a><a name="table25824246144542"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0123__table25824246144542" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters in bucket policies</caption><thead align="left"><tr id="obs_03_0123__row20874365144542"><th align="left" class="cellrowborder" valign="top" width="20.202020202020204%" id="mcps1.3.3.2.6.2.2.2.2.4.1.1"><p id="obs_03_0123__p13102027144542">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="34.343434343434346%" id="mcps1.3.3.2.6.2.2.2.2.4.1.2"><p id="obs_03_0123__p171671754714">Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="45.45454545454546%" id="mcps1.3.3.2.6.2.2.2.2.4.1.3"><p id="obs_03_0123__p54631241144542">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0123__row10774617144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p328816144542">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><p id="obs_03_0123__p616717174717"><strong id="obs_03_0123__b97561137113311">Allow</strong> or <strong id="obs_03_0123__b135788406338">Deny</strong></p>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p04354171543">Effect of a bucket policy.</p>
<ul id="obs_03_0123__ul1835191314190"><li id="obs_03_0123__li159861027191911"><strong id="obs_03_0123__b1391852611270">Allow</strong>: Indicates access requests are allowed, if they match the configurations of this bucket policy.</li><li id="obs_03_0123__li18986102701916"><strong id="obs_03_0123__b1037794816276">Deny</strong>: Indicates access requests are denied, if they match the configurations of this bucket policy.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row46881427144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p39299241144542">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><ul id="obs_03_0123__ul19561211185417"><li id="obs_03_0123__li7956181185413"><strong id="obs_03_0123__b830025419431">Include</strong> or <strong id="obs_03_0123__b030075414316">Exclude</strong></li><li id="obs_03_0123__li4287125223917"><strong id="obs_03_0123__b19619115514331">Cloud service user</strong>, <strong id="obs_03_0123__b1769811573338">Federated user</strong><ul id="obs_03_0123__ul3534111145812"><li id="obs_03_0123__li762319816581">If you select <strong id="obs_03_0123__b12105540112018">Cloud service user</strong>, you can specify the user to be the <strong id="obs_03_0123__b15106124020204">Current account</strong> or <strong id="obs_03_0123__b19107540182019">Other account</strong>.<p id="obs_03_0123__p27327479313">If you select <strong id="obs_03_0123__b22846587544">Other account</strong>, enter the account ID, which is the <strong id="obs_03_0123__b429005865414">Domain ID</strong> on the <strong id="obs_03_0123__b1529085812541">My Credential</strong> page.</p>
</li><li id="obs_03_0123__li8623685589">If you select <strong id="obs_03_0123__b11332843172011">Federated user</strong>, you can specify the user to be an <strong id="obs_03_0123__b18332134322012">Identity provider</strong> or a <strong id="obs_03_0123__b1133313438201">User group</strong>.</li></ul>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p243601717416">Specifies users on whom this bucket policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication.</p>
<ul id="obs_03_0123__ul101874512014"><li id="obs_03_0123__li121871259206"><strong id="obs_03_0123__b5139722814">Include</strong>: Specifies the user on whom the bucket policy statement takes effect.</li><li id="obs_03_0123__li61876510206"><strong id="obs_03_0123__b148526316218">Exclude</strong>: Specifies that on all users except the specified user the bucket policy takes effect.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row26311294144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p50840088144542">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><ul id="obs_03_0123__ul151711055754"><li id="obs_03_0123__li151719551252"><strong id="obs_03_0123__b260811154416">Include</strong> or <strong id="obs_03_0123__b1661019115446">Exclude</strong></li><li id="obs_03_0123__li2764195612517">Resource input format:<p id="obs_03_0123__p13659113718819"><a name="obs_03_0123__li2764195612517"></a><a name="li2764195612517"></a>Object: <em id="obs_03_0123__i135851314448">object name</em></p>
<p id="obs_03_0123__p47531246786">Object set: <em id="obs_03_0123__i193453404413">object name prefix*</em>, <em id="obs_03_0123__i93461441445">*object name suffix</em>, or *</p>
<p id="obs_03_0123__p484811521683">Blank: Indicates that the resource is the entire bucket.</p>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p144361117943">Indicates the resource that a bucket policy applies to.</p>
<ul id="obs_03_0123__ul1243923162015"><li id="obs_03_0123__li114312316201"><strong id="obs_03_0123__b865918341216">Include</strong>: Specifies the OBS resources on which the bucket policy statement takes effect.</li><li id="obs_03_0123__li1943152318208"><strong id="obs_03_0123__b944620361117">Exclude</strong>: Specifies that on all OBS resources except the specified ones the bucket policy statement takes effect.</li></ul>
<p id="obs_03_0123__p24361917944">Relationship between resource types and actions:</p>
<ul id="obs_03_0123__ul1943618171341"><li id="obs_03_0123__li94361117243">When a resource is an object or an object set, only the actions related to the object can be configured.</li><li id="obs_03_0123__li144361817143">When the resource is a bucket, only the actions related to the bucket can be configured.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row461371117754"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p420595051780">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><ul id="obs_03_0123__ul732518295298"><li id="obs_03_0123__li93251529122910"><strong id="obs_03_0123__b2283202443">Include</strong> or <strong id="obs_03_0123__b1929620114413">Exclude</strong></li><li id="obs_03_0123__li17137153782916">For details, see <a href="obs_03_0051.html">Actions</a>.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p114369173413">Operations stated in the bucket policy.</p>
<ul id="obs_03_0123__ul172495822013"><li id="obs_03_0123__li7724458102010"><strong id="obs_03_0123__b6426853183718">Include</strong>: Specifies the actions on which the bucket policy takes effect.</li><li id="obs_03_0123__li47248585207"><strong id="obs_03_0123__b10431155616372">Exclude</strong>: Specifies that on all actions except the specified ones the bucket policy takes effect.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row8998688144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p57805116144542">Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><ul id="obs_03_0123__ul63480483323"><li id="obs_03_0123__li23489486327"><strong id="obs_03_0123__b565952605214">Conditional Operator</strong>: For details, see <a href="obs_03_0120.html#obs_03_0120__table16670126115713">Table 1</a>.</li><li id="obs_03_0123__li152711612153317"><strong id="obs_03_0123__b10899632135318">Key</strong>: For details, see <a href="obs_03_0120.html#obs_03_0120__table6707152645718">Table 2</a>, <a href="obs_03_0120.html#obs_03_0120__table1972610267573">Table 3</a>, and <a href="obs_03_0120.html#obs_03_0120__table14742526145718">Table 4</a>.</li><li id="obs_03_0123__li4956132193516"><strong id="obs_03_0123__b142352724416">Value</strong>: The entered value is associated with the key.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p34365171045">Conditions for the policy statement to take effect.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0045853584.html">Configuring a Bucket Policy</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink