Configuring an Object Policy

Procedure

1. In the bucket list, click the bucket you want to operate. The Overview page of the bucket is displayed.
2. In the navigation pane, choose Objects.
3. On the right of the object to be operated, choose More > Configure Object Policy. The Configure Object Policy dialog box is displayed.
4. Select a proper policy mode as required. Valid options are as follows:
   • Read-only mode: The authorized user has the read permission to the object. For follow-up procedure, see 5.
   • Read and write mode: The authorized user has the read and write permissions to the object. For follow-up procedure, see 5.
   • Customized: The authorized user will be granted with customized permissions to the object. For detailed configuration, see 6.
   

   You can configure only one object policy at a time.

5. For read-only and read and write modes, enter information about the authorized user in the following format and click OK.
   Figure 1 Parameter settings of an object policy in the read-only or read and write mode
   

   Table 1 Object policy parameters in read-only or read and write mode

   Parameter	Value	Description
   Principal	Include or Exclude Cloud service user, Federated user If you select Federated user, you can specify the user to be an Identity provider or a User group.	Indicates the user that the object policy applies to. Include: The policy takes effect on specified users. Exclude: The policy takes effect on all users except the specified ones.
   Resources	Include or Exclude	Resources on which the object policy takes effect. Include: The policy takes effect on specified OBS resources. Exclude: The policy takes effect on all OBS resources except the specified ones.

6. For the customized mode, set parameters based on the site requirements and click OK.
   Figure 2 Parameter settings of an object policy in the customized mode
   

   Table 2 Object policy parameters in the custom mode

   Parameter	Value	Description
   Effect	Allow or Deny	Effect of the object policy. Allow: The policy allows the matched requests. Deny: The policy denies the matched requests.
   Principal	Include or Exclude Cloud service user, Federated user If you select Federated user, you can specify the user to be an Identity provider or a User group.	Specifies users on whom this object policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication. Include: The policy takes effect on specified users. Exclude: The policy takes effect on all users except the specified ones.
   Resources	Include or Exclude	Resources on which the object policy takes effect. Include: The policy takes effect on specified OBS resources. Exclude: The policy takes effect on all OBS resources except the specified ones.
   Actions	Include or Exclude For details about the actions, see Actions Related to Objects.	Operation stated in the object policy. Include: The policy takes effect on specified actions. Exclude: The policy takes effect on all actions except the specified ones.
   Conditions	Condition Operator: For details, see Table 1. Key: For details, see Table 2 and Table 4. Value: The entered value is associated with the key.	Condition for an object policy to take effect.

7. Click OK.

   After the object policy is configured successfully, it is displayed in the list under Custom Bucket Policies.