Jawei, Li 43ab92496d OBS UMN 2.0.38.SP5

Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: Jawei, Li <lijiawei5@huawei.com>
Co-committed-by: Jawei, Li <lijiawei5@huawei.com>

2022-11-07 09:41:09 +00:00

18 KiB

Raw Permalink Blame History

Configuring a Custom Bucket Policy (Common Mode)

If you want to grant special permissions to specific users, you can configure custom bucket policies. If a standard bucket policy conflicts with a custom bucket policy, the authorization priority is given to the custom bucket policy and then the standard bucket policy.

This topic describes how to configure a custom bucket policy in common mode (GUI).

Procedure

In the bucket list, click the bucket to be operated. The Overview page of the bucket is displayed.
In the navigation pane on the left, click Permissions to go to the permission management page.
On the Bucket Policies tab page, configure a custom bucket policy according to your needs.
On the right of Custom Bucket Policies, select Common mode to configure the policy in the GUI mode.
Click Create Bucket Policy. Select a proper policy mode as required. Valid values are as follows:
- Read-only: The authorized user will be granted with the read permission on the bucket and objects. For subsequent operations, see 5.
- Read and write: The authorized user will be granted with read and write permissions on the bucket and objects. For subsequent operations, see 5.
- Customized: The authorized user will be granted with customized permissions on the bucket and objects. For detailed configuration, see 6.
Only one bucket policy mode can be configured at a time.

For the read-only and read and write modes, enter information about the authorized user in the following format and click OK.

Figure 1 Parameter settings of a custom bucket policy in the read-only or read and write mode

**Table 1** Parameters in bucket policies
Parameter	Value	Description
Principal	Include or Exclude Cloud service user, Federated user If you select Cloud service user, you can specify the user to be the Current account or Other account. If you select Other account, enter the account ID, which is the Domain ID on the My Credential page. If you select Federated user, you can specify the user to be an Identity provider or a User group.	Specifies users on whom this bucket policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication. Include: Specifies the user on whom the bucket policy statement takes effect. Exclude: Specifies that on all users except the specified user the bucket policy statement takes effect.
Resources	Include or Exclude Input format: Object: object name Object set: object name prefix, object name suffix, or *	Indicates the resource that a bucket policy applies to. With the read-only mode and read and write mode, the policy can only apply to objects. Include: Specifies the OBS resources on which the bucket policy statement takes effect. Exclude: Specifies that on all OBS resources except the specified ones the bucket policy statement takes effect.

For the customized mode, set parameters based on the site requirements and click OK.

Figure 2 Parameter settings of a custom bucket policy in the customized mode

Table 2 lists the meaning of each parameter.

**Table 2** Parameters in bucket policies
Parameter	Value	Description
Effect	Allow or Deny	Effect of a bucket policy. Allow: Indicates access requests are allowed, if they match the configurations of this bucket policy. Deny: Indicates access requests are denied, if they match the configurations of this bucket policy.
Principal	Include or Exclude Cloud service user, Federated user If you select Cloud service user, you can specify the user to be the Current account or Other account. If you select Other account, enter the account ID, which is the Domain ID on the My Credential page. If you select Federated user, you can specify the user to be an Identity provider or a User group.	Specifies users on whom this bucket policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication. Include: Specifies the user on whom the bucket policy statement takes effect. Exclude: Specifies that on all users except the specified user the bucket policy statement takes effect.
Resources	Include or Exclude Resource input format: Object: object name Object set: object name prefix, object name suffix, or * Blank: Indicates that the resource is the entire bucket.	Indicates the resource that a bucket policy applies to. Include: Specifies the OBS resources on which the bucket policy statement takes effect. Exclude: Specifies that on all OBS resources except the specified ones the bucket policy statement takes effect. Relationship between resource types and actions: When a resource is an object or an object set, only the actions related to the object can be configured. When the resource is a bucket, only the actions related to the bucket can be configured.
Actions	Include or Exclude For details, see Actions.	Operations stated in the bucket policy. Include: Specifies the actions on which the bucket policy takes effect. Exclude: Specifies that on all actions except the specified ones the bucket policy takes effect.
Conditions	Conditional Operator: For details, see Table 1. Key: For details, see Table 2, Table 3, and Table 4. Value: The entered value is associated with the key.	Conditions for the policy statement to take effect.

Parent topic: Configuring a Bucket Policy

18 KiB Raw Permalink Blame History

Configuring a Custom Bucket Policy (Common Mode)

Procedure

18 KiB

Raw Permalink Blame History