Hasko, Vladimir 342f52c5ae recreating obs_umn_0414 PR due to bug in gitea

Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-committed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>

2023-05-03 14:54:25 +00:00

2.2 KiB

Raw Permalink Blame History

Effect

A bucket policy can either allow or deny the access requests that match the configuration.

Allow: The policy allows the matched requests.
Deny: The policy denies the matched requests.

When a bucket policy contains both the allow and deny effects, the deny effect prevails. The following figure shows the judgment process.

Figure 1 Determining a bucket policy when the allow and deny statements conflict

A user initiates an access request.
OBS preferentially searches for deny (explicit deny) effects from bucket policies. If a deny statement is found, OBS directly rejects the access. The access request ends.
If there is no deny statement, OBS searches for allow statements.
- If an allow statement is found, OBS allows the access.
- If no allow statement is found, OBS rejects the access. The access request ends.
If an error occurs during the judgment, an error message is generated and returned to the user who initiates the access request.

Parent topic: Bucket Policy Parameters

2.2 KiB Raw Permalink Blame History

Effect

2.2 KiB

Raw Permalink Blame History