zhangyue
b55201d729
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com> Co-authored-by: zhangyue <zhangyue164@huawei.com> Co-committed-by: zhangyue <zhangyue164@huawei.com>
15 KiB
Configuring an Object Policy
Object policies are applied to the objects in a bucket. With an object policy, you can configure conditions and actions for objects in a bucket.
Procedure
- In the bucket list, click the bucket you want to operate. The Overview page is displayed.
- In the navigation pane, choose Objects.
- On the right of the object to be operated, choose More > Configure Object Policy. The Configure Object Policy dialog box is displayed.
- Select a proper policy mode as required. Valid options are as follows:
- Read-only: The authorized user has the read permission on the object. For follow-up procedure, see 5.
- Read and write: The authorized user has the read and write permissions on the object. For follow-up procedure, see 5.
- Customized: The authorized user has the customized permissions on the object. For detailed configuration, see 6.
You can configure only one object policy at a time.
- For read-only and read and write modes, enter information about the authorized user in the following format and click OK.Figure 1 Parameter settings of an object policy in the read-only or read and write mode
Table 1 Object policy parameters in read-only or read and write mode Parameter
Value
Description
Principal
- Include or Exclude
- Cloud service user, Federated user
- If you select Federated user, you can specify the user to be an Identity provider or a User group.
Indicates the user that the object policy applies to.
- Include: The policy applies to specified users.
- Exclude: The policy applies to users except the specified ones.
Resources
Include or Exclude
Resources on which the object policy takes effect.
- Include: The bucket policy applies to specified OBS resources.
- Exclude: The bucket policy applies to OBS resources except the specified ones.
- For the customized mode, set parameters based on the site requirements and click OK.Figure 2 Parameter settings of an object policy in the customized mode
Table 2 Object policy parameters in the custom mode Parameter
Value
Description
Effect
Allow or Deny
Effect of the object policy.
- Allow: The policy allows the matched requests.
- Deny: The policy denies the matched requests.
Principal
- Include or Exclude
- Cloud service user, Federated user
- If you select Federated user, you can specify the user to be an Identity provider or a User group.
Specifies users on whom this object policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication.
- Include: The policy applies to specified users.
- Exclude: The policy applies to users except the specified ones.
Resources
- Include or Exclude
Resources on which the object policy takes effect.
- Include: The bucket policy applies to specified OBS resources.
- Exclude: The bucket policy applies to OBS resources except the specified ones.
Actions
- Include or Exclude
- For details about the actions, see Actions Related to Objects.
Operation stated in the object policy.
- Include: The bucket policy applies to specified actions.
- Exclude: The bucket policy applies to actions except the specified ones.
Conditions
Condition for an object policy to take effect.
- Click OK.
After the object policy is configured successfully, it is displayed in the list under Custom Bucket Policies in the Bucket Policies tab on the Permissions page.