vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/tool/obs_03_1055.html
zhangyue a6723418da OBS TOOL DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2023-07-31 14:32:59 +00:00

131 lines
14 KiB
HTML
Raw Blame History

<a name="obs_03_1055"></a><a name="obs_03_1055"></a>
<h1 class="topictitle1">Configuring a Bucket Policy</h1>
<div id="body0000001242746621"><p class="MsoNormal" id="obs_03_1055__en-us_topic_0045829128_p13211630">Bucket policies define the access control over resources (buckets and objects) in OBS.</p>
<div class="section" id="obs_03_1055__section14616183715517"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_1055__en-us_topic_0045829128_ol30995332"><li id="obs_03_1055__en-us_topic_0045829128_li10522538"><span>Log in to OBS Browser+.</span></li><li id="obs_03_1055__en-us_topic_0045829128_li27593978"><span>Select the bucket you want and choose <strong id="obs_03_1055__en-us_topic_0068417483_en-us_topic_0045853707_b60411613">More</strong> &gt; <strong id="obs_03_1055__en-us_topic_0068417483_en-us_topic_0045853707_b6833610">Bucket Policy</strong>. The window shown in <a href="#obs_03_1055__fig11715141135020">Figure 1</a> is displayed.</span><p><div class="fignone" id="obs_03_1055__fig11715141135020"><a name="obs_03_1055__fig11715141135020"></a><a name="fig11715141135020"></a><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span></div>
<p id="obs_03_1055__p16131141516111"></p>
<p id="obs_03_1055__p952019287557"></p>
<p id="obs_03_1055__p2052213284551"><span><img id="obs_03_1055__image45081510104512" src="en-us_image_0000001223105312.png" title="Click to enlarge" class="imgResize"></span></p>
</p></li><li id="obs_03_1055__en-us_topic_0045829128_li51487255"><span>Enter a bucket policy in the following format.</span><p><ol type="a" id="obs_03_1055__en-us_topic_0045829128_ol31479218164712"><li id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_li31742755163425">Grant permissions to an account. In the following example, the account (whose account ID is <strong id="obs_03_1055__ac5314e0496754a23947fd1cfb80dc349">783fc6652cf246c096ea836694f71855</strong>) is granted the permission required to obtain the log management information about bucket <strong id="obs_03_1055__ae6c680df909b4e49b05fac0937d6b7ba">logging.bucket3</strong>.<pre class="screen" id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_screen13683857">{
"Statement": [
{
"Sid": "testing",
"Effect": "Allow",
"Principal": {
"ID": [
"domain/783fc6652cf246c096ea836694f71855:user/*"
]
},
"Action": [
"GetBucketLogging"
],
"Resource": [
"logging.bucket3"
]
}
]
}</pre>
<div class="p" id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p56950705162550"><a href="#obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_table11962936162855">Table 1</a> describes the parameters that you need to manually modify in the example above:
<div class="tablenoborder"><a name="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_table11962936162855"></a><a name="en-us_topic_0045829128_en-us_topic_0045829071_table11962936162855"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_table11962936162855" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter changes</caption><thead align="left"><tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row36955607162855"><th align="left" class="cellrowborder" valign="top" width="37.45%" id="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.1"><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p29983359162855">Item to Modify</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="62.55%" id="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.2"><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p12733004162855">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row47488174162855"><td class="cellrowborder" valign="top" width="37.45%" headers="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p21336879162855"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b16608069162931">GetBucketLogging</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.55%" headers="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.2 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p50565604162855">Value of the <strong id="obs_03_1055__b3218103015257">Action</strong> field that indicates all OBS-supported actions in the policy. The value is a case-insensitive string. The value can contain a wildcard character (*), for example, <strong id="obs_03_1055__b18514201163815">"Action":["List*", "Get*"]</strong>, to apply all actions to the resources. You need to change the value as needed. </p>
</td>
</tr>
<tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row52437253162855"><td class="cellrowborder" valign="top" width="37.45%" headers="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p19559140162855"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b10228182162953">Allow</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.55%" headers="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.2 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p40786540162855">Value of the <strong id="obs_03_1055__a09055935f8a441f291ea5e023cacedcc">Effect</strong> field that indicates whether the permission in the policy is allowed or denied. The value must be <strong id="obs_03_1055__b833201139114024">Allow</strong> or <strong id="obs_03_1055__b134108389114024">Deny</strong>.</p>
</td>
</tr>
<tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row31534542162855"><td class="cellrowborder" valign="top" width="37.45%" headers="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p4161125162855"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b51538569162959">logging.bucket3</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.55%" headers="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.2 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p1506873162855">The bucket on which the policy works. You can change the bucket name as needed.</p>
</td>
</tr>
<tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row13561861162855"><td class="cellrowborder" valign="top" width="37.45%" headers="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p24768958162855"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b33593330163135">783fc6652cf246c096ea836694f71855</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.55%" headers="mcps1.3.2.2.3.2.1.1.4.2.2.3.1.2 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p60128616162855">ID of an account. You can change it as needed. You can obtain the account ID on the bucket's <strong id="obs_03_1055__b2502171717438">Basic Information</strong> page.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</li><li class="MsoNormal" id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_li4189680916360">Grant permissions to an IAM user. In the following example, the user (whose ID is <strong id="obs_03_1055__a12bba4dd094d43e5aea44fa36157bec5">71f3901173514e6988115ea2c26d1999</strong>) under the account (whose ID is <strong id="obs_03_1055__abdcf270b72c6476ea3230164da58fa50">219d520ceac84c5a98b237431a2cf4c2</strong>) is assigned the permission required to set log management for bucket <strong id="obs_03_1055__afe9803a3fae042f88c8b692f2050125b">logging.bucket3</strong>.<pre class="screen" id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_screen21035296">{
"Statement": [
{
"Sid": "testing",
"Effect": "Allow",
"Principal": {
"ID": [
"domain/<strong id="obs_03_1055__b1790513375713">219d520ceac84c5a98b237431a2cf4c2</strong>:user/<strong id="obs_03_1055__b107010416717">71f3901173514e6988115ea2c26d1999</strong>"
]
},
"Action": [
"<strong id="obs_03_1055__b193301692082">PutBucketLogging</strong>"
],
"Resource": [
"logging.bucket3"
]
}
]
}</pre>
<div class="p" id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p43977741163643"><a href="#obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_table60255350163643">Table 2</a> describes the parameters that you need to manually modify in the example above:
<div class="tablenoborder"><a name="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_table60255350163643"></a><a name="en-us_topic_0045829128_en-us_topic_0045829071_table60255350163643"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_table60255350163643" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter changes</caption><thead align="left"><tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row40427320163643"><th align="left" class="cellrowborder" valign="top" width="37.97%" id="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.1"><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p53387517163643">Item to Modify</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="62.029999999999994%" id="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.2"><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p29421643163643">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row34342857163643"><td class="cellrowborder" valign="top" width="37.97%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p30307999163643"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b8594032163654">PutBucketLogging</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.029999999999994%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.2 "><p id="obs_03_1055__p99321537180">Value of the <strong id="obs_03_1055__b12606161764519">Action</strong> field that indicates all OBS-supported actions in the policy. The value is a case-insensitive string. The value can contain a wildcard character (*), for example, <strong id="obs_03_1055__b1919502394516">"Action":["List*", "Get*"]</strong>, to apply all actions to the resources. You need to change the value as needed. </p>
</td>
</tr>
<tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row7220597163643"><td class="cellrowborder" valign="top" width="37.97%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p47997509163643"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b29324403163643">Allow</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.029999999999994%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.2 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p26466431163643">Value of the <strong id="obs_03_1055__b62951556466">Effect</strong> field that indicates whether the permission in the policy is allowed or denied. The value must be <strong id="obs_03_1055__b0296205515468">Allow</strong> or <strong id="obs_03_1055__b2029614554468">Deny</strong>.</p>
</td>
</tr>
<tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row36871287163643"><td class="cellrowborder" valign="top" width="37.97%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p33784232163643"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b35622635163643">logging.bucket3</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.029999999999994%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.2 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p66861212163643">The bucket on which the policy works. You can change the bucket name as needed.</p>
</td>
</tr>
<tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row64880004163643"><td class="cellrowborder" valign="top" width="37.97%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p20788991163643"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b22033683163827">219d520ceac84c5a98b237431a2cf4c2</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.029999999999994%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.2 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p55680507163643">ID of an account. You can change it as needed. You can click <span><img id="obs_03_1055__image1225494313811" src="en-us_image_0000001398402429.png" title="Click to enlarge" class="imgResize"></span> next to the target bucket to obtain the <strong id="obs_03_1055__b761892610487">Account ID</strong> on the <strong id="obs_03_1055__b7226642144810">Basic Information</strong> page.</p>
</td>
</tr>
<tr id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_row5932862616388"><td class="cellrowborder" valign="top" width="37.97%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.1 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p4088944116388"><strong id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_b36735610163838">71f3901173514e6988115ea2c26d1999</strong></p>
</td>
<td class="cellrowborder" valign="top" width="62.029999999999994%" headers="mcps1.3.2.2.3.2.1.2.5.2.2.3.1.2 "><p id="obs_03_1055__en-us_topic_0045829128_en-us_topic_0045829071_p2371045716388">ID of a user under the account. You can change it as needed. You can choose <strong id="obs_03_1055__b1988857824114016">My Credentials</strong> from the username in the upper right corner of OBS Console to obtain the <strong id="obs_03_1055__b20698481524">IAM User ID</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</li></ol>
<p class="MsoNormal" id="obs_03_1055__en-us_topic_0045829128_p49181932">For details about the fields in a bucket policy, see <a href="https://docs.otc.t-systems.com/object-storage-service/permissions-configuration-guide/permission_control_mechanisms/bucket_policies.html#bucket-policy-overview" target="_blank" rel="noopener noreferrer">Bucket Policy Overview</a>.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_1053.html">Bucket Policies</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink