vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0075.html
zhangyue b55201d729 OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-03-18 15:39:30 +00:00

107 lines
15 KiB
HTML
Raw Blame History

<a name="obs_03_0075"></a><a name="obs_03_0075"></a>
<h1 class="topictitle1">Configuring an Object Policy</h1>
<div id="body1557123327164"><p id="obs_03_0075__p18416184972615">Object policies are applied to the objects in a bucket. With an object policy, you can configure conditions and actions for objects in a bucket.</p>
<div class="section" id="obs_03_0075__section1427668152517"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0075__ol3653067817298"><li id="obs_03_0075__li99821455306"><span>In the bucket list, click the bucket you want to operate. The <strong id="obs_03_0075__obs_03_0307_b144421021120">Overview</strong> page is displayed.</span></li><li id="obs_03_0075__li51927620"><span>In the navigation pane, choose <strong id="obs_03_0075__obs_03_0307_b51941856151917">Objects</strong>.</span></li><li id="obs_03_0075__li27180413161423"><span>On the right of the object to be operated, choose <strong id="obs_03_0075__b622031814208">More</strong> &gt; <strong id="obs_03_0075__b156481323142016">Configure Object Policy</strong>. The <strong id="obs_03_0075__b1787252862012">Configure Object Policy</strong> dialog box is displayed.</span></li><li id="obs_03_0075__li141801159171718"><span>Select a proper policy mode as required. Valid options are as follows:</span><p><ul id="obs_03_0075__ul1974615162010"><li id="obs_03_0075__li97411532015"><strong id="obs_03_0075__b17153113111415">Read-only</strong>: The authorized user has the read permission on the object. For follow-up procedure, see <a href="#obs_03_0075__li3552175452220">5</a>.</li><li id="obs_03_0075__li390172213204"><strong id="obs_03_0075__b19827152720141">Read and write</strong>: The authorized user has the read and write permissions on the object. For follow-up procedure, see <a href="#obs_03_0075__li3552175452220">5</a>.</li><li id="obs_03_0075__li4483132516202"><strong id="obs_03_0075__b258373721413">Customized</strong>: The authorized user has the customized permissions on the object. For detailed configuration, see <a href="#obs_03_0075__li588503161565">6</a>.</li></ul>
<div class="note" id="obs_03_0075__note3389183318244"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0075__p6390333192416">You can configure only one object policy at a time.</p>
</div></div>
</p></li><li id="obs_03_0075__li3552175452220"><a name="obs_03_0075__li3552175452220"></a><a name="li3552175452220"></a><span>For read-only and read and write modes, enter information about the authorized user in the following format and click <strong id="obs_03_0075__b1320965261618">OK</strong>.</span><p><div class="fignone" id="obs_03_0075__fig17275162821520"><span class="figcap"><b>Figure 1 </b>Parameter settings of an object policy in the read-only or read and write mode</span><br><span><img id="obs_03_0075__image127510288156" src="en-us_image_0189257108.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0075__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Object policy parameters in read-only or read and write mode</caption><thead align="left"><tr id="obs_03_0075__row27504174239"><th align="left" class="cellrowborder" valign="top" width="15.151515151515152%" id="mcps1.3.2.2.5.2.2.2.4.1.1"><p id="obs_03_0075__p107559176234">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="37.37373737373738%" id="mcps1.3.2.2.5.2.2.2.4.1.2"><p id="obs_03_0075__p37601517192320">Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="47.474747474747474%" id="mcps1.3.2.2.5.2.2.2.4.1.3"><p id="obs_03_0075__p1976317170239">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0075__row8783617122317"><td class="cellrowborder" valign="top" width="15.151515151515152%" headers="mcps1.3.2.2.5.2.2.2.4.1.1 "><p id="obs_03_0075__p478519172231">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="37.37373737373738%" headers="mcps1.3.2.2.5.2.2.2.4.1.2 "><ul id="obs_03_0075__ul278810179232"><li id="obs_03_0075__li1578941718233"><strong id="obs_03_0075__b1499114720199">Include</strong> or <strong id="obs_03_0075__b195001647151916">Exclude</strong></li><li id="obs_03_0075__li4287125223917">Cloud service user, Federated user<ul id="obs_03_0075__ul103531411807"><li id="obs_03_0075__li869675384816">If you select <strong id="obs_03_0075__b452255323811">Federated user</strong>, you can specify the user to be an <strong id="obs_03_0075__b1252315303814">Identity provider</strong> or a <strong id="obs_03_0075__b15523155393814">User group</strong>.</li></ul>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="47.474747474747474%" headers="mcps1.3.2.2.5.2.2.2.4.1.3 "><p id="obs_03_0075__p19808171717235">Indicates the user that the object policy applies to.</p>
<ul id="obs_03_0075__ul25601236173218"><li id="obs_03_0075__obs_03_0049_li7880926165213"><strong id="obs_03_0075__obs_03_0049_b1043613214332">Include</strong>: The policy applies to specified users.</li><li id="obs_03_0075__obs_03_0049_li1488092635210"><strong id="obs_03_0075__obs_03_0049_b1890962511336">Exclude</strong>: The policy applies to users except the specified ones.</li></ul>
</td>
</tr>
<tr id="obs_03_0075__row081741752319"><td class="cellrowborder" valign="top" width="15.151515151515152%" headers="mcps1.3.2.2.5.2.2.2.4.1.1 "><p id="obs_03_0075__p15821617102320">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="37.37373737373738%" headers="mcps1.3.2.2.5.2.2.2.4.1.2 "><p id="obs_03_0075__p882465163013"><strong id="obs_03_0075__b5961111282010">Include</strong> or <strong id="obs_03_0075__b796319127204">Exclude</strong></p>
</td>
<td class="cellrowborder" valign="top" width="47.474747474747474%" headers="mcps1.3.2.2.5.2.2.2.4.1.3 "><p id="obs_03_0075__p2084119170234">Resources on which the object policy takes effect.</p>
<ul id="obs_03_0075__ul1441045823718"><li id="obs_03_0075__obs_03_0118_li1620132355317"><strong id="obs_03_0075__obs_03_0118_b184419873610">Include</strong>: The bucket policy applies to specified OBS resources.</li><li id="obs_03_0075__obs_03_0118_li152011423195316"><strong id="obs_03_0075__obs_03_0118_b171841311113612">Exclude</strong>: The bucket policy applies to OBS resources except the specified ones.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0075__li588503161565"><a name="obs_03_0075__li588503161565"></a><a name="li588503161565"></a><span>For the customized mode, set parameters based on the site requirements and click <strong id="obs_03_0075__b13991112418203">OK</strong>.</span><p><div class="fignone" id="obs_03_0075__fig53211555145821"><span class="figcap"><b>Figure 2 </b>Parameter settings of an object policy in the customized mode</span><br><span><img id="obs_03_0075__image263411683818" src="en-us_image_0168392585.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0075__table25824246144542" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Object policy parameters in the custom mode</caption><thead align="left"><tr id="obs_03_0075__row20874365144542"><th align="left" class="cellrowborder" valign="top" width="20.202020202020204%" id="mcps1.3.2.2.6.2.2.2.4.1.1"><p id="obs_03_0075__p13102027144542">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="34.343434343434346%" id="mcps1.3.2.2.6.2.2.2.4.1.2"><p id="obs_03_0075__p171671754714">Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="45.45454545454546%" id="mcps1.3.2.2.6.2.2.2.4.1.3"><p id="obs_03_0075__p54631241144542">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0075__row10774617144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.2.2.6.2.2.2.4.1.1 "><p id="obs_03_0075__p328816144542">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.2.2.6.2.2.2.4.1.2 "><p id="obs_03_0075__p616717174717"><strong id="obs_03_0075__b0711135462019">Allow</strong> or <strong id="obs_03_0075__b1771213544202">Deny</strong></p>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.2.2.6.2.2.2.4.1.3 "><p id="obs_03_0075__p1615161923718">Effect of the object policy.</p>
<ul id="obs_03_0075__ul415919103710"><li id="obs_03_0075__obs_03_0115_li19191705526"><strong id="obs_03_0075__obs_03_0115_b71561349173317">Allow</strong>: The policy allows the matched requests.</li><li id="obs_03_0075__obs_03_0115_li1919150175216"><strong id="obs_03_0075__obs_03_0115_b164762542339">Deny</strong>: The policy denies the matched requests.</li></ul>
</td>
</tr>
<tr id="obs_03_0075__row46881427144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.2.2.6.2.2.2.4.1.1 "><p id="obs_03_0075__p39299241144542">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.2.2.6.2.2.2.4.1.2 "><ul id="obs_03_0075__ul19561211185417"><li id="obs_03_0075__li7956181185413"><strong id="obs_03_0075__b57446226218">Include</strong> or <strong id="obs_03_0075__b1745222142115">Exclude</strong></li><li id="obs_03_0075__li18810122551811">Cloud service user, Federated user<ul id="obs_03_0075__ul16810162511812"><li id="obs_03_0075__li14810625191813">If you select <strong id="obs_03_0075__b9859208399">Federated user</strong>, you can specify the user to be an <strong id="obs_03_0075__b286102013393">Identity provider</strong> or a <strong id="obs_03_0075__b168619207395">User group</strong>.</li></ul>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.2.2.6.2.2.2.4.1.3 "><p id="obs_03_0075__p1715111933716">Specifies users on whom this object policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication.</p>
<ul id="obs_03_0075__ul119112314313"><li id="obs_03_0075__obs_03_0049_li7880926165213_1"><strong id="obs_03_0075__obs_03_0049_b1043613214332_1">Include</strong>: The policy applies to specified users.</li><li id="obs_03_0075__obs_03_0049_li1488092635210_1"><strong id="obs_03_0075__obs_03_0049_b1890962511336_1">Exclude</strong>: The policy applies to users except the specified ones.</li></ul>
</td>
</tr>
<tr id="obs_03_0075__row26311294144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.2.2.6.2.2.2.4.1.1 "><p id="obs_03_0075__p50840088144542">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.2.2.6.2.2.2.4.1.2 "><ul id="obs_03_0075__ul151711055754"><li id="obs_03_0075__li151719551252"><strong id="obs_03_0075__b188441334211">Include</strong> or <strong id="obs_03_0075__b19845133132113">Exclude</strong></li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.2.2.6.2.2.2.4.1.3 "><p id="obs_03_0075__p1016819183718">Resources on which the object policy takes effect.</p>
<ul id="obs_03_0075__ul98281632306"><li id="obs_03_0075__obs_03_0118_li1620132355317_1"><strong id="obs_03_0075__obs_03_0118_b184419873610_1">Include</strong>: The bucket policy applies to specified OBS resources.</li><li id="obs_03_0075__obs_03_0118_li152011423195316_1"><strong id="obs_03_0075__obs_03_0118_b171841311113612_1">Exclude</strong>: The bucket policy applies to OBS resources except the specified ones.</li></ul>
</td>
</tr>
<tr id="obs_03_0075__row461371117754"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.2.2.6.2.2.2.4.1.1 "><p id="obs_03_0075__p420595051780">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.2.2.6.2.2.2.4.1.2 "><ul id="obs_03_0075__ul732518295298"><li id="obs_03_0075__li93251529122910"><strong id="obs_03_0075__b4794124413212">Include</strong> or <strong id="obs_03_0075__b479513445217">Exclude</strong></li><li id="obs_03_0075__li17137153782916">For details about the actions, see <a href="obs_03_0051.html#obs_03_0051__section387654045518">Actions Related to Objects</a>.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.2.2.6.2.2.2.4.1.3 "><p id="obs_03_0075__p1916419183710">Operation stated in the object policy.</p>
<ul id="obs_03_0075__ul13161219203711"><li id="obs_03_0075__obs_03_0051_li100102451519"><strong id="obs_03_0075__obs_03_0051_b856171514343">Include</strong>: The bucket policy applies to specified actions.</li><li id="obs_03_0075__obs_03_0051_li73441302154"><strong id="obs_03_0075__obs_03_0051_b881411181346">Exclude</strong>: The bucket policy applies to actions except the specified ones.</li></ul>
</td>
</tr>
<tr id="obs_03_0075__row8998688144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.2.2.6.2.2.2.4.1.1 "><p id="obs_03_0075__p57805116144542">Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.2.2.6.2.2.2.4.1.2 "><ul id="obs_03_0075__ul63480483323"><li id="obs_03_0075__li23489486327"><strong id="obs_03_0075__b1928131973211">Condition Operator</strong>: See <a href="obs_03_0120.html#obs_03_0120__table16670126115713">Table 1</a>.</li><li id="obs_03_0075__li152711612153317"><strong id="obs_03_0075__b115271075253">Key</strong>: See <a href="obs_03_0120.html#obs_03_0120__table6707152645718">Table 2</a> and <a href="obs_03_0120.html#obs_03_0120__table14742526145718">Table 4</a>.</li><li id="obs_03_0075__li4956132193516"><strong id="obs_03_0075__b799974262210">Value</strong>: The entered value is associated with the key.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.2.2.6.2.2.2.4.1.3 "><p id="obs_03_0075__p1116019133714">Condition for an object policy to take effect.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0075__li4969125915456"><span>Click <strong id="obs_03_0075__b1964412602314">OK</strong>.</span><p><p id="obs_03_0075__p18160203072118">After the object policy is configured successfully, it is displayed in the list under <strong id="obs_03_0075__b196613534150">Custom Bucket Policies</strong> in the <strong id="obs_03_0075__b1425474641515">Bucket Policies</strong> tab on the <strong id="obs_03_0075__b14532113051514">Permissions</strong> page.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0086.html">Permissions Control</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink