vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0123.html
zhangyue b55201d729 OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-03-18 15:39:30 +00:00

117 lines
17 KiB
HTML
Raw Blame History

<a name="obs_03_0123"></a><a name="obs_03_0123"></a>
<h1 class="topictitle1">Configuring a Custom Bucket Policy (Common Mode)</h1>
<div id="body1499753333226"><p class="MsoNormal" id="obs_03_0123__p398813105457">If you want to grant special permissions to specific users, you can configure custom bucket policies. If a standard bucket policy conflicts with a custom bucket policy, the authorization priority is given to the custom bucket policy and then the standard bucket policy.</p>
<p class="MsoNormal" id="obs_03_0123__p3712241">This topic describes how to configure a custom bucket policy in common mode (GUI).</p>
<div class="section" id="obs_03_0123__section1761505716442"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0123__ol2431779016442"><li id="obs_03_0123__li99821455306"><span>In the bucket list, click the bucket you want to operate. The <strong id="obs_03_0123__obs_03_0307_b144421021120">Overview</strong> page is displayed.</span></li><li id="obs_03_0123__li13508181724617"><span>In the navigation pane, choose <strong id="obs_03_0123__obs_03_0142_b2055212481903">Permissions</strong>.</span></li><li id="obs_03_0123__li1568715376490"><span>On the <strong id="obs_03_0123__b25185174103">Bucket Policies</strong> tab page, configure a custom bucket policy according to your needs.</span><p><p id="obs_03_0123__p173901896189">On the right of <strong id="obs_03_0123__b9368111971014">Custom Bucket Policies</strong>, select <strong id="obs_03_0123__b536961911101">Common mode</strong> to configure the policy in the GUI mode.</p>
</p></li><li id="obs_03_0123__li1948691455110"><span>Click <strong id="obs_03_0123__b19810858145319">Create Bucket Policy</strong>. Select a proper policy mode as required. Valid values are as follows:</span><p><ul id="obs_03_0123__ul6489914125113"><li id="obs_03_0123__li194921514175111"><strong id="obs_03_0123__b125231032193417">Read-only</strong>: The authorized user will have the read permission on the bucket and objects. For subsequent operations, see <a href="#obs_03_0123__li3552175452220">5</a>.</li><li id="obs_03_0123__li1949713143512"><strong id="obs_03_0123__b8639102763418">Read and write</strong>: The authorized user will have the read and write permissions on the bucket and objects. For subsequent operations, see <a href="#obs_03_0123__li3552175452220">5</a>.</li><li id="obs_03_0123__li17501101418511"><strong id="obs_03_0123__b15554073410">Customized</strong>: The authorized user will have the customized permissions on the bucket and objects. For detailed configuration, see <a href="#obs_03_0123__li588503161565">6</a>.</li></ul>
<div class="note" id="obs_03_0123__note650419148512"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0123__p20506131415113">Only one bucket policy mode can be configured at a time.</p>
</div></div>
</p></li><li id="obs_03_0123__li3552175452220"><a name="obs_03_0123__li3552175452220"></a><a name="li3552175452220"></a><span>For the read-only and read and write modes, enter information about the authorized user in the following format and click <strong id="obs_03_0123__b1816403753815">OK</strong>.</span><p><div class="fignone" id="obs_03_0123__fig3744459165110"><span class="figcap"><b>Figure 1 </b>Parameter settings of a custom bucket policy in the read-only or read and write mode</span><br><span><img id="obs_03_0123__image197441359115115" src="en-us_image_0189170143.png" title="Click to enlarge" class="imgResize"></span></div>
<p id="obs_03_0123__p5499632093"></p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0123__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters in bucket policies</caption><thead align="left"><tr id="obs_03_0123__row27504174239"><th align="left" class="cellrowborder" valign="top" width="15.151515151515152%" id="mcps1.3.3.2.5.2.3.2.4.1.1"><p id="obs_03_0123__p107559176234">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="37.37373737373738%" id="mcps1.3.3.2.5.2.3.2.4.1.2"><p id="obs_03_0123__p37601517192320">Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="47.474747474747474%" id="mcps1.3.3.2.5.2.3.2.4.1.3"><p id="obs_03_0123__p1976317170239">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0123__row8783617122317"><td class="cellrowborder" valign="top" width="15.151515151515152%" headers="mcps1.3.3.2.5.2.3.2.4.1.1 "><p id="obs_03_0123__p478519172231">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="37.37373737373738%" headers="mcps1.3.3.2.5.2.3.2.4.1.2 "><ul id="obs_03_0123__ul278810179232"><li id="obs_03_0123__li1578941718233"><strong id="obs_03_0123__b846456295">Include</strong> or <strong id="obs_03_0123__b939738830">Exclude</strong></li><li id="obs_03_0123__li14773155954215"><strong id="obs_03_0123__b1013656391">Cloud service user</strong>, <strong id="obs_03_0123__b738446578">Federated user</strong><ul id="obs_03_0123__ul15575185754819"><li id="obs_03_0123__li869675384816">If you select <strong id="obs_03_0123__b752381420">Federated user</strong>, you can specify the user to be an <strong id="obs_03_0123__b415962566">Identity provider</strong> or a <strong id="obs_03_0123__b128942785">User group</strong>.</li></ul>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="47.474747474747474%" headers="mcps1.3.3.2.5.2.3.2.4.1.3 "><p id="obs_03_0123__p19808171717235">Specifies users on whom this bucket policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication.</p>
<ul id="obs_03_0123__ul20673512167"><li id="obs_03_0123__li9670511619"><strong id="obs_03_0123__b759193572">Include</strong>: The policy takes effect on specified users.</li><li id="obs_03_0123__li479685931620"><strong id="obs_03_0123__b203108283">Exclude</strong>: The policy takes effect on all users except the specified ones.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row081741752319"><td class="cellrowborder" valign="top" width="15.151515151515152%" headers="mcps1.3.3.2.5.2.3.2.4.1.1 "><p id="obs_03_0123__p15821617102320">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="37.37373737373738%" headers="mcps1.3.3.2.5.2.3.2.4.1.2 "><ul id="obs_03_0123__ul2824151742319"><li id="obs_03_0123__li282651720239"><strong id="obs_03_0123__b41985308397">Include</strong> or <strong id="obs_03_0123__b111991430193912">Exclude</strong></li><li id="obs_03_0123__li1482910177236">Input format: <p id="obs_03_0123__p12830717162315"><a name="obs_03_0123__li1482910177236"></a><a name="li1482910177236"></a>Object: <em id="obs_03_0123__i1428683216397">Object name</em></p>
<p id="obs_03_0123__p68341917112319">Object set: <em id="obs_03_0123__i847916338396">Object name prefix</em><strong id="obs_03_0123__b86031018135719">*</strong>, <strong id="obs_03_0123__b873992212574">*</strong><em id="obs_03_0123__i1848013313917">Object name suffix</em>, or <strong id="obs_03_0123__b336511255572">*</strong></p>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="47.474747474747474%" headers="mcps1.3.3.2.5.2.3.2.4.1.3 "><p id="obs_03_0123__p2084119170234">Indicates the resource that a bucket policy applies to. With the read-only mode and read and write mode, the policy can only apply to objects.</p>
<ul id="obs_03_0123__ul7274173411710"><li id="obs_03_0123__li7274634171715"><strong id="obs_03_0123__b24951819019">Include</strong>: The policy takes effect on the specified OBS resources.</li><li id="obs_03_0123__li260555313171"><strong id="obs_03_0123__b172155361308">Exclude</strong>: The policy takes effect on all OBS resources except the specified ones.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0123__li588503161565"><a name="obs_03_0123__li588503161565"></a><a name="li588503161565"></a><span>For the customized mode, set parameters based on the site requirements and click <strong id="obs_03_0123__b15327583219">OK</strong>.</span><p><div class="fignone" id="obs_03_0123__fig53211555145821"><span class="figcap"><b>Figure 2 </b>Parameter settings of a custom bucket policy in the customized mode</span><br><span><img id="obs_03_0123__image776514418538" src="en-us_image_0132032277.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="p" id="obs_03_0123__p520275017208"><a href="#obs_03_0123__table25824246144542">Table 2</a> describes each parameter.
<div class="tablenoborder"><a name="obs_03_0123__table25824246144542"></a><a name="table25824246144542"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0123__table25824246144542" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for configuring a custom bucket policy</caption><thead align="left"><tr id="obs_03_0123__row20874365144542"><th align="left" class="cellrowborder" valign="top" width="20.202020202020204%" id="mcps1.3.3.2.6.2.2.2.2.4.1.1"><p id="obs_03_0123__p13102027144542">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="34.343434343434346%" id="mcps1.3.3.2.6.2.2.2.2.4.1.2"><p id="obs_03_0123__p171671754714">Value</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="45.45454545454546%" id="mcps1.3.3.2.6.2.2.2.2.4.1.3"><p id="obs_03_0123__p54631241144542">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0123__row10774617144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p328816144542">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><p id="obs_03_0123__p616717174717"><strong id="obs_03_0123__b306395741">Allow</strong> or <strong id="obs_03_0123__b1388166079">Deny</strong></p>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p04354171543">Effect of a bucket policy.</p>
<ul id="obs_03_0123__ul1835191314190"><li id="obs_03_0123__li159861027191911"><strong id="obs_03_0123__b922169305">Allow</strong>: The policy allows the matched requests.</li><li id="obs_03_0123__li18986102701916"><strong id="obs_03_0123__b915769522">Deny</strong>: The policy denies the matched requests.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row46881427144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p39299241144542">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><ul id="obs_03_0123__ul19561211185417"><li id="obs_03_0123__li7956181185413"><strong id="obs_03_0123__b830025419431">Include</strong> or <strong id="obs_03_0123__b030075414316">Exclude</strong></li><li id="obs_03_0123__li4287125223917"><strong id="obs_03_0123__b19619115514331">Cloud service user</strong>, <strong id="obs_03_0123__b1769811573338">Federated user</strong><ul id="obs_03_0123__ul3534111145812"><li id="obs_03_0123__li8623685589">If you select <strong id="obs_03_0123__b11332843172011">Federated user</strong>, you can specify the user to be an <strong id="obs_03_0123__b18332134322012">Identity provider</strong> or a <strong id="obs_03_0123__b1133313438201">User group</strong>.</li></ul>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p243601717416">Specifies users on whom this bucket policy takes effect, including cloud service users and federated users. A cloud service user is the one who accesses the cloud services through registration with the cloud services. A federated user is the one who accesses the cloud services through federated identity authentication.</p>
<ul id="obs_03_0123__ul101874512014"><li id="obs_03_0123__li121871259206"><strong id="obs_03_0123__b1024293172719">Include</strong>: The policy takes effect on specified users.</li><li id="obs_03_0123__li61876510206"><strong id="obs_03_0123__b119859613272">Exclude</strong>: The policy takes effect on all users except the specified ones.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row26311294144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p50840088144542">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><ul id="obs_03_0123__ul151711055754"><li id="obs_03_0123__li151719551252"><strong id="obs_03_0123__b1749282461">Include</strong> or <strong id="obs_03_0123__b409471635">Exclude</strong></li><li id="obs_03_0123__li2764195612517">Resource input format:<p id="obs_03_0123__p13659113718819"><a name="obs_03_0123__li2764195612517"></a><a name="li2764195612517"></a>Object: <em id="obs_03_0123__i2001289199">Object name</em></p>
<p id="obs_03_0123__p47531246786">Object set: <em id="obs_03_0123__i116201545">Object name prefix</em><strong id="obs_03_0123__b232933899">*</strong>, <strong id="obs_03_0123__b318644728">*</strong><em id="obs_03_0123__i695117047">Object name suffix</em>, or <strong id="obs_03_0123__b450417054">*</strong></p>
<p id="obs_03_0123__p484811521683">Blank: Indicates that the resource is the entire bucket.</p>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p144361117943">Indicates the resource that a bucket policy applies to.</p>
<ul id="obs_03_0123__ul1243923162015"><li id="obs_03_0123__li114312316201"><strong id="obs_03_0123__b1503707948">Include</strong>: The policy takes effect on the specified OBS resources.</li><li id="obs_03_0123__li1943152318208"><strong id="obs_03_0123__b2139404972">Exclude</strong>: The policy takes effect on all OBS resources except the specified ones.</li></ul>
<p id="obs_03_0123__p24361917944">Relationship between resource types and actions:</p>
<ul id="obs_03_0123__ul1943618171341"><li id="obs_03_0123__li94361117243">When a resource is an object or an object set, only the actions related to the object can be configured.</li><li id="obs_03_0123__li144361817143">When the resource is a bucket, only the actions related to the bucket can be configured.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row461371117754"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p420595051780">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><ul id="obs_03_0123__ul732518295298"><li id="obs_03_0123__li93251529122910"><strong id="obs_03_0123__b426991823">Include</strong> or <strong id="obs_03_0123__b303634240">Exclude</strong></li><li id="obs_03_0123__li17137153782916">For details, see <a href="obs_03_0051.html">Actions</a>.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p114369173413">Operations stated in the bucket policy.</p>
<ul id="obs_03_0123__ul172495822013"><li id="obs_03_0123__li7724458102010"><strong id="obs_03_0123__b1752169122">Include</strong>: The policy takes effect on specified actions.</li><li id="obs_03_0123__li47248585207"><strong id="obs_03_0123__b1593869488">Exclude</strong>: The policy takes effect on all actions except the specified ones.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row8998688144542"><td class="cellrowborder" valign="top" width="20.202020202020204%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.1 "><p id="obs_03_0123__p57805116144542">Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="34.343434343434346%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.2 "><ul id="obs_03_0123__ul63480483323"><li id="obs_03_0123__li23489486327"><strong id="obs_03_0123__b1270017930">Conditional Operator</strong>: See <a href="obs_03_0120.html#obs_03_0120__table16670126115713">Table 1</a>.</li><li id="obs_03_0123__li152711612153317"><strong id="obs_03_0123__b2137571700">Key</strong>: See <a href="obs_03_0120.html#obs_03_0120__table6707152645718">Table 2</a>, <a href="obs_03_0120.html#obs_03_0120__table1972610267573">Table 3</a>, and <a href="obs_03_0120.html#obs_03_0120__table14742526145718">Table 4</a>.</li><li id="obs_03_0123__li4956132193516"><strong id="obs_03_0123__b358589128">Value</strong>: The entered value is associated with the key.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="45.45454545454546%" headers="mcps1.3.3.2.6.2.2.2.2.4.1.3 "><p id="obs_03_0123__p34365171045">Conditions under which the bucket policy takes effect</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0045853584.html">Configuring a Bucket Policy</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink