vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0325.html
zhangyue b55201d729 OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-03-18 15:39:30 +00:00

84 lines
7.3 KiB
HTML
Raw Blame History

<a name="obs_03_0325"></a><a name="obs_03_0325"></a>
<h1 class="topictitle1">Relationship Between a Bucket ACL and a Bucket Policy</h1>
<div id="body1557026128761"><div class="section" id="obs_03_0325__section9370125413594"><h4 class="sectiontitle">Mapping Between Bucket ACLs and Bucket Policies</h4><p id="obs_03_0325__p14426115413593">Bucket ACLs are used to control basic read and write access to buckets. Custom settings of bucket policies support more actions that can be performed on buckets. Bucket policies supplement bucket ACLs. In most cases (granting permissions to log delivery user groups excluded), you can use bucket policies to manage access to buckets. <a href="#obs_03_0325__table183716545593">Table 1</a> shows the mapping between bucket ACL access permissions and bucket policy actions.</p>
<div class="tablenoborder"><a name="obs_03_0325__table183716545593"></a><a name="table183716545593"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0325__table183716545593" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Mapping between bucket ACL access permissions and bucket policy actions</caption><thead align="left"><tr id="obs_03_0325__row10426205416593"><th align="left" class="cellrowborder" valign="top" width="19.191919191919194%" id="mcps1.3.1.3.2.4.1.1"><p id="obs_03_0325__p6426165418599">ACL Permission</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="14.262626262626263%" id="mcps1.3.1.3.2.4.1.2"><p id="obs_03_0325__p1842615544595">Option</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="66.54545454545455%" id="mcps1.3.1.3.2.4.1.3"><p id="obs_03_0325__p8428125435912">Mapped Action in a Custom Bucket Policy</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0325__row942885416596"><td class="cellrowborder" rowspan="2" valign="top" width="19.191919191919194%" headers="mcps1.3.1.3.2.4.1.1 "><p id="obs_03_0325__p184281354195919">Access to bucket</p>
</td>
<td class="cellrowborder" valign="top" width="14.262626262626263%" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_03_0325__p54287547598">Read</p>
</td>
<td class="cellrowborder" valign="top" width="66.54545454545455%" headers="mcps1.3.1.3.2.4.1.3 "><ul id="obs_03_0325__ul1242814546590"><li id="obs_03_0325__li1842855455919">ListBucket</li><li id="obs_03_0325__li12428145410594">ListBucketVersions</li><li id="obs_03_0325__li14288542599">ListBucketMultipartUploads</li></ul>
</td>
</tr>
<tr id="obs_03_0325__row1242885414593"><td class="cellrowborder" valign="top" headers="mcps1.3.1.3.2.4.1.1 "><p id="obs_03_0325__p134281454115913">Write</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.1.3.2.4.1.2 "><ul id="obs_03_0325__ul84281154125913"><li id="obs_03_0325__li164281754155919">PutObject</li><li id="obs_03_0325__li10428195455914">DeleteObject</li><li id="obs_03_0325__li11428195465918">DeleteObjectVersion</li></ul>
</td>
</tr>
<tr id="obs_03_0325__row17428135413591"><td class="cellrowborder" rowspan="2" valign="top" width="19.191919191919194%" headers="mcps1.3.1.3.2.4.1.1 "><p id="obs_03_0325__p174281154105920">Access to ACL</p>
</td>
<td class="cellrowborder" valign="top" width="14.262626262626263%" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_03_0325__p1142885415597">Read</p>
</td>
<td class="cellrowborder" valign="top" width="66.54545454545455%" headers="mcps1.3.1.3.2.4.1.3 "><p id="obs_03_0325__p1842815542599">GetBucketAcl</p>
</td>
</tr>
<tr id="obs_03_0325__row15428654125911"><td class="cellrowborder" valign="top" headers="mcps1.3.1.3.2.4.1.1 "><p id="obs_03_0325__p1742825465912">Write</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_03_0325__p2429554125918">PutBucketAcl</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="obs_03_0325__section816016146119"><h4 class="sectiontitle">Mapping Relationship Between Object ACLs and Bucket Policies</h4><p id="obs_03_0325__p12246714410">Object ACLs are used to control basic read and write access permissions for objects. The custom settings of bucket policies support more actions that can be performed on objects. <a href="#obs_03_0325__table4160714016">Table 2</a> describes the mapping relationship between object ACL access permissions and bucket policy actions.</p>
<div class="tablenoborder"><a name="obs_03_0325__table4160714016"></a><a name="table4160714016"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0325__table4160714016" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Mapping relationship between object ACLs and bucket policies</caption><thead align="left"><tr id="obs_03_0325__row122474141815"><th align="left" class="cellrowborder" valign="top" width="19.388061193880613%" id="mcps1.3.2.3.2.4.1.1"><p id="obs_03_0325__p92471614310">Object ACL</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="14.288571142885711%" id="mcps1.3.2.3.2.4.1.2"><p id="obs_03_0325__p1024713142118">Option</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="66.32336766323368%" id="mcps1.3.2.3.2.4.1.3"><p id="obs_03_0325__p62479146116">Mapped Action in a Custom Bucket Policy</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0325__row1724718148112"><td class="cellrowborder" valign="top" width="19.388061193880613%" headers="mcps1.3.2.3.2.4.1.1 "><p id="obs_03_0325__p102479141019">Access to Object</p>
</td>
<td class="cellrowborder" valign="top" width="14.288571142885711%" headers="mcps1.3.2.3.2.4.1.2 "><p id="obs_03_0325__p724781411118">Read</p>
</td>
<td class="cellrowborder" valign="top" width="66.32336766323368%" headers="mcps1.3.2.3.2.4.1.3 "><ul id="obs_03_0325__ul1424715141914"><li id="obs_03_0325__li024718141315">GetObject</li><li id="obs_03_0325__li124714141717">GetObjectVersion</li></ul>
</td>
</tr>
<tr id="obs_03_0325__row12247101419112"><td class="cellrowborder" rowspan="2" valign="top" width="19.388061193880613%" headers="mcps1.3.2.3.2.4.1.1 "><p id="obs_03_0325__p62471514814">Access to ACL</p>
</td>
<td class="cellrowborder" valign="top" width="14.288571142885711%" headers="mcps1.3.2.3.2.4.1.2 "><p id="obs_03_0325__p72471314311">Read</p>
</td>
<td class="cellrowborder" valign="top" width="66.32336766323368%" headers="mcps1.3.2.3.2.4.1.3 "><ul id="obs_03_0325__ul324718149119"><li id="obs_03_0325__li1424781415111">GetObjectAcl</li><li id="obs_03_0325__li1924720141114">GetObjectVersionAcl</li></ul>
</td>
</tr>
<tr id="obs_03_0325__row122478141116"><td class="cellrowborder" valign="top" headers="mcps1.3.2.3.2.4.1.1 "><p id="obs_03_0325__p8247614513">Write</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.3.2.4.1.2 "><ul id="obs_03_0325__ul122471014113"><li id="obs_03_0325__li824731412119">PutObjectAcl</li><li id="obs_03_0325__li15247014015">PutObjectVersionAcl</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="obs_03_0325__section8941172018353"><h4 class="sectiontitle">Does Bucket Policy Change Effect on the ACL Setting?</h4><p id="obs_03_0325__p9839102212359">When objects are uploaded to a bucket, object ACLs are set for those objects. When the bucket policy is modified, ACLs of the objects do not change. However, ACLs of newly uploaded objects will be the default setting, and will not inherit the object ACL rule set by existing objects.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0109.html">Permission Control Mechanisms</a></div>
</div>
</div>
View Git Blame Copy Permalink