vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/en-us_topic_0045853707.html
zhangyue 92e44874e7 OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-11-06 14:33:05 +00:00

118 lines
12 KiB
HTML
Raw Blame History

<a name="en-us_topic_0045853707"></a><a name="en-us_topic_0045853707"></a>
<h1 class="topictitle1">Configuring a Bucket Policy</h1>
<div id="body8662426"><p class="MsoNormal" id="en-us_topic_0045853707__a453722b6b7a847a3b98c866ba89cc863">A bucket policy defines access control over resources (buckets and objects) in OBS.</p>
<div class="section" id="en-us_topic_0045853707__sa9ce61a965cf44278ecdea3220e325dd"><h4 class="sectiontitle">Procedure</h4><ol id="en-us_topic_0045853707__o7b6feb4f8efd4473a007a285c8031085"><li id="en-us_topic_0045853707__ld501115dcad3472599e3ec2b2d3e2d53"><span>Log in to OBS Browser.</span></li><li id="en-us_topic_0045853707__l8e12aca8d5a74c7bbfcc73c497db29fd"><span>Click the blank area in the row of the bucket for which you want to configure a bucket policy and choose <strong id="en-us_topic_0045853707__b51831341152516">More</strong> &gt; <strong id="en-us_topic_0045853707__b1953975492517">Configure Bucket Policy</strong>.</span></li><li id="en-us_topic_0045853707__l7c68db23562a4f52af5be58789a03526"><span>In the <strong id="en-us_topic_0045853707__b38385285415242">Configure Bucket Policy</strong> dialog box, input required parameters.</span><p><p id="en-us_topic_0045853707__p1128019273611">The size of a bucket policy cannot exceed 20 KB.</p>
<p class="MsoNormal" id="en-us_topic_0045853707__ac2ee1033c4bd41928091e2c48832ba01"><a href="#en-us_topic_0045853707__t90f413f7432b4558b68c408483fd2be9">Table 1</a> describes the parameters of bucket policies. All fields except the <strong id="en-us_topic_0045853707__b842352706182834">Effect</strong> field are optional.</p>
<div class="tablenoborder"><a name="en-us_topic_0045853707__t90f413f7432b4558b68c408483fd2be9"></a><a name="t90f413f7432b4558b68c408483fd2be9"></a><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0045853707__t90f413f7432b4558b68c408483fd2be9" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters in bucket policies</caption><thead align="left"><tr id="en-us_topic_0045853707__r76e46083a7d54583b866b710d57a869b"><th align="left" class="cellrowborder" valign="top" width="16.24%" id="mcps1.3.2.2.3.2.3.2.4.1.1"><p id="en-us_topic_0045853707__a9f330eae4b1445d9bd50f9aee100fedb">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="76.24%" id="mcps1.3.2.2.3.2.3.2.4.1.2"><p id="en-us_topic_0045853707__ade48ab9c0cee409cb2d3be53e627432c">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="7.5200000000000005%" id="mcps1.3.2.2.3.2.3.2.4.1.3"><p id="en-us_topic_0045853707__aa22db190a3b249858056287fa2a41496">Mandatory or Not</p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0045853707__r37b6d3a82f2c41ab9f69396983c71926"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__a615391a7b87c446dbc6036f21444ec60">Version</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__ae3b32b0875da4e6a8eabc2becb00a9e8">The value can be <strong id="en-us_topic_0045853707__b488317716145">2008-10-17</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__aa77b671e052e4e78b047b721a4f145a3">Optional</p>
</td>
</tr>
<tr id="en-us_topic_0045853707__rdbb1644385db43279b36f8a44dfa88b8"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__adc42ec63f7514e51979d28c0e5d1c5e9">Id</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__a828a97a16dcb41efad1246d7534f2dbd">The ID of the bucket policy. The value must be unique.</p>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__a13cb2f6bd41f4ef3ba7a5fce5941fe26">Optional</p>
</td>
</tr>
<tr id="en-us_topic_0045853707__r9b53ca8e1b774da29a1ce3808fff149c"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__abcbf9eb4a1054ad2a697318b6bd890e3">Statement</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__a6a5c216cd1aa40f0b60d5711b95cdef3">The description of the bucket policy. The statement defines complete permission control. Each bucket policy can have multiple statements, and each statement contains the following parameters:</p>
<ul id="en-us_topic_0045853707__u1aecb422630444f9a819613f2cd1fcfd"><li id="en-us_topic_0045853707__l69d5bea9f4f9438e927fa7b38a50d91f">Sid</li><li id="en-us_topic_0045853707__l2f40d010640b4fe3a641f199970555b5">Effect</li><li id="en-us_topic_0045853707__l7bd5d7a390b24ff5b1d5653483532d0b">Principal</li><li id="en-us_topic_0045853707__l1c7919d54a444164bd2165567c690e93">NotPrincipal</li><li id="en-us_topic_0045853707__l3e42f449904c4f1e8f0d5921dc0fb173">Action</li><li id="en-us_topic_0045853707__l77a08d5ce452422e994cbf586ce68bbc">NotAction</li><li id="en-us_topic_0045853707__l0d06fd58c1394013914eca63f27a3dd5">Resource</li><li id="en-us_topic_0045853707__lc7602828a9fd480fb5100c1749d6ac21">NotResource</li><li id="en-us_topic_0045853707__l62909d48e5c64478a7c922d6a5d57e7f">Condition</li></ul>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__a6c3d65f385cb43019d9cff48552811d2">Mandatory</p>
</td>
</tr>
<tr id="en-us_topic_0045853707__re811dabc0b744a9db97c15075b0666c2"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__adeea10edb32442ceb79834f2407894f3">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__abb507befc309403e973caed0ef17a9b5">Effect of the bucket policy. The statement can be set to accept or reject requests. Possible values are <strong id="en-us_topic_0045853707__b95049285151227">Allow</strong> and <strong id="en-us_topic_0045853707__b311781335151227">Deny</strong></p>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__a58481dae19464eb795944c0f77c1746f">Mandatory</p>
</td>
</tr>
<tr id="en-us_topic_0045853707__rb4776c5d34994af39494c4853d4a05eb"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__acb40787b51ff475c88f9429d20931a7f">Sid</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__a6b289a4511a34acda6967a3a29fde76d">The statement ID.</p>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__ab10401c22da84465bff2559b47386704">Optional</p>
</td>
</tr>
<tr id="en-us_topic_0045853707__rd3c89d23a35f4f528c9cd1c343d9eb6c"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__a791a73fba0f141b497d21808d7ba4936">Principal/NotPrincipal</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__aa07e0a51e82a4fd99937eb3071f6c437">Users on whom the bucket policy statement takes effect</p>
<p id="en-us_topic_0045853707__a13176cf37f534f75b1bb48a03c796c22">Either <strong id="en-us_topic_0045853707__a5016ae9fe2e845f2b3b76c69e35fcbb4">Principal</strong> or <strong id="en-us_topic_0045853707__en-us_topic_0068417483_b633253613238">NotPrincipal</strong> must be selected to specify the user on whom the bucket policy statement takes effect or does not take effect.</p>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__ac66e9f7d22c048a78fc6bc19d85b3daa">Mandatory</p>
</td>
</tr>
<tr id="en-us_topic_0045853707__re157b39294c34983a344bdd2c19d3867"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__ad301d40b837a4d808b3ade5e40303f19">Action/NotAction</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__afe04e5f242e546bb9ba2d0527af3d34c">OBS actions which the bucket policy is applied to.</p>
<p id="en-us_topic_0045853707__af08cacea86e44fceb08b23dcef32a160">Either <strong id="en-us_topic_0045853707__b208460462388">Action</strong> or <strong id="en-us_topic_0045853707__b1386164993816">NotAction</strong> must be selected to specify whether the bucket policy applies to the OBS actions.</p>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__a5cd8ed2c61f348de990ca923abf0b2ea">Mandatory</p>
</td>
</tr>
<tr id="en-us_topic_0045853707__r1b58c573b77d42d6aadcd4321ea261ef"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__ae72aee7b2c02460e9cc37200a5e2ba8b">Resource/NotResource</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__a851f0a72bf774eb8b15f76e4b054de25">Objects on which the bucket policy statement takes effect</p>
<p id="en-us_topic_0045853707__aaa19587fb1e14b49a31f4c9e9cc17200">Either <strong id="en-us_topic_0045853707__b183645180397">Resource</strong> or <strong id="en-us_topic_0045853707__b1999120223391">NotResource</strong> must be selected to specify whether the bucket policy applies to the OBS resources.</p>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__a69e88c1bcd29489ea748671680a5d3cc">Mandatory</p>
</td>
</tr>
<tr id="en-us_topic_0045853707__rc844bea9ce534b2d8897afa8961769a3"><td class="cellrowborder" valign="top" width="16.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.1 "><p id="en-us_topic_0045853707__a10df44ea04524424a173bf17d7de7aec">Condition</p>
</td>
<td class="cellrowborder" valign="top" width="76.24%" headers="mcps1.3.2.2.3.2.3.2.4.1.2 "><p id="en-us_topic_0045853707__adda00a6ecf9f45fcbb6fbcea7ea55f5f">The conditions under which the bucket policy takes effect</p>
</td>
<td class="cellrowborder" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.3.2.3.2.4.1.3 "><p id="en-us_topic_0045853707__a0eef764f8bba4023be7c6aeb8f608e07">Optional</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="p" id="en-us_topic_0045853707__p1696016385322">Example: Uploading objects to bucket <strong id="en-us_topic_0045853707__b15909534363">bucket-example</strong> is not allowed.<pre class="screen" id="en-us_topic_0045853707__screen268745618412">{
"Version":"2008-10-17",
"Id":"Policy1527928945090",
"Statement":[
{
"Sid":"Stmt1527929149040",
"Effect":"Deny",
"Principal":
{
"AWS":[
"*"
]
},
"Action":[
"s3:Put*"
],
"Resource":[
"arn:aws:s3:::bucket-example/*"
]
}
]
}</pre>
</div>
</p></li><li id="en-us_topic_0045853707__li165617548816"><span>Click <strong id="en-us_topic_0045853707__b28710288304">Save</strong>.</span></li><li id="en-us_topic_0045853707__li944717573486"><span>In the displayed dialog box, click <strong id="en-us_topic_0045853707__obs_03_0022_b19371431195919">Close</strong> to close the dialog box.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0140.html">Permission Control</a></div>
</div>
</div>
View Git Blame Copy Permalink