• Object Storage Service

obs
  1. Help Center
  2. Object Storage Service
  3. User Guide
  4. OBS Console Operation Guide
  5. Bucket Permissions
  6. Bucket Policy Effect

Bucket Policy Effect

Two effects can be set in a bucket policy, which are described as follows:

  • Allow: Specifies allowed subjects in a bucket policy.
  • Deny: Specifies denied subjects in a bucket policy.

    If there are Allow and Deny statements in a bucket policy, the Deny statements prevail. The following figure shows the judgement process.

    1. A user initiates an access request.
    2. OBS preferentially searches for Deny statements from the bucket policy. If a Deny statement is found, OBS directly rejects the access. The access request ends.
    3. If there is no Deny statement, OBS searches for Allow statements.
      • If an Allow statement is found, OBS allows the access.
      • If no Allow statement is found, OBS rejects the access. The access request ends.
    4. If an error occurs during the judgment process, an error message is generated and returned to the user who initiates the access request.