Configuring a Bucket Policy

A bucket policy defines the access control policy of resources (buckets and objects) in OBS.

Procedure

  1. Log in to OBS Browser.

  2. Click the blank area in the row of the bucket for which you want to configure a bucket policy and choose More > Configure Bucket Policy.

  3. In the Configure Bucket Policy dialog box, input required parameters.

    The size of a bucket policy cannot exceed 20 KB.

    Table 1 describes the parameters of bucket policies. All fields except the Effect field are optional.

    Table 1 Parameters in bucket policies

    Parameter

    Description

    Mandatory or Not

    Version

    The value can be 2008-10-17.

    Optional

    Id

    The ID of the bucket policy. The value must be unique.

    Optional

    Statement

    The description of the bucket policy. The statement defines complete permission control. Each bucket policy can have multiple statements, and each statement contains the following parameters:

    • Sid

    • Effect

    • Principal

    • NotPrincipal

    • Action

    • NotAction

    • Resource

    • NotResource

    • Condition

    Mandatory

    Effect

    Effect of the bucket policy. The statement can be set to accept or reject requests. Possible values are Allow and Deny

    Mandatory

    Sid

    The statement ID.

    Optional

    Principal/NotPrincipal

    Users on whom the bucket policy statement takes effect

    Either Principal or NotPrincipal must be selected to specify the user on whom the bucket policy statement takes effect or does not take effect.

    Mandatory

    Action/NotAction

    OBS operations on which the bucket policy statement takes effect

    Either Action or NotAction must be selected to specify whether the bucket policy statement takes effect on the OBS operation.

    Mandatory

    Resource/NotResource

    Objects on which the bucket policy statement takes effect

    Either Resource or NotResource must be selected to specify whether the bucket policy statement takes effect on the OBS resources.

    Mandatory

    Condition

    The conditions under which the bucket policy takes effect

    Optional

    Example: Uploading objects to bucket bucket-example is not allowed.

    {
        "Version":"2008-10-17",
        "Id":"Policy1527928945090",
        "Statement":[
            {
                "Sid":"Stmt1527929149040",
                "Effect":"Deny",
                "Principal":
                {
                    "AWS":[
                        "*"
                    ]
                },
                "Action":[
                    "s3:Put*"
                ],
                "Resource":[
                    "arn:aws:s3:::bucket-example/*"
                ]
            }
        ]
    }
    
  4. Click Save.

  5. In the displayed dialog box, click Close to close the dialog box.