yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/obs/umn/obs_03_0123.html
weihongmin1 cd7925dbd2 OBS UMN 1210 Version 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: weihongmin1 <weihongmin1@huawei.com>
Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
2025-12-10 14:10:07 +00:00

90 lines
15 KiB
HTML
Raw Blame History

<a name="obs_03_0123"></a><a name="obs_03_0123"></a>
<h1 class="topictitle1">Configuring a Custom Bucket Policy (Common Mode)</h1>
<div id="body1499753333226"><p id="obs_03_0123__p1877105055517">You can customize bucket policies based on your needs. A custom bucket policy consists of five basic elements: effect, principals, resources, actions, and conditions.</p>
<p class="MsoNormal" id="obs_03_0123__p3712241">This section describes how to configure a custom bucket policy in common mode (GUI).</p>
<div class="section" id="obs_03_0123__section863012106528"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0123__ol9130739125216"><li id="obs_03_0123__li3130173917521"><span>In the bucket list, click the bucket you want to operate to go to the <strong id="obs_03_0123__obs_03_0307_b5948183711913">Objects</strong> page.</span></li><li id="obs_03_0123__li2130163985211"><span>In the navigation pane, choose <strong id="obs_03_0123__b195678483548">Permissions</strong> &gt; <strong id="obs_03_0123__b1156754875415">Bucket Policies</strong>.</span></li><li id="obs_03_0123__li1613123917529"><span>Click <strong id="obs_03_0123__b990699267">Create</strong>.</span></li><li id="obs_03_0123__li113114397528"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_03_0123__fig162996487597"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_03_0123__image12991848105914" src="en-us_image_0000002150539585.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0123__table1513123965211" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for configuring a custom bucket policy</caption><thead align="left"><tr id="obs_03_0123__row2131039105218"><th align="left" class="cellrowborder" valign="top" width="21.84%" id="mcps1.3.3.2.4.2.2.2.3.1.1"><p id="obs_03_0123__p31321633943">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="78.16%" id="mcps1.3.3.2.4.2.2.2.3.1.2"><p id="obs_03_0123__p31311939145218">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0123__row1813113919523"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="obs_03_0123__p134341191749">Policy View</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><p id="obs_03_0123__p141311239125211">Visual editor or JSON. The visual editor is used here. For details about configurations in the JSON view, see <a href="obs_03_0141.html">Configuring a Custom Bucket Policy (Coding Mode)</a>.</p>
</td>
</tr>
<tr id="obs_03_0123__row413153955217"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="obs_03_0123__p34341912414">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><p id="obs_03_0123__p121311439135217">Enter a bucket policy name.</p>
</td>
</tr>
<tr id="obs_03_0123__row013133916528"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="obs_03_0123__p613183935210">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ul id="obs_03_0123__ul013119390521"><li id="obs_03_0123__li613173911524"><strong id="obs_03_0123__b185613388442">Allow</strong>: The policy allows the matched requests.</li><li id="obs_03_0123__li9131639115213"><strong id="obs_03_0123__b805246742">Deny</strong>: The policy denies the matched requests.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row16131173925212"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="obs_03_0123__p1713163975217">Principals</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ul id="obs_03_0123__ul111311439105218"><li id="obs_03_0123__li10131103965210"><strong id="obs_03_0123__b6508456580">All accounts</strong>: The bucket policy applies to anonymous users.</li><li id="obs_03_0123__li1813263985213"><strong id="obs_03_0123__b265084845816">Current account</strong>: Specify one or more IAM users under the current account.</li><li id="obs_03_0123__li6909163654019"><strong id="obs_03_0123__b18683144955814">Other accounts</strong>: Specify one or more accounts.<div class="note" id="obs_03_0123__note14180158988"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_03_0123__p133672712258">The account ID and IAM user ID can be obtained from the <strong id="obs_03_0123__b6323314154816">My Credentials</strong> page.</p>
<p id="obs_03_0123__p836182782515">The format is <em id="obs_03_0123__i137453531584">Account ID/IAM User ID</em>. To specify multiple accounts, enter each one on a separate line.</p>
<p id="obs_03_0123__p1936727152511"><em id="obs_03_0123__i78951517162117">Account ID</em><strong id="obs_03_0123__b37001620112113">/*</strong> indicates that permission is granted to all users under the account.</p>
</div></div>
</li><li id="obs_03_0123__li5415454193015"><strong id="obs_03_0123__b1860155415217">Delegated accounts</strong>: Delegated accounts can be added only after <strong id="obs_03_0123__b6510163012215">Other accounts</strong> is selected.<div class="note" id="obs_03_0123__note1576317111681"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_03_0123__p187636111383">The format is <em id="obs_03_0123__i193916523613">Account ID/Agency Name</em>. To specify multiple agencies, enter each one on a separate line.</p>
</div></div>
</li><li id="obs_03_0123__li173431932951"><strong id="obs_03_0123__b1749682312712">Federated user</strong>: Users who access the cloud system through federated identity authentication. If you select <strong id="obs_03_0123__b194861141378">Federated user</strong>, you can specify the user to be an <strong id="obs_03_0123__b04865143716">Identity provider</strong> or a <strong id="obs_03_0123__b114861514671">User group</strong>.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row8132163955218"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="obs_03_0123__p91321339145219">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ul id="obs_03_0123__ul10132139105213"><li id="obs_03_0123__li132411151619"><strong id="obs_03_0123__b356634112611">Entire bucket (including the objects in it)</strong>: The policy applies to the bucket and the objects in it. You can configure bucket and object actions in this policy.</li><li id="obs_03_0123__li1871237131620"><strong id="obs_03_0123__b2453333202918">Current bucket</strong>: The policy applies to the current bucket. You can configure bucket actions in this policy.</li><li id="obs_03_0123__li14287122517259"><strong id="obs_03_0123__b1616143193020">Specified objects</strong>: The policy applies to specified objects in the bucket. You can configure object actions in this policy.<div class="note" id="obs_03_0123__note4105544133114"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="obs_03_0123__ul23812312403"><li id="obs_03_0123__li16381523184017">Multiple resource paths can be specified.</li><li id="obs_03_0123__li670872594010">A resource path should be configured in the <em id="obs_03_0123__i15831145418714">Folder name</em><strong id="obs_03_0123__b4831115417715">/</strong><em id="obs_03_0123__i9831654270">Object name</em> format, for example, <strong id="obs_03_0123__b1983155410718">testdir/a.txt</strong>. To specify the <strong id="obs_03_0123__b10613201114443">testdir</strong> folder and all objects in it, enter <strong id="obs_03_0123__b14613411164414">testdir/*</strong>.</li><li id="obs_03_0123__li719822910407">You can specify a specific object, an object set, or a directory. <strong id="obs_03_0123__b1252173510446">*</strong> indicates all objects in the bucket.<p id="obs_03_0123__p8475193012185">To specify a specific object, enter the object name.</p>
<p id="obs_03_0123__p12241945204013">To specify a set of objects, enter <em id="obs_03_0123__i65331910103717">Object name prefix</em><strong id="obs_03_0123__b1970114713377">*</strong>, <strong id="obs_03_0123__b08551276379">*</strong><em id="obs_03_0123__i443034717377">Object name suffix</em>, or <strong id="obs_03_0123__b5750181114383">*</strong>. For example, <strong id="obs_03_0123__b1355910321441">testdir/*</strong> indicates objects in the <strong id="obs_03_0123__b966913542449">testdir</strong> folder, and <strong id="obs_03_0123__b3408167184514">testprefix*</strong> indicates objects whose prefix is <strong id="obs_03_0123__b36722436496">testprefix</strong>.</p>
</li></ul>
</div></div>
</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row313263913526"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="obs_03_0123__p6132103918520">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ul id="obs_03_0123__ul171321539115210"><li id="obs_03_0123__li1031855610435"><strong id="obs_03_0123__b227711313915">Actions</strong>: Choose <strong id="obs_03_0123__b177431424018">Customize</strong>.</li><li id="obs_03_0123__li17150610104416"><strong id="obs_03_0123__b8374046203917">Select Actions</strong>: See <a href="obs_03_0051.html">Actions</a>.<div class="note" id="obs_03_0123__note14554547205415"><span class="notetitle"> NOTE: </span><div class="notebody"><ol type="a" id="obs_03_0123__ol44382305720"><li id="obs_03_0123__li729113011292">If you select <strong id="obs_03_0123__b15931032184018">Entire bucket (including the objects in it)</strong> for <strong id="obs_03_0123__b488414912401">Resources</strong>, common actions, bucket actions, and object actions will be available for you to choose from.</li><li id="obs_03_0123__li129159102811">If you select <strong id="obs_03_0123__b227333421">Current bucket</strong> for <strong id="obs_03_0123__b32733114214">Resources</strong>, common actions and bucket actions will be available for you to choose from.</li><li id="obs_03_0123__li99115910283">If you select <strong id="obs_03_0123__b244919321435">Specified objects</strong> for <strong id="obs_03_0123__b1845019327436">Resources</strong>, common actions and object actions will be available for you to choose from.</li><li id="obs_03_0123__li1491092286">If you select both <strong id="obs_03_0123__b180719315447">Current bucket</strong> and <strong id="obs_03_0123__b680883124412">Specified objects</strong> for <strong id="obs_03_0123__b280863164417">Resources</strong>, common actions, bucket actions, and object actions will be available for you to choose from.</li></ol>
</div></div>
</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row713273918522"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="obs_03_0123__p1813293985212">Conditions (Optional)</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ul id="obs_03_0123__ul31322396522"><li id="obs_03_0123__li14132113935211"><strong id="obs_03_0123__b09941392458">Key</strong>: See <a href="obs_03_0120.html">Conditions</a>.</li><li id="obs_03_0123__li1313293985218"><strong id="obs_03_0123__b12506174634518">Conditional Operator</strong>: See <a href="obs_03_0120.html">Conditions</a>.</li><li id="obs_03_0123__li3132193914522"><strong id="obs_03_0123__b1469214515459">Value</strong>: The entered value is associated with the key.</li></ul>
</td>
</tr>
<tr id="obs_03_0123__row15989114415303"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="obs_03_0123__p179901444203011">Advanced Settings &gt; Exclude (Optional)</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ul id="obs_03_0123__ul171321739175210"><li id="obs_03_0123__li51328391528"><strong id="obs_03_0123__b1048241613477">Specified principals</strong>: By selecting this option, the bucket policy applies to users except the specified ones.<div class="note" id="obs_03_0123__note16545121191913"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="obs_03_0123__ul1354935874412"><li id="obs_03_0123__li8550105810447"><strong id="obs_03_0123__b1983410250461">Exclude</strong> not selected: The bucket policy applies to the specified users.</li><li id="obs_03_0123__li5550858114415"><strong id="obs_03_0123__b197069444716">Exclude</strong> selected: The bucket policy applies to users except the specified ones.</li></ul>
</div></div>
</li><li id="obs_03_0123__li161321739115214"><strong id="obs_03_0123__b20916192912497">Specified resources</strong>: By selecting this option, the bucket policy applies to resources except the specified ones.<div class="note" id="obs_03_0123__note18288174518246"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="obs_03_0123__ul137571020458"><li id="obs_03_0123__li107576224517"><strong id="obs_03_0123__b174944453471">Exclude</strong> not selected: The bucket policy applies to the specified OBS resources.</li><li id="obs_03_0123__li147571829450"><strong id="obs_03_0123__b06751515110">Exclude</strong> selected: The bucket policy applies to OBS resources except the specified ones.</li></ul>
</div></div>
</li><li id="obs_03_0123__li17132193911525"><strong id="obs_03_0123__b115970234509">Specified actions</strong>: By selecting this option, the bucket policy applies to actions except the specified ones.<div class="note" id="obs_03_0123__note6586967225"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="obs_03_0123__ul57618106455"><li id="obs_03_0123__li576121010456"><strong id="obs_03_0123__b121191691015">Exclude</strong> not selected: The bucket policy applies to the specified actions.</li><li id="obs_03_0123__li11761510184517"><strong id="obs_03_0123__b144224481213">Exclude</strong> selected: The bucket policy applies to actions except the specified ones.</li><li id="obs_03_0123__li1676141017451">By default, <strong id="obs_03_0123__b16842163712142">Specified actions</strong> is selected for <strong id="obs_03_0123__b4842133720145">Exclude</strong> in the bucket read/write template only. The action exclusion setting in bucket policy templates cannot be modified.</li></ul>
</div></div>
</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0123__li713453914522"><span>Click <strong id="obs_03_0123__b10991624145220">Create</strong> in the lower right corner.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0045853584.html">Configuring a Bucket Policy</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink