No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Object Storage Service (Compatible with Amazon S3 APIs) Administrator Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Bucket Policy

Bucket Policy

After a bucket policy is set by the owner, requests to access the bucket is controlled by the bucket policy.

Elements of a Bucket Policy

Table 2-3 lists elements of a bucket policy.

Table 2-3  Elements of a bucket policy

Element

Description

Principal

Specifies accounts and users who are controlled by the bucket policy.

NotPrincipal

Specifies the one who is not controlled by the bucket policy.

Action

Specifies actions which are controlled by the bucket policy.

NotAction

Specifies actions which are not controlled by the bucket policy.

Effect

Specifies the permission of the bucket policy is allowed or denied.

Resource

Specifies buckets which are controlled by the bucket policy.

NotResource

Specifies resources which are not controlled by the bucket policy.

Condition

Specifies the conditions to take the bucket policy effect. For example, the IP address of a request sender and the time for allowing access.

Note: A bucket policy contains either Action or NotAction, either Resource or NotResource, and either Principal or NotPrincipal.

Bucket policy Permission Judgment Logic

After a bucket policy is created, whether to accept requests is determined based on the bucket policy when the bucket is accessed.

Permission judgment results of the bucket policy contains: explicit deny, allow, and default deny. The final result follows the rule of explicit deny > allow > default deny.

Table 2-4 describes the result of permission judgment.

Table 2-4  Permission judgment results

Name

Description

explicit deny

A bucket policy defines Effect as deny. All requests for the resource are denied. No permission is allowed.

allow

A bucket policy defines Effect as allow. All requests for resources to which the statement applies are allowed.

default deny

Conditions defined in a bucket policy are not met. Requests are denied.

For details about the bucket policy, see OceanStor 9000 Object Storage Service API Reference.

Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122523

Views: 11527

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next