No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


OceanStor 9000 V300R006C00 Object Storage Service (Compatible with Amazon S3 APIs) Administrator Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IAM Policy

IAM Policy

The IAM service enables the account to set IAM policies for its users and groups to control access to resources.

Elements of an IAM Policy

Table 2-5 lists elements of an IAM policy.

Table 2-5  Elements of an IAM policy




Specifies actions on which the IAM policy takes effect.


Specifies actions on which the IAM policy takes no effect.


Specifies the permission of the IAM policy is allowed or denied.


Specifies the IAM policy resources or the object storage service resources on which the IAM policy takes effect.


Specifies resources on which the IAM policy takes no effect.


Specifies the conditions to take the IAM policy effect. For example, the IP address of a request sender and the time for allowing access.

Note: In each IAM policy, either Action or NotAction and either Resource or NotResource must be contained.

Permission Judgment Logic of the IAM Policy

After an IAM policy is created, whether to accept or reject users' or groups' requests is based on the IAM policy.

Permission judgment results of the IAM policy include: explicit deny, allow and default deny. The final result follows the rule: explicit deny > allow > default deny.

Table 2-6 describes permission judgment results.

Table 2-6  Permission judgment results



explicit deny

Effect is set as deny. All requests for the resources are denied. No permission is allowed.


Effect is set as allow. All requests for resources to which the statement applies are allowed.

default deny

Conditions defined in an IAM policy are not met. Requests are denied.

For details about the IAM policy, see OceanStor 9000 IAM API Reference.

Updated: 2019-04-28

Document ID: EDOC1000122523

Views: 11535

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next