No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


OceanStor 9000 V300R006C00 Object Storage Service (Compatible with Amazon S3 APIs) Administrator Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Bucket Policy

Bucket Policy

After a bucket policy is set by the owner, requests to access the bucket is controlled by the bucket policy.

Elements of a Bucket Policy

Table 2-3 lists elements of a bucket policy.

Table 2-3  Elements of a bucket policy




Specifies accounts and users who are controlled by the bucket policy.


Specifies the one who is not controlled by the bucket policy.


Specifies actions which are controlled by the bucket policy.


Specifies actions which are not controlled by the bucket policy.


Specifies the permission of the bucket policy is allowed or denied.


Specifies buckets which are controlled by the bucket policy.


Specifies resources which are not controlled by the bucket policy.


Specifies the conditions to take the bucket policy effect. For example, the IP address of a request sender and the time for allowing access.

Note: A bucket policy contains either Action or NotAction, either Resource or NotResource, and either Principal or NotPrincipal.

Bucket policy Permission Judgment Logic

After a bucket policy is created, whether to accept requests is determined based on the bucket policy when the bucket is accessed.

Permission judgment results of the bucket policy contains: explicit deny, allow, and default deny. The final result follows the rule of explicit deny > allow > default deny.

Table 2-4 describes the result of permission judgment.

Table 2-4  Permission judgment results



explicit deny

A bucket policy defines Effect as deny. All requests for the resource are denied. No permission is allowed.


A bucket policy defines Effect as allow. All requests for resources to which the statement applies are allowed.

default deny

Conditions defined in a bucket policy are not met. Requests are denied.

For details about the bucket policy, see OceanStor 9000 Object Storage Service API Reference.

Updated: 2019-04-28

Document ID: EDOC1000122523

Views: 12726

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next