Help Center> Object Storage Service> Console Operation Guide> Permission Control> Configuring a Bucket Policy> Creating a Custom Bucket Policy (Visual Editor)
View PDF

Creating a Custom Bucket Policy (Visual Editor)

You can also customize a bucket policy based on your service requirements. A custom bucket policy consists of five basic elements: effect, principal, resources, actions, and conditions. For details, see Policy Format.

Procedure

  1. In the navigation pane on the left of OBS Console, choose Object Storage.
  2. In the bucket list, click a bucket name, and then the Overview page of the bucket is displayed.
  3. In the navigation pane on the left, choose Permissions > Bucket Policy.
  4. Click Create.
  5. In the first row of the template list, click Create Custom Policy on the right.

    Figure 1 Creating a custom policy

  6. Set bucket policy parameters.

    Figure 2 Setting bucket policy parameters
    Table 1 Parameters of a custom bucket policy

    Parameter

    Description

    Policy View

    Visual editor or JSON. The following configuration example is based on the visual editor. For details about how to configure int the JSON view, see Creating a Custom Bucket Policy (JSON View).

    Policy Name

    Enter a bucket policy name.

    Policy Content

    Effect
    • Allow: Indicates access requests are allowed, if they match the configurations of this bucket policy.
    • Deny: Indicates access requests are denied, if they match the configurations of this bucket policy.

    Principal
    • Select authorized users:
      • Sub-users under current account: Select one or more IAM users under the current account.
      • Other account: Specify one or more accounts other than the current account. If you want to apply the bucket policy to IAM users under that account, enter their IAM user IDs.
      • Anonymous user: The bucket policy takes effect on all users over the Internet.
    • Select a user policy.
      • Include specified users: The bucket policy takes effect on specified users.
      • Exclude specified users: The bucket policy takes effect on users other than the specified ones.

    Resources
    • Select resource scope:
      • Current bucket: The bucket policy applies to the entire bucket. You can configure bucket-related actions.
      • Object in bucket: The bucket policy applies to objects in the bucket. You can configure object-related actions.

        You can specify an object or a set of objects.

        Object: object name

        A set of objects: object name prefix*, *object name suffix, or *

    • Select a resource policy.
      • Include specified resources: The bucket policy takes effect on specified resources.
      • Exclude specified resources: The bucket policy takes effect on resources other than the specified ones.

    Actions
    • Select the actions you want to grant. For details about the actions, see Policy Format.
    • Select an operation strategy for the selected actions:
      • Include selected actions: The bucket policy takes effect on selected actions.
      • Exclude selected actions: The bucket policy takes effect on all actions except the selected ones.

    Conditions (optional)
    • Conditional Operator: For details, see Policy Format.
    • Key: For details, see Policy Format.
    • Value: The entered value is associated with the key.

  7. Click Next to confirm the policy configuration.
  8. Click Create in the lower right corner of the page to create the bucket policy.