Updated on 2024-04-01 GMT+08:00

Creating a Custom Bucket Policy (Visual Editor)

You can also customize bucket policies based on your service needs. A custom bucket policy consists of five basic elements: effect, principals, resources, actions, and conditions. For details, see Bucket Policy Parameters.

Procedure

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket you want to operate to go to the Objects page.
  3. In the navigation pane, choose Permissions > Bucket Policy.
  4. Click Create Bucket Policy.
  5. In the first row of the template list, click Create Custom Policy on the right.

    Figure 1 Creating a custom policy

  6. Configure a bucket policy.

    Figure 2 Configuring a bucket policy
    Table 1 Parameters for configuring a custom bucket policy

    Parameter

    Description

    Policy View

    Visual editor or JSON. The visual editor is used here. For details about configurations in the JSON view, see Creating a Custom Bucket Policy (JSON View).

    Policy Name

    Enter a bucket policy name.

    Policy Content

    Effect

    • Allow: The policy allows the matched requests.
    • Deny: The policy denies the matched requests.

    Principal

    • Configure authorized users:
      • Current account: Specify one or more IAM users under the current account.
      • Other account: Specify one or more other account IDs. If you want to grant access only to the IAM users under an account, you also need to enter one or more IAM user IDs.
      • Anonymous user: Grant the bucket policy to anyone.
    • Select a user policy.
      • Include specified users: The bucket policy takes effect on specified users.
      • Exclude specified users: The bucket policy takes effect on users other than the specified ones.

    Resources

    • Select resource scope:
      • Current bucket: The policy applies to the current bucket. You can configure bucket actions in this policy.
      • Objects in bucket: The bucket policy applies to objects in the bucket. You can configure object-related actions.

        You can specify an object or a set of objects in the following formats:

        Object: Object name

        Object set: Object name prefix*, *Object name suffix, or *

    • Select a resource policy.
      • Include specified resources: The bucket policy takes effect on specified resources.
      • Exclude specified resources: The bucket policy takes effect on resources other than the specified ones.

    Actions

    • Select the actions you want to grant. For details about the actions, see Bucket Policy Parameters.
      • If only Current bucket is selected for Resource, you can configure common actions and bucket actions.
      • If only Objects in bucket is selected for Resource, you can configure common actions and object actions.
      • If you select both Current bucket and Objects in bucket for Resource, you can configure common actions, bucket actions, and object actions.
    • Select an operation strategy for the selected actions:
      • Include selected: The bucket policy takes effect on selected actions.
      • Exclude selected: The bucket policy takes effect on all actions except the selected ones.

    Conditions (optional)

  7. Click Next to confirm the policy configuration.
  8. Click Create in the lower right corner.