Configuring an Object Policy
An object policy applies to a specific object, which is also part of a bucket policy. The resource of an object policy is the selected object, and the actions and conditions are the object related actions and conditions configured in the bucket policy.
Procedure
- In the bucket list, click the bucket to be operated. The Overview page of the bucket is displayed.
- In the navigation pane, click Objects.
- On the right of the object to be operated, choose More > Configure Object Policy. The Configure Object Policy dialog box is displayed.
- Select a proper policy mode as required. Valid options are as follows:
- Read-only mode: The authorized user has the read permission to the object. For follow-up procedure, see 5.
- Read and write mode: The authorized user has the read and write permissions to the object. For follow-up procedure, see 5.
- Customized: The authorized user will be granted with customized permissions to the object. For detailed configuration, see 6.
You can configure only one object policy at a time.
- For read-only and read and write modes, enter information about the authorized user in the following format and click OK.
Table 1 Object policy parameters in read-only or read and write mode Parameter
Value
Description
Principal
- Include or Exclude
- Current account or Other account
Indicates the user that the object policy applies to.
- Include: Specifies the user on whom the bucket policy statement takes effect.
- Exclude: Specifies that on all users except the specified user the bucket policy statement takes effect.
Resources
Include or Exclude
Resources on which the object policy takes effect.
- Include: Indicates that the policy takes effect only on the specified OBS resources.
- Exclude: Indicates that the bucket policy takes effect on all OBS resources except the specified ones.
- For the customized mode, set parameters based on the site requirements and click OK.
Table 2 Object policy parameters in the custom mode Parameter
Value
Description
Effect
Allow or Deny
Effect of the object policy.
- Allow: Indicates that access requests are allowed, if they match the configurations of the bucket policy.
- Deny: Indicates that access requests are denied, if they match the configurations of the bucket policy.
Principal
- Include or Exclude
- Current account or Other account
Specifies users on whom this object policy takes effect.
- Include: Specifies the user on whom the bucket policy statement takes effect.
- Exclude: Specifies that on all users except the specified user the bucket policy statement takes effect.
Resources
- Include or Exclude
Resources on which the object policy takes effect.
- Include: Indicates that the policy takes effect only on the specified OBS resources.
- Exclude: Indicates that the bucket policy takes effect on all OBS resources except the specified ones.
Actions
- Include or Exclude
- For details about the actions, see Actions Related to Objects.
Operation stated in the object policy.
- Include: Specifies the actions on which the bucket policy takes effect.
- Exclude: Specifies that on all except the specified actions the bucket policy takes effect.
Conditions
Condition for an object policy to take effect.
- Click OK.
After the object policy is configured successfully, it is displayed in the list under Custom Bucket Policies.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
