Help Center/ Object Storage Service/ API Reference/ APIs/ Advanced Bucket Settings/ Obtaining Bucket Policy Information
Updated on 2026-03-06 GMT+08:00
View PDF
Share

Obtaining Bucket Policy Information

Functions

This operation uses the sub-resources of policy to return the policy information of a specified bucket.

To perform this operation, the user must be the bucket owner or the bucket owner's IAM user that has permissions required for obtaining bucket policies.

This operation cannot be performed in the following scenarios, and the 404 error code "NoSuchBucketPolicy" is returned:

  • The specified bucket policy does not exist.
  • The standard bucket policy is set to Private and no custom bucket policy is configured.

Authorization Information

To call this API, you must be the bucket owner or have the permission to obtain bucket policies. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.

  • If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:
    • If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you need to grant the obs:bucket:GetBucketPolicyPublicStatus permission. For details, see Creating a Custom IAM Policy.
    • If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you need to grant the obs:bucket:getBucketPolicyPublicStatus permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.

      Action

      Access Level

      Resource Type (*: Required)

      Condition Key

      Alias

      Dependencies

      obs:bucket:getBucketPolicy

      Read

      bucket *

      -

      -

      -
      • obs:EpochTime
      • obs:SourceIp
      • obs:TlsVersion
      • obs:CustomDomain
  • If you use bucket policies for authorization, you need to grant the obs:bucket:GetBucketPolicyPublicStatus permission. For details, see Creating a Custom Bucket Policy.

Request Syntax

1
2
3
4
 
GET /?policy HTTP/1.1 
Host: bucketname.obs.region.myhuaweicloud.com 
Date: date
Authorization: authorization

Request Parameters

This request contains no message parameters.

Request Headers

This request uses common headers. For details, see Table 3.

Request Elements

This request involves no elements.

Response Syntax

1
2
3
4
 
HTTP/1.1 status_code
Content-Type: application/xml 
Date: date
Policy Content

Response Headers

The response to the request uses common headers. For details, see Table 1.

Response Elements

The response body is a JSON string that contains the bucket policy information. For details, see Bucket Policy Parameters.

Error Responses

No special error responses are returned. For details, see Table 2.

Sample Request

1
2
3
4
 
GET /?policy HTTP/1.1 
Host: examplebucket.obs.region.myhuaweicloud.com
Date: WED, 01 Jul 2015 02:35:46 GMT 
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:jZiAT8Vx4azWEvPRMWi0X5BpJMA=

Sample Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
HTTP/1.1 200 OK 
x-obs-request-id: A603000001604A7DFE4A4AF31E301891
x-obs-id-2: BKOvGmTlt6sda5X4G89PuMO4fabObGYmnpRGkaMba1LqPt0fCACEuCMllAObRK1n
Date: WED, 01 Jul 2015 02:35:46 GMT 
Content-Length: 509
Server: OBS

{
    "Statement":[
        {
            "Sid":"Stmt1375240018061",
            "Effect":"Allow",
            "Principal":{
                "ID":[
                    "domain/domainiddomainiddomainiddo006666:user/useriduseriduseriduseridus004001",
                    "domain/domainiddomainiddomainiddo006667:user/*"
                ]
            },
            "Action":[
                "*"
            ],
            "Resource":[
                "examplebucket"
            ]
        }
    ]
}
Parent Topic: Advanced Bucket Settings