Configuring a Custom Bucket Policy

Procedure

1. In the bucket list, click the bucket you want to operate. The Overview page is displayed.
2. In the navigation pane, choose Permissions.
3. On the Bucket Policies tab page, configure a custom bucket policy according to your needs.
4. Click Create Bucket Policy. Select a proper policy mode as required. Valid values are as follows:
   • Read-only: The authorized user will have the read permission on the bucket and objects. For subsequent operations, see 5.
   • Read and write: The authorized user will have the read and write permissions on the bucket and objects. For subsequent operations, see 5.
   • Customized: The authorized user will have the customized permissions on the bucket and objects. For detailed configuration, see 6.
   

   Only one bucket policy mode can be configured at a time.

5. For the read-only and read and write modes, enter information about the authorized user in the following format and click OK.

   Table 1 Parameters in bucket policies

   Parameter	Value	Description
   Principal	Include or Exclude Current account or Other account	Specifies users on whom this bucket policy takes effect. Include: The policy takes effect on specified users. Exclude: The policy takes effect on all users except the specified ones.
   Principal	Include or Exclude Current tenant or Other tenant	The person the policy is applied to. Include: The policy takes effect on specified users. Exclude: The policy takes effect on all users except the specified ones.
   Resources	Include or Exclude Input format: Object: Object name Object set: Object name prefix*, *Object name suffix, or *	Indicates the resource that a bucket policy applies to. With the read-only mode and read and write mode, the policy can only apply to objects. Include: The policy takes effect on the specified OBS resources. Exclude: The policy takes effect on all OBS resources except the specified ones.

6. For the customized mode, set parameters based on the site requirements and click OK.
   Table 2 describes each parameter.

   Table 2 Parameters for configuring a custom bucket policy

   Parameter	Value	Description
   Effect	Allow or Deny	Effect of a bucket policy. Allow: The policy allows the matched requests. Deny: The policy denies the matched requests.
   Principal	Include or Exclude Current account or Other account	Specifies users on whom this bucket policy takes effect. Include: The policy takes effect on specified users. Exclude: The policy takes effect on all users except the specified ones.
   Principal	Include or Exclude Current tenant or Other tenant	The person the policy is applied to. Include: The policy takes effect on specified users. Exclude: The policy takes effect on all users except the specified ones.
   Resources	Include or Exclude Resource input format: Object: Object name Object set: Object name prefix*, *Object name suffix, or * Blank: Indicates that the resource is the entire bucket.	Indicates the resource that a bucket policy applies to. Include: The policy takes effect on the specified OBS resources. Exclude: The policy takes effect on all OBS resources except the specified ones. Relationship between resource types and actions: When a resource is an object or an object set, only the actions related to the object can be configured. When the resource is a bucket, only the actions related to the bucket can be configured.
   Actions	Include or Exclude For details, see Actions.	Operations stated in the bucket policy. Include: The policy takes effect on specified actions. Exclude: The policy takes effect on all actions except the specified ones.
   Conditions	Conditional Operator: See Table 1. Key: See Table 2, Table 3, and Table 4. Value: The entered value is associated with the key.	Conditions under which the bucket policy takes effect