OBS Bucket Policy Authorization Check
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
obs-bucket-policy-grantee-check |
|
Identifier |
OBS Bucket Policy Authorization Check |
|
Description |
If an OBS bucket policy allows a prohibited access action, this policy is non-compliant. |
|
Tag |
obs, access-analyzer-verified |
|
Trigger Type |
Configuration change |
|
Filter Type |
obs.buckets |
|
Rule Parameters |
Note: The parameters should have the same format as the principals or conditions in OBS bucket policies. |
Application Scenarios
A bucket policy applies to the configured OBS bucket and objects in the bucket. You can use bucket policies to control the access of IAM users or other account to your OBS buckets. You are advised to apply the principle of least privilege to ensure that a bucket policy only grants necessary permissions for certain tasks.
Solution
You can modify policies for non-compliant buckets through the visual editor or the JSON view to avoid prohibited access actions.
Rule Logic
- If an OBS bucket policy assigns permissions that are subject to the principal and network restrictions you provide, the policy is compliant.
- If an OBS bucket policy assigns permissions that are not subject to the principal and network restrictions you provide, the policy is non-compliant.
Note: The parameters specified in Rule Parameters must comply with the format of the principals and conditions in OBS bucket policies.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
