OBS Buckets Are Not Associated with Non-Default ACLs
Rule Details
Parameter |
Description |
---|---|
Rule Name |
obs-bucket-acl-prohibited |
Identifier |
obs-bucket-acl-prohibited |
Description |
If an OBS bucket is associated with any non-default ACLs, this bucket is non-compliant. |
Tag |
obs |
Trigger Type |
Configuration change |
Filter Type |
obs.buckets |
Rule Parameters |
None |
Application Scenarios
- Bucket ACLs control read and write permissions on buckets. Custom bucket policies allow a more refined control over more actions on buckets. In many cases, bucket policies can replace bucket ACLs to manage access to buckets more precisely. For more information about bucket policies, see Bucket Policies.
- Not using bucket ACLs for access control can simplify access management and prevents unauthorized operations.
Solution
Delete non-default ACLs for non-compliant OBS buckets based on Configuring a Bucket ACL and use bucket policies to grant access permissions based on Creating a Custom Bucket Policy (Visual Editor).
Rule Logic
- If an OBS bucket is not associated with any non-default ACLs, this bucket is compliant.
- If an OBS bucket is associated with a non-default ACL, this bucket is non-compliant.
- The default ACL grants a bucket owner the permissions to access ACLs and cannot be deleted or prohibited.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot