Help Center/
Config/
User Guide/
Resource Compliance/
Built-In Policies/
Object Storage Service/
OBS Buckets Are Not Associated with Non-Default ACLs
Updated on 2025-08-25 GMT+08:00
OBS Buckets Are Not Associated with Non-Default ACLs
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
obs-bucket-acl-prohibited |
|
Identifier |
obs-bucket-acl-prohibited |
|
Description |
If an OBS bucket is associated with any non-default ACLs, this bucket is non-compliant. |
|
Tag |
obs |
|
Trigger Type |
Configuration change |
|
Filter Type |
obs.buckets |
|
Rule Parameters |
None |
Application Scenarios
- Bucket ACLs control read and write permissions on buckets. Custom bucket policies allow a more refined control over more actions on buckets. In many cases, bucket policies can replace bucket ACLs to manage access to buckets more precisely. For more information about bucket policies, see Bucket Policies.
- Not using bucket ACLs for access control can simplify access management and prevents unauthorized operations.
Solution
Delete non-default ACLs for non-compliant OBS buckets based on Configuring a Bucket ACL and use bucket policies to grant access permissions based on Creating a Custom Bucket Policy (Visual Editor).
Rule Logic
- If an OBS bucket is not associated with any non-default ACLs, this bucket is compliant.
- If an OBS bucket is associated with a non-default ACL, this bucket is non-compliant.
- The default ACL grants a bucket owner the permissions to access ACLs and cannot be deleted or prohibited.
Parent topic: Object Storage Service
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
