Help Center/Object Storage Service/PHP SDK Developer Guide (Ally Region)/Bucket Management/Managing Bucket Policies
Updated on 2026-01-16 GMT+08:00
View PDF
Share

Managing Bucket Policies

Besides bucket ACLs, bucket owners can use bucket policies to centrally control access to buckets and objects in buckets.

Setting a Bucket Policy

You can call ObsClient->setBucketPolicy to set a bucket policy. Sample code is as follows:

// Import the dependency library.
require 'vendor/autoload.php';
// Import the SDK code library during the installation with source code.
// require 'obs-autoloader.php';
// Declare the namespace.
use Obs\ObsClient;
// Create an ObsClient instance.
$obsClient = new ObsClient ( [ 
      //Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage.
      //Obtain an AK/SK pair on the management console.
      'key' => getenv('ACCESS_KEY_ID'),
      'secret' => getenv('SECRET_ACCESS_KEY'),
      'endpoint' => 'https://your-endpoint'
] );

$bucketName = "bucketname";
$policy = "{\"Statement\":[{\"Principal\":\"*\",\"Effect\":\"Allow\",\"Action\":\"ListBucket\",\"Resource\":\"" .$bucketName. "\"}]}";

$resp = $obsClient->setBucketPolicy([
       'Bucket' => $bucketName,
       'Policy' => $policy
]);

printf("RequestId:%s\n",$resp['RequestId']);

For details about the bucket policies in JSON format, see OBS PHP SDK API Reference.

Obtaining a Bucket Policy

You can call ObsClient->getBucketPolicy to obtain a bucket policy. Sample code is as follows:

// Import the dependency library.
require 'vendor/autoload.php';
// Import the SDK code library during the installation with source code.
// require 'obs-autoloader.php';
// Declare the namespace.
use Obs\ObsClient;
// Create an ObsClient instance.
$obsClient = new ObsClient ( [ 
      //Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage.
      //Obtain an AK/SK pair on the management console.
      'key' => getenv('ACCESS_KEY_ID'),
      'secret' => getenv('SECRET_ACCESS_KEY'),
      'endpoint' => 'https://your-endpoint'
] );

$resp = $obsClient->getBucketPolicy([
       'Bucket' => 'bucketname'
]);

printf("RequestId:%s\n",$resp['RequestId']);
printf("Policy:%s\n",$resp['Policy']);

Deleting a Bucket Policy

You can call ObsClient->deleteBucketPolicy to delete a bucket policy. Sample code is as follows:

// Import the dependency library.
require 'vendor/autoload.php';
// Import the SDK code library during the installation with source code.
// require 'obs-autoloader.php';
// Declare the namespace.
use Obs\ObsClient;
// Create an ObsClient instance.
$obsClient = new ObsClient ( [ 
      //Obtain an AK/SK pair using environment variables or import the AK/SK pair in other ways. Using hard coding may result in leakage.
      //Obtain an AK/SK pair on the management console.
      'key' => getenv('ACCESS_KEY_ID'),
      'secret' => getenv('SECRET_ACCESS_KEY'),
      'endpoint' => 'https://your-endpoint'
] );

$resp = $obsClient->deleteBucketPolicy([
       'Bucket' => 'bucketname'
]);

printf("RequestId:%s\n",$resp['RequestId']);
Parent topic:Bucket Management